How I Almost Got Hacked By A 'Job Interview'

- I was 30 seconds away from running malware, Here's how a sophisticated scam operation almost got me, and why every developer needs to read this....

Running Software on Software You’ve Never Run

- I love a good look at modern practices around semantic versioning and dependency management (Rick Hickey’s talk “Spec-ulation” is the canonical one I think of). Niki recently wrote a good ‘un at tonsky.me called “We shouldn’t have needed lockfiles”. What struck me was this point...

The Risks of NPM

- There was a time when I could ask, “Did you see the latest NPM attack?” And your answer would be either “Yes” or “No”. But now if I ask, “Did you see the latest NPM attack?” You’ll probably answer with a question of your own: “Which one?” In this post, I’m talking about the Qix...

fauxmium - browse an infinite imaginary web

- What if every website you visited didn't actually exist until the moment you asked for it? What if the entire web was a unique, AI-generated experience, created just for you, on the fly? That's the core idea behind my latest project, Fauxmium. Fauxmium is a proof-of-concept that...

A better future for JavaScript that won't happen

- In the wake of the largest supply-chain attack in history, the JavaScript community could have a moment of reckoning and decide: never again. As the panic and shame subsides, after compromised developers finish re-provisioning their workstations and rotating their keys, the...

You Want Technology With Warts

- I normally skip presentations because I prefer reading, but Building the Hundred-Year Web Service (YouTube) was worth the time.1 Note that despite “htmx” featuring in the title, very little of the presentation is actually about htmx. It is about choosing and using technology in...

My review of Claude's new Code Interpreter, released under a very confusing name

Live Coding Session: Building Arena

- Watch me build Arena live - a real-time collaborative coding session exploring AI-powered development workflows....

We shouldn’t have needed lockfiles

- Imagine you’re writing a project and need a library. Let’s call it libpupa. You look up its current version, which is 1.2.3, and add it to your dependencies: "libpupa": "1.2.3" In turn, the developer of libpupa, when writing its version 1.2.3, needed another library: liblupa. So...

On Optimizing Meteor Publications

- Making a server do less work is often a good thing. Here we’ll reduce the number of events a Meteor instance has to process to handle real-time publications.

Most AI Code is Garbage. Here's How Mine Isn't.

- I Spent $450 in 3 Weeks Building 100k Lines of Code (And Didn't Want to Burn It Down)...

VibeTunnel's first AI-anniversary

- It's been one month since we released the first version of VibeTunnel, and since in the AI world time is so much faster, let's call it VibeTunnel's first anniversary!...

Introducing DataQueue

- There are so many ways to run a long-running process in the background when you use modern React frameworks like Next.js, Remix, etc. You can spin your own Redis and use BullMQ as shown in [this guest post](/blog/long-running-jobs-nextjs-redis-bull), or use a managed service...

The Web as URLs, Not Documents

- Dan Abramov on his blog (emphasis mine): The division between the frontend and the backend is physical. We can’t escape from the fact that we’re writing client/server applications. Some logic is naturally more suited to either side. But one side should not dominate the other....

Use Async Local Storage to prevent props drilling in Next.js Route handlers

- When a private API endpoint is called, the handler should check if the request came from an authorized user before doing anything else. Usually the function that checks the request returns a user object if the request is authorized. Then this user object can be used by other...

How to handle date and time correctly in your fullstack JS web app

- Handling date and time correctly in your fullstack JS web app is pretty tricky and can cause a subtle bug. ## The problem This just happened to me. I got a report from my team mate that our website displayed the wrong date and time. In our backend, the admin who resides in the...

Is It JavaScript?

- OH: It’s just JavaScript, right? I know JavaScript. My coworker who will inevitably spend the rest of the day debugging an electron issue — @jonkuperman.com on BlueSky “It’s Just JavaScript!” is probably a phrase you’ve heard before. I’ve used it myself a number of times. It...

RSC for LISP Developers

- Quoting for modules....

Progressive JSON

- Why streaming isn't enough....

Why Does RSC Integrate with a Bundler?

- One does not simply serialize a module....

On Distributed Tracing

- Much easier time while debugging API requests involving multiple services while reducing the number of logs by 85%? All that thanks to distributed tracing!

Validate HTTP Status Codes in Go Using Built-in Constants

- Convenient constants and functions in the Go http package....

Function calling using LLMs

- While LLMs excel at generating cogent text based on their training data, they may also need to interact with external systems. Kiran Prakash describes how we get them to construct external function calls to do this. The LLM does not execute these calls directly, instead it...

Backwards Compatibility in the Web, but Not Its Tools

- After reading an article, I ended up on HackerNews and stumbled on this comment: The most frustrating thing about dipping in to the FE is that it seems like literally everything is deprecated. Lol, so true. From the same comment, here’s a description of a day in the life of a...