The latest articles on DEV Community by Rocco (@ruidosujeira). https://dev.to/ruidosujeira https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3621973%2F30fe4241-523f-4931-9927-a4ab47463be4.jpeg https://dev.to/ruidosujeira en Rocco Sun, 14 Dec 2025 04:12:39 +0000 https://dev.to/ruidosujeira/ai-as-a-pair-programmer-how-i-built-depx-in-one-day-2m0i https://dev.to/ruidosujeira/ai-as-a-pair-programmer-how-i-built-depx-in-one-day-2m0i <h2> The debate is wrong </h2> <p>Most discussions about AI in programming are binary: either "AI will replace developers" or "AI is garbage and always fails." Both miss the point.</p> <p>AI is a tool. Like a compiler, an IDE, or Stack Overflow. The question isn't whether to use it, but how to use it effectively.</p> <h2> What I actually did </h2> <p>Yesterday I built <a href="https://github.com/ruidosujeira/depx" rel="noopener noreferrer">depx</a>, a CLI tool in Rust that analyzes JavaScript/TypeScript projects to understand what's really in your node_modules:</p> <ul> <li>Find packages installed but never imported</li> <li>Explain why any transitive dependency exists</li> <li>Check vulnerabilities that actually affect your versions</li> <li>List deprecated packages</li> </ul> <p>I shipped it to crates.io, posted on Reddit, got feedback from a user with 25k packages saying my audit command would make 25,000 API requests. Within hours, I implemented batch queries (v0.2.0) reducing it to ~25 requests.</p> <h2> How AI fit into this </h2> <p>I used Claude throughout the process. Here's what that actually looked like:</p> <p><strong>What I did:</strong></p> <ul> <li>Identified the problem (node_modules chaos)</li> <li>Defined the architecture (analyzer, graph, lockfile parser, vulnerability checker)</li> <li>Made technical decisions (use oxc_parser, petgraph, OSV API)</li> <li>Evaluated the output and caught edge cases (@types packages, build tools)</li> <li>Tested on real projects</li> <li>Responded to user feedback and prioritized the fix</li> </ul> <p><strong>What Claude did:</strong></p> <ul> <li>Wrote code faster than I could type</li> <li>Implemented the structure I defined</li> <li>Helped debug issues</li> <li>Generated boilerplate I would have written anyway</li> </ul> <h2> The key insight </h2> <p>People who say "AI writes bad code" are often asking it to replace them. They prompt "build me an app" and get garbage.</p> <p>People who use AI effectively treat it as a pair programmer. You drive, AI accelerates. You still need to:</p> <ul> <li>Understand the problem deeply</li> <li>Know what good code looks like</li> <li>Evaluate if the solution is correct</li> <li>Take responsibility for the result</li> </ul> <h2> Transparency </h2> <p>If you look at depx's GitHub, you'll see Claude listed as a contributor. That's intentional. I'm not hiding that I used AI — I'm showing that using AI doesn't mean you didn't build something real.</p> <p>The tool works. It solves a real problem. Users are giving feedback and I'm shipping improvements. That's what matters.</p> <h2> The real question </h2> <p>Stop asking "should developers use AI?" </p> <p>Start asking "what can I build now that I have this leverage?"</p> <p><a href="https://github.com/ruidosujeira/depx" rel="noopener noreferrer">depx on GitHub</a> | <a href="https://crates.io/crates/depx" rel="noopener noreferrer">depx on crates.io</a></p> ai rust javascript productivity Rocco Sat, 22 Nov 2025 02:17:46 +0000 https://dev.to/ruidosujeira/introducing-prism-a-modern-ts-first-esm-only-package-registry-early-stage-2dd3 https://dev.to/ruidosujeira/introducing-prism-a-modern-ts-first-esm-only-package-registry-early-stage-2dd3 <p>Prism is a modern, TypeScript-first, ESM-only package registry I’m building from scratch — clean architecture, no legacy baggage.</p> <p>What’s working now</p> <p>real publish pipeline</p> <p>metadata extraction (exports, types, file tree)</p> <p>storage drivers (Memory / FS / S3-stub)</p> <p>lightweight web UI</p> <p>partial npm compatibility<br> (npm/pnpm/Yarn/Bun can already install from Prism)</p> <p>What Prism aims to become</p> <p>A modern superset of the npm protocol — typed, deterministic, storage-pluggable, and actually pleasant to work with.</p> <p>Why I’m sharing</p> <p>It’s early, but the foundation is solid.<br> Looking for feedback and contributors who enjoy dev-infra, registries, or TS architecture.</p> <p>Repo: <a href="https://github.com/ruidosujeira/prism" rel="noopener noreferrer">https://github.com/ruidosujeira/prism</a></p> javascript typescript webdev node Rocco Fri, 21 Nov 2025 03:33:36 +0000 https://dev.to/ruidosujeira/why-are-registries-and-nodemodules-still-black-boxes-in-2025-2dd3 https://dev.to/ruidosujeira/why-are-registries-and-nodemodules-still-black-boxes-in-2025-2dd3 <p>Let’s be real: JavaScript package installation hasn’t fundamentally changed since 2014. We just stacked tools on top of the same old foundation.</p> <p>node_modules is still a black hole, only faster depending on your PM.<br> Same idea, same problems, same blind trust.</p> <p>The bigger issue isn’t npm or pnpm themselves.<br> It’s that we still have no real visibility into what we install.</p> <p>Registries today are black boxes:</p> <p>you can’t see a real file-tree</p> <p>there’s no true version diff</p> <p>metadata is minimal and inconsistent</p> <p>no clear runtime compatibility (Node/Bun/Deno/Workers)</p> <p>export-maps break unpredictably</p> <p>packages can change massively between versions and you only find out later</p> <p>Everyone keeps arguing “pnpm is faster”, “npm is stable”, “bun is aggressive” — but it’s all the same model.</p> <p>The ecosystem has normalized no inspection.<br> We install millions of packages blindly.</p> <p>That’s not engineering.<br> That’s hope.</p> <p>I’m building something to fix this, but the discussion is bigger than my project.</p> <p>Why did such a huge ecosystem never prioritize transparency?</p> <p>Curious to hear honest thoughts.</p> programming webdev architecture javascript