This week
- Mcp-cli is a lightweight CLI that allows dynamic discovery of MCP, reducing token consumption while making tool interactions more efficient for AI coding agents....
Last week
Two weeks ago
About a month ago
- A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea. When I set off to do this work in early November I expected I was going to have to deal with anti-CSRF...
about 2 months ago
- I enjoyed listening to Feross Aboukhadijeh, founder and CEO of the security firm Socket, on the Changelog podcast “npm under siege”. The cat-and-mouse nature of security is a kind of infinite source of novel content, like a series of heist movies that never produces the same...
- I recently added a bunch of app icons from macOS Tahoe to my collection. Afterwards, I realized some of them were missing relational metadata. For example, I have a collection of iMove icons through the years which are related in my collection by their App Store ID. However, the...
2 months ago
3 months ago
- I was 30 seconds away from running malware, Here's how a sophisticated scam operation almost got me, and why every developer needs to read this....
4 months ago
- I love a good look at modern practices around semantic versioning and dependency management (Rick Hickey’s talk “Spec-ulation” is the canonical one I think of). Niki recently wrote a good ‘un at tonsky.me called “We shouldn’t have needed lockfiles”. What struck me was this point...
- There was a time when I could ask, “Did you see the latest NPM attack?” And your answer would be either “Yes” or “No”. But now if I ask, “Did you see the latest NPM attack?” You’ll probably answer with a question of your own: “Which one?” In this post, I’m talking about the Qix...
- What if every website you visited didn't actually exist until the moment you asked for it? What if the entire web was a unique, AI-generated experience, created just for you, on the fly? That's the core idea behind my latest project, Fauxmium. Fauxmium is a proof-of-concept that...
- In the wake of the largest supply-chain attack in history, the JavaScript community could have a moment of reckoning and decide: never again. As the panic and shame subsides, after compromised developers finish re-provisioning their workstations and rotating their keys, the...
- I normally skip presentations because I prefer reading, but Building the Hundred-Year Web Service (YouTube) was worth the time.1 Note that despite “htmx” featuring in the title, very little of the presentation is actually about htmx. It is about choosing and using technology in...
- Watch me build Arena live - a real-time collaborative coding session exploring AI-powered development workflows....
5 months ago
- Imagine you’re writing a project and need a library. Let’s call it libpupa. You look up its current version, which is 1.2.3, and add it to your dependencies: "libpupa": "1.2.3" In turn, the developer of libpupa, when writing its version 1.2.3, needed another library: liblupa. So...
6 months ago
- I Spent $450 in 3 Weeks Building 100k Lines of Code (And Didn't Want to Burn It Down)...
- It's been one month since we released the first version of VibeTunnel, and since in the AI world time is so much faster, let's call it VibeTunnel's first anniversary!...
- There are so many ways to run a long-running process in the background when you use modern React frameworks like Next.js, Remix, etc. You can spin your own Redis and use BullMQ as shown in [this guest post](/blog/long-running-jobs-nextjs-redis-bull), or use a managed service...
7 months ago
- Dan Abramov on his blog (emphasis mine): The division between the frontend and the backend is physical. We can’t escape from the fact that we’re writing client/server applications. Some logic is naturally more suited to either side. But one side should not dominate the other....
- When a private API endpoint is called, the handler should check if the request came from an authorized user before doing anything else. Usually the function that checks the request returns a user object if the request is authorized. Then this user object can be used by other...
Rows per page
