I contributed to React and Svelte on their core teams for years. Sometimes you just need to break free

Please can you create a Github issue with the security holes you've found? That would be greatly appreciated. I've given it a sweep and found nothing.

Sibling's proposed approach is a recipe for false positives.

Consider Claude Code's new /security-review prompt or just use the prompt starting from "Objective" after giving the context (see the Git shell commands) to Claude Opus 4.1.

https://raw.githubusercontent.com/anthropics/claude-code-sec...

Definitely Opus 4.1 though, not lesser.

I suggest do both.

Make a minimal zip of the the source code only (cut out anything not source code) drop it into ChatGPT and say "analyse this code for security flaws".

Then ask it for more.

Then do the same this with Google AI studio - drop the zipfile in and ask it to analyse for security flaws.

If you already did so why not share the answers you got?

I left Vercel a few weeks ago and I left the Svelte team earlier this year.

Thank you for all your contributions! Svelte 5 is a blast.

If you don't mind me asking, why did you leave? What do you plan on working on going forward?

It was a good time for change, I was working on Svelte 5 non-stop for two years! I'll be announcing my new role nearer the time :)

Makes sense xD

Best of luck! I'm curious to see what you come up with next.

I work on Svelte 5 and I was also a React engineer on the core team previously FWIW.

You can set the direction of the ElementNode explicitly to define LTR/RTL semantics. By default it’s automatically detected.

Thank you. I see. I guess I'm talking about the playground whereas I guess you're talking about Lexical itself and its API. It would be really nice to have a demo of this working with the API in the playground.

Thank for the detailed input. Would it be possible for you to create a GitHub issue around these (or many issues?) so that the team can track them and fix them. Thanks again!

Sorry, I’m just passing by and don’t want to interact further (I have no vested interest in the space at this time); up to you what you do with it.

We have some important changes landing soon that will make insertions O(1) rather than the current O(n) - so this will greatly improve performance.

ProseMirror is a great choice. Lexical might offer you more mileage if you're working with React (especially React 18 and the new concurrency features) and are happy to invest into a project that is still pre 1.0.

The Lexical playground is one giant kitchen-sink example all written in React. You could check out the code for it locally and `npm run start` and play around with removing/adding plugins. You can also check out some examples on Codesandbox: https://codesandbox.io/s/lexical-rich-text-example-5tncvy

Thanks! Very helpful.

For Meta, or in general? For Meta, there are plenty of teams that require some infra knowledge around these common concepts. It's been fairly straightforward to find a team as a front-end engineer that allows you to excel in these areas at Meta (once you're successful in the interview loops).