They reached stage 3 this week at the TC39 meeting. This means we’ll begin to see them natively in browsers soon. Learn what they are and how they work.

Take a look inside the API-compatible rewrite of one of the leading frontend UI libraries.

Remember React “Fiber”? It’s now the engine behind React, enabling asynchronous rendering, error boundaries, and returning lists of components in render methods.

Facebook is relicensing React, Jest, Flow, and Immutable.js under the MIT license this week, thus ending a years-long Internet drama over the controversial PATENTS claim Facebook included with these projects.

Global mutable state is one of the biggest drivers of complexity in software systems. Eric offers a definition and how to reduce our reliance on it.

A user on StackOverflow posted an answer on how to achieve multiple inheritance in JavaScript using a Proxy and a number of traps. He goes on to explain how the snippet of code works.

Read all about Proxy on Pony Foo.

James wrote a package that lets you deeply compare actual results against expected results in tests, without having to write multiple assertion statements to plunge into each property you’re interested in validating.

Senthil talks about how they handle font loading at eBay and shares the open-source ebay-font package they use to synthesize the forthcoming font-display: optional CSS property.

Nathan gave one of the best talks at Microsoft Edge Web Summit, discussing the safeguards Edge has in place to protect against the most common remote code execution attack vectors.

This article might a little “out there” when it comes to the web, but if you have any interest in computer science and a mild interest in physics, this read will probably delight you.

In a 2014 article for the ACM, Christoph wrote about why XSS is so difficult to avoid in web development, as well as techniques used at Google to mitigate the popular attack vector.

Last week, Mike West – also of Google – shared a proposal to introduce native “trusted types” for the web, that would take care of sanitization, helping shrink the attack vector in combination with an HTTP header that would prevent values other than these trusted types to be assigned to properties that are otherwise vulnerable to XSS attacks.

You can find the proposal here.

Gergely discusses lessons learned on his transition from individual contributor to an engineering management position at Uber.

Jason gave a talk about how he overworked himself into a corner and how he got his life back. Don’t work 80 hours a week, don’t multi-task.

And did you know you probably don’t need to finish a book every week of the year?