SShortSingh.
Back to feed

Why merged open-source PRs prove more than personal side projects

0
·1 views

A developer argues that contributing to open-source repositories tests skills that solo projects cannot, because contributors must work within an existing codebase rather than setting their own rules. Unlike personal projects, upstream pull requests require understanding local patterns and making the smallest change that fits, without rewriting surrounding code. The author cites several narrow, merged fixes across tools like Rollup, ESLint, and swagger-typescript-api as examples of this constrained, high-value learning. Each fix demanded a different kind of close reading — covering parser behavior, error handling, test fixtures, and the limits of static analysis. The author concludes that a merged PR carries more credibility than a private project screenshot because another maintainer reviewed, accepted, and now lives with the change.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer Builds Plain-English Programming Language That Compiles to Native Binaries

Abneesh Singh has created EPL (English Programming Language), an open-source language that uses plain English syntax instead of traditional symbols like semicolons or curly braces. Now at version 10.1, EPL can compile to native binaries via LLVM and transpile to JavaScript, Kotlin, and Python. The language includes a built-in web framework, database support, object-oriented programming features, and can generate Android and iOS projects. EPL is installable via pip and includes an interactive REPL, allowing developers to run a working web app or API with minimal setup. Singh designed the language to be accessible to a wide range of users, from students to professional developers.

0
ProgrammingDEV Community ·

Two Security Checks Every Solana Developer Must Know to Prevent Exploits

Solana programs operate differently from traditional backends because callers supply all accounts with each instruction, meaning any account could be attacker-controlled until explicitly verified. Unlike a trusted internal database, a Solana program must treat every incoming account as potentially forged until the code proves otherwise. Most account-level vulnerabilities on Solana reduce to two fundamental checks: confirming that an account is owned by the expected program, and confirming that a required authority actually signed the transaction. Skipping the ownership check allows attackers to substitute a look-alike account with crafted data, a technique linked to some of the largest losses in Solana's history. Comparing public keys alone is insufficient for signer verification, since public keys are visible on-chain; only a valid cryptographic signature proves control of the corresponding private key.

0
ProgrammingDEV Community ·

How to Migrate Legacy AngularJS Apps to Angular v22 Without a Full Rewrite

Organizations still running AngularJS (v1.x) face serious cybersecurity and business risks, as the framework has been in End-of-Life status for years with no security patches or official support. Rather than pursuing a risky all-at-once rewrite, developers are advised to adopt a strategic, incremental hybrid migration approach that allows continuous delivery of business value alongside the transition. The target platform, Angular v22 released in June 2026, introduces a zoneless architecture that drops zone.js to reduce bundle sizes and improve load times. The new version also makes Signals the primary reactivity model, replacing unpredictable AngularJS $watchers and complex RxJS patterns for basic state management. Additional features include stabilized Signal Forms for type-safe form handling and a new Resource API for cleaner asynchronous data fetching.