Last updated: 2025/09/13 09:01
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
What Can We Actually Do With corner-shape?
When I first started messing around with code, rounded corners required five background images or an image sprite likely created in Photoshop, so when
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-an...
Can native web APIs replace custom components in 2025?
See how native web APIs like dialog, details, and the Popover API simplify accessibility, reduce dependencies, and replace custom components.
London Transport Museum Depot Open Days
I just found out about this (thanks, ChatGPT) and I'm heart-broken to learn that I'm in London a week too early! If you are in London next week (Thursday 18th …
Learning web development: Implementing web servers
In this chapter, we’ll write our own web server: It will serve files and manage the data for a browser app.
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware suppl...
Git Branching for Designers
A designer-friendly guide to git branching, merging, and pull requests, all explained with relatable Figma examples and visuals. Experiment with confidence.
Compiling Multiple CSS Files into One
Stu Robson outlines two ways to compile multiple CSS files when you aren't relying on Sass for it.
Too many tools: How to manage frontend tool overload
Read about how the growth of frontend development created so many tools, and how to manage tool overload within your team.
5 ways product managers can steward cross-pollination
Learn practical strategies PMs can use to spread ideas, improve collaboration, and shape stronger, more connected product outcomes.
Quoting Kumar Aditya
In Python 3.14, I have implemented several changes to fix thread safety of asyncio and enable it to scale effectively on the free-threaded build of CPython. It is now implemented …
Announcing Socket Fix 2.0
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
Feross on Risky Business Weekly Podcast: npm’s Ongoing Supply Chain Attacks
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get...
I tried Google Stitch. Here’s what I loved (and hated) about it
Google Stitch turns text and sketches into UI designs. Learn where it excels, where it falls short, and how it compares to other AI tools.
AIによる大量コードのマイグレーションスクリプト作成の試行錯誤と知見
この記事では、AIを用いた大量コードのマイグレーションスクリプト作成の試行錯誤とその知見について述べています。特に、1000ファイル以上の書き換えをAIに任せる際の課題として、実行の遅さや期待通りの結果が得られないこと、再現性の無さが挙げられています。これらの問題に対処するために、AIに直接書き換えを命じるのではなく、マイグレーション用のスクリプトを作成させるアプローチが効果的であると提案されています。具体的な事例として、HugoからAstroへのマイグレーションの過程が紹介され、変換の仕様や実際のプロンプトの例も示されています。 • AIによる大量ファイルの書き換えには実行の遅さや結果の不安定さがある。 • 期待通りの結果が得られない場合、再実行が必要で時間がかかる。 • マイグレーションの実行結果が毎回異なるため、全ファイルの精査が必要。 • AIに直接書き換えを命じるのではなく、マイグレーション用のスクリプトを作成させることが効果的。 • HugoからAstroへのマイグレーションの具体例が紹介され、変換の仕様が説明されている。
What’re Your Top 4 CSS Properties?
Everyone has a different opinion which is great because it demonstrates the messy, non-linear craft that is thinking like a front-end developer.
I Replaced Animal Crossing's Dialogue with a Live LLM by Hacking GameCube Memory
Brilliant retro-gaming project by Josh Fonseca, who figured out how to run 2002 Game Cube Animal Crossing in the Dolphin Emulator such that dialog with the characters was instead generated …
![AI dev tool power rankings & comparison [Sept 2025]](https://blog.logrocket.com/wp-content/uploads/2025/07/ai_dev_tool_power_rankings_july_2025_web.png)
AI dev tool power rankings & comparison [Sept 2025]
Compare the top AI development tools and models of September 2025. View updated rankings, feature breakdowns, and find the best fit for you.
Modernizing on Your Own Terms: A Strategic Guide to Managing Node.js Legacy Systems
. Enterprises should inventory runtimes, target the latest LTS, harden supply chains, measure performance, and roll out migrations in a controlled way.
Introducing Tier 1 Reachability: Precision CVE Triage for Enterprise Teams
Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.
Stop writing PRDs for AI — start using prompt sets instead
UX designers need to ditch vague PRDs. See how prompt sets make AI features testable, predictable, and user-friendly from day one.
File-based routing in React Router v7 – Why keep it optional?
Explore the new mode that introduced file-based routing in v7, why it remains optional, and when to use it or stick with a different approach.
MCP is replacing the browser: Here’s how devs should prepare
Learn how MCP will replace the traditional browser, what this shift means for frontend devs, and how to start prepping for an AI-first future.
Steal my startup approved growth workshop agenda
Discover how to run a growth workshop that equips your product team to map key drivers, identify levers, and plan experiments that matter.
DuckDB npm Account Compromised in Continuing Supply Chain Attack
Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.
The 2025 PSF Board Election is Open!
The Python Software Foundation's annual board member election is taking place right now, with votes (from previously affirmed voting members) accepted from September 2nd, 2:00 pm UTC through Tuesday, September …
Geoffrey Huntley is cursed
Geoffrey Huntley vibe-coded an entirely new programming language using Claude: The programming language is called "cursed". It's cursed in its lexical structure, it's cursed in how it was built, it's …
2025-09-09のJS: Zod 4.1.0、`debug`や`chalk`パッケージの侵害、monorepoなアプリを`node --experimental-strip-types`へ移行
JSer.info #747 - Zod 4.1.0がリリースされ、新しいCodecs APIが追加されました。
Improve your AI code output with AGENTS.md (+ my best tips)
Stop re-prompting. Put the rules in AGENTS.md: do and don’ts, file-level tests, and real examples so agents ship code that matches your project.
Recreating the Apollo AI adoption rate chart with GPT-5, Python and Pyodide
Apollo Global Management’s “Chief Economist” Dr. Torsten Sløk released this interesting chart which appears to show a slowdown in AI adoption rates among large (>250 empoloyees) companies: Here’s the full …
MCP Steering Committee Launches Official MCP Registry in Preview
The MCP Steering Committee has launched the official MCP Registry in preview, a central hub for discovering and publishing MCP servers.
Learning web development: Frontend frameworks
In this chapter, we’ll take a look at frontend frameworks – libraries that help with programming web user interfaces (“frontend” means “browser”, “backend” means “server”). We’ll use the frontend framework Preact to implement the frontend part of a todo list app – whose backend part we’ll implement in a future chapter.
Load Llama-3.2 WebGPU in your browser from a local folder
Inspired by a comment on Hacker News I decided to see if it was possible to modify the transformers.js-examples/tree/main/llama-3.2-webgpu Llama 3.2 chat demo (online here, I wrote about it last …
Introducing Pull Request Stories to Help Security Teams Track Supply Chain Risks
Socket’s new Pull Request Stories give security teams clear visibility into dependency risks and outcomes across scanned pull requests.
How to Evaluate AI Coding Tools for Your Enterprise
Enterprise guide to evaluating AI coding tools: three solution types, evaluation criteria, and a 7-step POC framework for teams.
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
Composition in CSS
CSS is a composable language by nature. This composition nature is already built into the cascade. We simply don't talk about composition as a Big Thing because it's the nature of the language.
How Cursor Project Rules Can Improve Next.js App Development
Learn how Cursor project rules streamline Next.js apps with automated conventions, consistent components, and faster developer onboarding.
npm Trusted PublishingでOIDCを使ってトークンレスでCIからnpmパッケージを公開する
npm Trusted Publishingが2025年7月31日に一般公開されました。これにより、OpenID Connect (OIDC)を使ってnpmトークンなしでCI/CDからnpmパッケージを公開できるようになりました。
仕様駆動開発を支える Spec Kit を試してみた
仕様駆動開発(Specification-Driven Development, SDD)は、AI コーディングエージェントを活用した新しいソフトウェア開発スタイルです。GitHub が提供する Spec Kit は、仕様駆動開発を支援するためのツールキットであり、AI との対話を通じて正確な受け入れ基準の定義とコード生成を支援します。この記事では Spec Kit を使用して仕様駆動開発を試してみます。
Learning web development: Installing npm packages and bundling
In this chapter we develop a small web app in the same way that large professional web apps are developed: We use libraries that we install via npm. We write tests for some of the functionality. We combine all JavaScript code into a single file before we serve the web app. That is called bundling. (Why we do that it explained later.)
Quoting IanCal
RDF has the same problems as the SQL schemas with information scattered. What fields mean requires documentation. There - they have a name on a person. What name? Given? Legal? …
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Quoting Kenton Varda
After struggling for years trying to figure out why people think [Cloudflare] Durable Objects are complicated, I'm increasingly convinced that it's just that they sound complicated. Feels like we can …
rv Is a New Rust-Powered Ruby Version Manager Inspired by Python's uv
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
What You Need to Know About CSS Color Interpolation
Color what? Sunkanmi Fafowora explains how an everyday task for CSS can be used to create better colors experiences.
TypeScriptファーストなコーディングAIエージェントのベンチマーク「ts-bench」を公開しました
AIコーディングエージェントのTypeScriptコード編集能力を評価するための、手軽に再現可能なベンチマークプロジェクト「ts-bench」を公開しました。この記事では、筆者がなぜ ts-bench を作ったのか、今後どうしていきたいかについてお話しします。 GitHub - laiso/ts-benchContribute to laiso/ts-bench development by creating an account on GitHub.GitHublaiso ts-benchの仕組み ts-benchは、プログラミング学習プラットフォーム Exercism のTypeScript問題セットを利用します。各問題には、仕様を説明するドキュメント、エージェントが編集すべきソースコードのひな形、そして正解判定に使うテストコードが含まれています。 ベンチマークタスクは、各問題に対して以下の4つのステップを順番に実行します。 1. AIエージェントの実行: 問題の指示書をプロンプトとしてAIエージェントに渡し、ソースコードを編集させます。 2. テストファイルの復元
Highlighted tools
Any time I share my collection of tools built using vibe coding and AI-assisted development (now at 124, here's the definitive list) someone will inevitably complain that they're mostly trivial. …
5 support page redesigns that transformed help desk UX
See how brands like Dropbox, Spotify, and Zoom reinvented their help desk UX and what you can steal for your own support pages.
Don’t vibe code your backend: The hidden dangers of BaaS
Explore the hidden dangers of BaaS, and how frontend-focused teams can use BaaS platforms without suffering from their major risks.
Building real-time state management with React and Fluent-State
Build a real-time AI chat in React with Fluent-state: handle streaming, async states, derived UI, and side effects cleanly.
フロントエンドのモジュールを共有する手法を考える
この記事では、サイボウズのkintoneプロダクトにおけるフロントエンドのモジュール共有手法について述べています。2021年から進められているフロントエンド刷新の一環として、モノリス構成からの脱却を目指し、各チームが独立したMonorepo構成を採用しています。しかし、チーム間でのモジュール共有が課題となっており、この記事では3つの共有パターンを提案しています。1つ目はnpmパッケージとして公開する方法で、バージョニングによる独立した開発が可能ですが、オーナーシップの明確化が必要です。2つ目は1つのMonorepoにまとめる方法で、共通モジュールの即時反映が可能ですが、依存管理の集約によるコンフリクトが懸念されます。3つ目は共通モジュールを直接扱う方法で、Monorepo構成でなくても利用可能ですが、運用の柔軟性が求められます。 • フロントエンドのモジュール共有の課題を解決するための手法を提案 • npmパッケージとして公開する方法は独立した開発が可能だが、オーナーシップの明確化が必要 • 1つのMonorepoにまとめる方法は共通モジュールの即時反映が可能だが、依存管理の集約によるコンフリクトが懸念される • 共通モジュールを直接扱う方法はMonorepo構成でなくても利用可能だが、運用の柔軟性が求められる • 各手法のメリット・デメリットを考慮した意思決定が必要
Nx Investigation Reveals GitHub Actions Workflow Exploit Led to npm Token Theft, Prompting Switch to Trusted Publishing
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.
Designers can ship without engineering handoffs
Designers can ship UI changes without engineering handoffs. With Fusion, visually edit your live site, use real tokens and components, and make PR‑ready diffs.
AI coding tools still suck at context — here’s how to work around it
Discover why you might be having difficulty with AI coding tools, and learn some practical strategies to work with AI more effectively.
gov.uscourts.dcd.223205.1436.0_1.pdf
Here's the 230 page PDF ruling on the 2023 United States v. Google LLC federal antitrust case - the case that could have resulted in Google selling off Chrome and …
AGENTS.md Gains Traction as an Open Format for AI Coding Agents
AGENTS.md is a fast-growing open format giving AI coding agents a shared, predictable way to understand project setup, style, and workflows.
Nx の攻撃から学べること #s1ngularity
Nx リポジトリが攻撃を受け、広範囲にわたるインシデントが発生した。今回の事例は、GitHub Actions を中心に複数のステップが組み合わさった攻撃であり、過去に何度も発生してきた攻撃と本質的には変わらない。しかし、途中で AI が何度か登場するため「AI が書いたコ...
Making XML human-readable without XSLT
In response to the recent discourse about XSLT support in browsers, Jake Archibald shares a new-to-me alternative trick for making an XML document readable in a browser: adding the following …
Updates from N|Solid Runtime: The Best Open-Source Node.js RT Just Got Better
N|Solid Runtime v6.0.0: Continuous profiling gRPC-Only SaaS, and Node.js v22.18.0
Cursor vs Claude Code: The Ultimate Comparison Guide
Cursor or Claude Code? Both start at $20/mo but work differently. Compare features, hidden costs, and real workflows to pick the right AI coding tool.
Our robo advisor: A lesson in skipping UX research
Skipping UX research wastes time and leads to flop features. See how user insights drive adoption, engagement, and lasting product impact.
Should the CSS light-dark() Function Support More Than Light and Dark Values?
The light-dark() function is currently designed to support just two color schemes. Should it support others? Sunkanmi Fafowora says yes and no.
The silent shift to Vite: What it means for your stack
Learn how Vite surpassed Webpack as the default JavaScript bundler, and what this shift means for your stack and the future of JS build tools.
How to consolidate your product management tools
Streamline your product stack with a six step guide to tool consolidation. Cut costs, reduce silos, and boost team efficiency.
Rich Pixels
Neat Python library by Darren Burns adding pixel image support to the Rich terminal library, using tricks to render an image using full or half-height colored blocks. Here's the key …
Making XML human-readable without XSLT
JavaScript is right there.
Learning web development: Asynchronous JavaScript – Promises and async functions
In this chapter, we learn how to handle tasks that take a long time to complete – think downloading a file. The mechanisms for doing that, Promises and async functions are an important foundation of JavaScript and enable us to do a variety of interesting things.
Lean for JavaScript Developers
Programming with proofs.
転職しました
この記事では、著者が株式会社ピクセルグリッドを退職し、VoidZero Inc.に転職した経緯について述べられています。著者はピクセルグリッドでフロントエンドエンジニアとして8年間働き、ReactやNext.js、Svelteなどの技術を使用してきました。会社の自由な社風やフルリモート勤務についても触れています。新しい職場での挑戦や、優秀な同僚とのコミュニケーションの難しさについても言及されており、特にPrettierのRustリライトに取り組む意向が示されています。最後に、OSS活動が仕事に繋がったことを振り返り、Vue Fes Japan 2025での発表予定についても触れています。 • 著者は株式会社ピクセルグリッドを退職し、VoidZero Inc.に転職した。 • ピクセルグリッドでの勤務は8年間で、主にフロントエンド技術を使用していた。 • 新しい職場では優秀な同僚とのコミュニケーションが求められる。 • PrettierのRustリライトに取り組む意向がある。 • フルリモート勤務を続ける予定である。
Deriving Client State from Server State
How to use derived state in React to keep client state and server data aligned without manual sync or effects.
2025-08-31のJS: Bun v1.2.21、Apollo Client v4、nxパッケージ侵害とサプライチェーン攻撃
JSer.info #746 - Bun v1.2.21 がリリースされました。
Learning web development: JSON and processing files in Node.js
In this chapter, we explore the popular data format JSON. And we implement shell commands via Node.js that read and write files.
AI コーディングエージェントの管理を行う Vibe Kanban を試してみた
Vibe Kanban は、AI コーディングエージェントの管理を支援するためのツールです。カンバン方式の UI でタスク管理を行い、各タスクに対して AI エージェントを割り当てて人間がその進捗を管理できます。この記事では Vibe Kanban を使用して AI コーディングエージェントの管理を実際に試してみます。
Learning web development: JavaScript Maps
In this chapter, we’ll explore the data structure Map (a class) which lets us translate (“map”) from an input value to an output value. We’ll use a Map to display text upside-down in a terminal!
Talk Python: Celebrating Django's 20th Birthday With Its Creators
I recorded this podcast episode recently to celebrate Django's 20th birthday with Adrian Holovaty, Will Vincent, Jeff Triplet, and Thibaud Colas. We didn’t know that it was a web framework. …
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
What happens when dev communities die: Stack Overflow’s slow collapse
Explore how Stack Overflow’s slow collapse affects programming and the possible future for Stack Overflow vs. generative AI competition.
How to build a multimodal AI app with voice and vision in Next.js
Learn how to build multimodal AI interactions to process images, audio, and even real-time video streams, using Next.js and Gemini.
CSS Elevator: A Pure CSS State Machine With Floor Navigation
In this article, author Chris Sabourin walk through how modern CSS features can build a fully functional, interactive elevator that knows where it is, where it’s headed, and how long it’ll take to get there. No JavaScript required.
JavaScript’s trademark problem
In this blog post, we discuss Oracle’s trademark of the word “JavaScript”: What are the problems caused by that trademark? How can we fix those problems?
Learning web development: JavaScript exceptions
In this chapter, we look at exceptions in JavaScript. They are a way of handling errors. We’ll need them for the next chapter.
Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency tree...
How I learned to treat AI like a partner, not a threat
Turn AI from a threat into a partner in UX design by refining workflows, avoiding pitfalls, and keeping human skills central.
I tried out Kiro: Here’s what I learned
Check out Kiro, AWS's AI-powered IDE, see what makes it different from other AI coding tools, and explore whether it lives up to the hype.
Why Go design patterns still matter
Here's how three design patterns solved our Go microservices scaling problems without sacrificing simplicity.
How to define customer segments that actually matter
Avoid weak product-market fit and wasted resources. Learn how to narrow broad customer segments into a focused beachhead strategy.
夏休みの終わりこそ復習しておきたい、ES2016以降のモダンJavaScript再入門
この記事では、ES2016以降に追加されたモダンJavaScriptの便利な機能を紹介しています。特に、グローバルオブジェクトへのアクセスを統一するglobalThis、末尾カンマの使用、Optional Catch Binding、オブジェクトに対するRest & Spread構文、Null合体演算子などが取り上げられています。これらの機能は、コードの可読性や保守性を向上させるために役立ちます。特に、古いスタイルのコードが残る中で新しい機能を活用することの重要性が強調されています。夏休みの終わりに、これらの知識をアップデートし、秋からの開発を楽にすることを提案しています。 • ES2016以降のJavaScriptの新機能を紹介 • globalThisにより、環境に依存せずにグローバルオブジェクトにアクセス可能 • 末尾カンマを使用することで、コードの可読性が向上 • Optional Catch Bindingにより、catch節の引数を省略できる • Rest & Spread構文がオブジェクトにも適用可能になった • Null合体演算子はnullまたはundefinedの判定に便利
tsx と Node.js Type Stripping の違い
tsx は TypeScript コードを事前トランスパイルすることなく、直接 Node.js で実行するためのツール。 https://github.com/privatenumber/tsx ところで最近の Node.js には Type Stripping という機能が入った。これを使うと、tsx なしで TypeScript コードを事前トランスパイルせずに実行できる。 https://nodejs.org/api/typescript.html#type-stripping 両者の違い 一見すると両者は機能的に同じものかのように思うけど、実は結構違いがある。 import speci…
Learning web development: Plain objects in JavaScript
In this chapter, we learn how to create plain objects with properties. We use them to create a simple flash card app.
Finetune and deploy GPT-OSS in MXFP4: ModelOpt+SGLang
<p>GPT-OSS, the first open-source model family from OpenAI's lab since GPT-2, demonstrates strong math, coding, and general capabilities even when compared w...
V&A East Storehouse and Operation Mincemeat in London
We were back in London for a few days and yesterday had a day of culture. First up: the brand new V&A East Storehouse museum in the Queen Elizabeth Olympic …
Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malwa...
A Radio Button Shopping Cart Trick
Here's an approach for animating products added to a shopping cart that handles an infinite number of items using a variation of the ol' Checkbox Hack.
Learning web development: Modules and testing in JavaScript
So far, all of our JavaScript code resided in a single file – be it an .html file or a .js file. In this chapter, we learn how to split it up into multiple files. And how to automatically test if the code we write is correct.
User agent strings to HTTP signatures - methods for AI agent identification
How to verify AI agent identity using HTTP message signatures with TypeScript.
Stop using templates — do this instead
Templates can speed you up or slow you down. Here’s how to avoid the trap and design smarter, not lazier.
Qwen3-Coder: Is this Agentic CLI smarter than senior devs?
Discover Qwen3-Coder, Alibaba’s 480B parameter agentic coding CLI, with real-world tests, use cases, and performance insights.
A guide to using AI to drive measurable business value
Learn how to build a cohesive AI strategy that drives measurable impact, aligns with business goals, and improves product workflows.
Learning web development: Web servers
In this chapter, we run a web server on our own computer and use it to serve a web app.
Getting Creative With Images in Long-Form Content
Images in long-form content can (and often should) do more than illustrate. They help set the pace, influence how readers feel, and add character that words alone can’t always convey.
CISA’s 2025 SBOM Guidance Adds Hashes, Licenses, Tool Metadata, and Context
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.
daisyUI 5 is here: What’s new and what to expect
Explore daisyUI 5’s new features, performance upgrades, and theming engine built for Tailwind CSS 4 developers.
Learning web development: Shells and Node.js
In this chapter we explore two topics: A shell is like browser console, but for the operating system instead of for JavaScript. It helps us with programming by running the tools (programs) we need to get things done. Node.js is a program that lets us run JavaScript code outside browsers – which we can use for a variety of things.
Static Sites with Python, uv, Caddy, and Docker
Nik Kantar documents his Docker-based setup for building and deploying mostly static web sites in line-by-line detail. I found this really useful. The Dockerfile itself without comments is just 8 …
Spatial Joins in DuckDB
Extremely detailed overview by Max Gabrielsson of DuckDB's new spatial join optimizations. Consider the following query, which counts the number of NYC Citi Bike Trips for each of the neighborhoods …
Nothing Phone (3)のGlyph Matrix Developer Kitで遊ぼう
Nothing Phoneとは? Nothing Phoneはイギリスの元OnePlus創業者Carl Peiが手がけるAndroidスマートフォンです。独特のデザインのガジェットとして注目されることが多いです。2022年に初代Phone (1)が発売され、熱狂的なファン層を獲得しています。 Phone (3)はその3世代目の端末で2025年7月に発表されました。 Phone (3) | PhonesPhone (3) combines elegantly bold and playful design with a new kind of experience — one that’s more playful, personal, and intuitive with every use. It’s a phone with a soul, that doesn’t
Claude Code の学習モードで自分の手でコードを書く練習をしよう
コーディングに AI エージェントを活用する流れはもはや避けられないものとなっています。しかし、AI エージェントによってコーディングの多くが自動化されると、開発者が自分の手でコードを書く機会は減少してしまうというジレンマがあります。Claude Code の学習モードを使用すると、自分の手でコードを書く練習ができます。学習モードでは、AI エージェントはユーザー自身にも一部のコードの生成を依頼します。この記事では、Claude Code の学習モードの使い方について解説します。
Learning web development: Loops in JavaScript
In this chapter, we learn how to do things repeatedly in JavaScript.
Agentic AI for 5x less: Why Kimi K2 is a frontend game-changer
Discover how to integrate Kimi K2 agentic mode into a frontend application, and learn how it compares to DeepSeek.
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
3D Layered Text: Interactivity and Dynamism
In this third and final chapter, we’re stepping into interactivity by adding JavaScript, starting with a simple :hover effect, and ending with a fully responsive bulging text that follows your mouse in real time.
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
Lower Cloud Bills, Faster MTTR, Stronger Security: One Platform for Node.js
For companies running Node.js applications, hidden inefficiencies can quietly drive up costs, slow down innovation, and increase risk.
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
Motion design is cool, but can hurt users — here’s how I fixed it
Motion design can delight users or drive them away. Learn how to avoid common pitfalls, fix performance issues, and use animation to enhance UX instead of hurting it.
Why you shouldn’t ignore niche app user types
Learn why designing for niche user types like first-time, older, or low-connectivity users can boost adoption, loyalty, and market reach.
The No Handoff Methodology: A Practical Playbook for UX Design Leaders
How to enable designers to create production-ready prototypes, eliminating handoffs and cutting delivery time.
ターンテイキングのタイミング予測を簡単に試せるライブラリMaAIを使ってみた
AI ShiftのTECH BLOGです。AI技術の情報や活用方法などをご案内いたします。
Rspack Introduces Rslint, a TypeScript-First Linter Written in Go
Rspack launches Rslint, a fast TypeScript-first linter built on typescript-go, joining in on the trend of toolchains creating their own linters.
AWS in 2025: The Stuff You Think You Know That’s Now Wrong
Absurdly useful roundup from Corey Quinn of AWS changes you may have missed that can materially affect your architectural decisions about how you use their services. A few that stood …
2025-08-21のJS: Next.js 15.5、rslint/Oxlint、jsprimer v7.0.0(ES2025)
JSer.info #745 - Next.js 15.5がリリースされました。
3D Layered Text: Motion and Variations
In this chapter, we will explore ways to animate the effect, add transitions, and play with different variations. We will look at how motion can enhance depth, and how subtle tweaks can create a whole new vibe.
We asked 200 PMs: Is product management an art or a science?
How did 200+ product managers answer the question: Is PM an art or a science? Find out in this roundup article.
Does Gemini CLI fall short? Here’s how Codex compares
Compare Codex CLI vs Gemini CLI for real-world coding tasks. See strengths, weaknesses, and which AI CLI fits your developer workflow best.
Is Next.js still developer-friendly?
The question isn’t whether Next.js is good or bad; it’s whether the productivity gains are worth the complexity tax.
Production-grade AI Prototyping
Production-grade AI prototyping with Fusion: connect your repo, use real components, iterate in multiplayer, and ship PR-ready code. No throwaway demos.
Learning web development: Booleans, comparisons and <code>if</code> statements
In this chapter, we learn about tools for only running a piece of code if a condition is met: truth values (booleans), comparisons and if statements.
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
XSLT on congress.gov
Today I learned - via a proposal to remove mentions of XSLT from the HTML spec - that congress.gov uses XSLT to serve XML bills as XHTML - here's H. …
5 biggest daisyUI anti-patterns (and how to avoid them)
Learn to avoid the 5 biggest daisyUI antipatterns that derail projects: customization conflicts, responsive design issues, and team consistency problems.
Using daily quests within your product design to boost retention
Learn how the Zeigarnik effect drives engagement and explore UX strategies that keep users motivated to return and complete tasks.
コーディングエージェントが参照するファイルを統一する AGENTS.md
コーディングエージェントを使用する際にはプロジェクトの技術スタックやビルド手順、コーディング規約を記載したドキュメントを用意して、コンテキストに含めるのが一般的な手法です。 しかし、 コーディングエージェントの製品ごとに異なるファイル名で用意しなければいけないという問題がありました。
Don’t let AI erase the next generation of dev leaders
If AI snaps up all of their opportunities to learn, junior engineers can never grow into senior roles. Then who’s left to lead the engineering teams of the future?
How to make sense of your product data with an evidence map
Turn interviews, prototypes, and MVP results into clear insights with evidence maps for smarter product decisions.
PrettierのExperimental CLIについて
Prettierのバージョン3.6から、Experimental CLIが利用可能になった。これにより、CLIのパフォーマンスが向上し、特に遅延ロードにこだわった設計がなされている。CLIは、--experimental-cliオプションまたは環境変数PRETTIER_EXPERIMENTAL_CLIで有効化でき、エントリーポイントはdynamicImportを使用している。ファイルのパースやプラグインのロードを行い、標準入力からフォーマット対象を決定する。設定ファイルのフィルタリングやキャッシュの準備も行われ、最終的にフォーマット処理が実行される。全体的にシンプルで読みやすい構造になっているが、設定ファイルに関する問題が多く見受けられる。 • Prettier 3.6からExperimental CLIが利用可能になった。 • CLIのパフォーマンスが向上し、遅延ロードにこだわった設計がされている。 • --experimental-cliオプションまたは環境変数でCLIを有効化できる。 • CLIはファイルのパースやプラグインのロードを行う。 • 標準入力からフォーマット対象を決定し、設定ファイルのフィルタリングやキャッシュの準備を行う。 • フォーマット処理はPromise.allSettled()でまとめて実行される。 • 設定ファイルに関する問題が多く、Issueも多く見受けられる。
Oxlint Introduces Type-Aware Linting Preview
Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.
3D Layered Text: The Basics
A client asked me to create a bulging text effect. With a bit of cleverness and some advanced CSS, I managed to get a result I’m genuinely proud of, which is covered in this three-part series.
oxlintに`--type-aware`オプションがきた
この記事では、Oxlintに新たに追加された`--type-aware`オプションについて説明しています。このオプションにより、TypeScriptの型情報を利用したルールが動作するようになり、具体的にはtypescript/no-floating-promisesなどのルールが実装されています。Oxlintは、内部的にTypeScriptのGoリライトであるtypescript-goを使用しており、tsgolintを子プロセスとして実行します。現在利用可能なルールは40種類あり、これらはすべてOxlintで使用可能です。記事では、Oxlintのバイナリのエンドポイントや、tsgolintプロセスとのやり取りの方法についても詳しく説明されています。 • Oxlintに`--type-aware`オプションが追加され、TypeScriptの型情報を利用したルールが動作するようになった。 • 具体的なルールにはtypescript/no-floating-promisesなどが含まれる。 • Oxlintはtypescript-goを使用しており、tsgolintを子プロセスとして実行する。 • 現在利用可能なルールは40種類で、すべてOxlintで使用可能。 • Oxlintのバイナリのエンドポイントやtsgolintプロセスとのやり取りの方法が説明されている。
Learning web development: Arrays in JavaScript
In this chapter we look at one way of storing more than one value in a variable: arrays.
JavaScript Primer v7.0.0リリース: ES2025対応とIterator Helpersの新章追加
JavaScript Primer v7.0.0がリリースされ、ECMAScript 2025に対応した新機能が追加されました。特に「イテレータとジェネレータ」の章が新設され、Iterator Helpersが導入されています。これにより、イテレータの作成や操作が簡素化され、配列への変換や値のフィルタリングが容易になりました。また、RegExp.escapeメソッドが追加され、ユーザー入力を正規表現で安全に扱うことが可能になりました。さらに、Setに数学的な集合演算を行うメソッドが追加され、Import Attributesが標準化されました。これにより、JSONファイルなどのインポート時に属性を指定できるようになりました。 • ECMAScript 2025への対応が行われた。 • 新章「イテレータとジェネレータ」が追加され、Iterator Helpersが導入された。 • Iterator.from()や.map()などのメソッドが利用可能になった。 • RegExp.escapeメソッドが追加され、正規表現の特殊文字を自動的にエスケープできる。 • Setに数学的な集合演算を行うメソッドが追加された。 • Import Attributesが標準化され、JSONファイルなどのインポート時に属性を指定できるようになった。
Using Grok 4 in the frontend development: Here’s what I’ve learned
Tested Grok 4 on real frontend tasks. See how it compares to Claude, Gemini, and Kimi, plus cost, token use, and when to use it for dev work.
Learning web development: strings and methods in JavaScript
In the last chapter, we worked with numbers. In this chapter, we’ll work with text and write our first applications.
Maintainers of Last Resort
Filippo Valsorda founded Geomys last year as an "organization of professional open source maintainers", providing maintenance and support for critical packages in the Go language ecosystem backed by clients in …
LLM へのプロンプトを構造化された文書で管理する POML
POML (Prompt Orchestration Markup Language) は、Microsoft によって提案されたプロンプトを構造化された文書として管理するためのマークアップ言語です。プロンプト開発における構造の欠如や複雑なデータとの統合の困難さ、特定のフォーマットへの依存性といった課題を解決することを目指しています。
Beyond Booleans
What is the type of 2 + 2 = 4?
New Website “Is It Really FOSS?” Tracks Transparency in Open Source Distribution Models
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
Covering hidden=until-found
Short story: Slapping hidden=until-found on an element in HTML enables any hidden content within the element to be findable in the browser with in-page search.
A Few Things About the Anchor Element’s href You Might Not Have Known
It's easy to take URL superpowers for granted, even if you already have these patterns under your belt.
Learning web development: numbers, variables, functions in JavaScript
In this chapter, we take the very first steps with JavaScript and learn about numbers, variables and functions.
Prototyping with Figma AI
Learn how Figma Make's AI prototyping works and why teams are moving beyond mockups to build real features directly in production code with Fusion.
How Fast Teams Stay Fast at Scale
Why traditional team structures slow you down, and what we’ve learned from building differently at Builder to make fast teams stay fast at scale
AI personas you can use to support your entire UX process
Discover how AI personas can transform UX design, from simulating users to co-designing interfaces and boosting team speed and accuracy.
On Accessibility Conformance, Design Systems, and CSS “Base” Units
My brain can't help but try to make connections between seemingly disparate ideas. And that's what happened yesterday when I read:
Effective rendering with Selective SSR in TanStack Start
Learn how TanStack Start’s Selective SSR lets you mix server-, client-, and data-only rendering modes for faster, more flexible React apps.
The deep internals of event delegation: When bubbling isn’t enough
Learn event delegation in JavaScript, optimize event handling, reduce memory use, support dynamic elements, and handle tricky non-bubbling events.
AI dev tool power rankings & comparison [August 2025 edition]
Compare the top AI development tools and models of August 2025. See updated power rankings, feature-by-feature breakdowns, and find the right fit for your workflow.
Shipping alone isn’t enough: Here’s how to make your work visible
Learn how to turn product success into leadership recognition by connecting outcomes to business impact and building visibility.
New series of blog posts: learning web development
This blog post provides an overview of my new series of blog posts called “Learning web development”.
Astral Launches pyx: A Python-Native Package Registry
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
pyx: a Python-native package registry, now in Beta
Since its first release, the single biggest question around the uv Python environment management tool has been around Astral's business model: Astral are a VC-backed company and at some point …
React calendar components: 6 best libraries for 2025
Find the best React calendar component for your project with our detailed comparison of react-datepicker, Shadcn/UI, and morec.
Static vs. Runtime Reachability: Insights from Latio’s On the Record Podcast
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
We Might Need Something Between Root and Relative CSS Units for “Base Elements”
I've come to realize that perhaps we need to have a unit between root and relative values. This would bring about a whole new possibility when creating reusable components.
simonw/codespaces-llm
GitHub Codespaces provides full development environments in your browser, and is free to use with anyone with a GitHub account. Each environment has a full Linux container and a browser-based …
拡散言語モデルを使ってリアルタイムなアプリケーション生成システムを作った
AI ShiftのTECH BLOGです。AI技術の情報や活用方法などをご案内いたします。
Opengrep Adds Apex Support and New Rule Controls in Latest Updates
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.
Data, Service, and Dependency Injection
Learn the distinction between data (value objects) and services in OO design, and why dependency injection is essential for maintainable code.
Why users ignore notifications (and how to fix it)
Learn how top companies and smart UX strategies overcome notification blindness to boost engagement without annoying users.
CSS-Questions
CSS-Questions is a mini site where you can test your CSS knowledge with over 100 questions.
How I use a metrics tree to align, prioritize, and track progress
Learn how to build a metrics tree to align goals, track progress, and prioritize features that drive real product outcomes.
React’s `use()` API is about to make useContext obsolete
Learn how React’s new use() API elevates state management and async data fetching for modern, efficient components.
Getting Creative With Quotes
How do you design block quotes and pull quotes to reflect a brand’s visual identity and help tell its story? Here’s how I do it by styling the HTML blockquote element using borders, decorative quote marks, custom shapes, and a few unexpected properties.
How long until we need to block Google?
Google AI Overviews are causing fewer clicks for some site owners. If this is a fundamental shift in the web's traffic economy, how can site owners control where their content appears?
Chromium Docs: The Rule Of 2
Alex Russell pointed me to this principle in the Chromium security documentation as similar to my description of the lethal trifecta. First added in 2019, the Chromium guideline states: When …
Vibe code a 3D interactive planet in one prompt
How I added a 3D interactive planet animation to my homepage with one AI prompt. No WebGL knowledge required, just copy, paste, and deploy.
AI エージェントがインタラクティブな UI を返すことを可能にする MCP UI
MCP UI は Model Context Protocol (MCP) を拡張して、AI エージェントがインタラクティブな UI コンポーネントを返すことを可能にする仕組みです。これにより、AI エージェントとのチャットの返答としてグラフや画像ギャラリー、購入フォームなどを表示できます。この記事では MCP UI の SDK を利用して、AI エージェントがインタラクティブな UI コンポーネントを返す方法を試してみます。
Hypothesis is now thread-safe
Hypothesis is a property-based testing library for Python. It lets you write tests like this one: from hypothesis import given, strategies as st @given(st.lists(st.integers())) def test_matches_builtin(ls): assert sorted(ls) == my_sort(ls) …
npm Adopts OIDC for Trusted Publishing in CI/CD Workflows
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
How to Prepare for CSS-Specific Interview Questions
Get advice answering a set of 10 CSS-related questions you likely will encounter in front-end interviews.
60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
I’ve designed AI assistants — Here’s what actually works
Learn how to design AI assistants that are purpose‑driven, user‑focused, and built on trust with reusable UI patterns and clear interactions.
New CNA Scorecard Tool Ranks CVE Data Quality Across the Ecosystem
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilit...
2025-08-07のJS: Node.js v22.18.0 (LTS)、TypeScript 5.9、Panda CSS v1
JSer.info #744 - Node.js v22.18.0がリリースされました。
A guide to designing successful product management workshops
Learn how to design product management workshops that drive alignment, decisions, and strategic outcomes instead of just activities.
アニメーションのフレームをテストしない。その理由を解説します。
この記事では、UIアニメーションのフレーム単位でのテストが非現実的である理由と、代わりに取るべきテスト方法について解説しています。フレーム単位のテストは、タイミングの不確実性、環境の非一貫性、保守性の問題、膨大なデータとリソースの問題から、実行環境によって結果が変わる「フレーキー」なテストになりがちです。代わりに、アニメーションの目的達成を確認する「正当性のテスト」を提案し、PlaywrightやCypressなどのツールを用いて、初期状態、アクション、最終状態を確認する方法を示しています。 • フレーム単位のテストはタイミングの不確実性があり、成功率が低い。 • 環境によってアニメーションのパフォーマンスが異なるため、テスト結果が一貫しない。 • 保守性の観点から、アニメーションの変更に伴いテストコードの修正が必要になる。 • フレームごとのテストは膨大なデータを生成し、実行時間やストレージに負担をかける。 • 代替として、アニメーションの目的達成を確認する正当性のテストを推奨。
Malicious npm Packages Target WhatsApp Developers with Remote Kill Switch
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.
Tom MacWright: Observable Notebooks 2.0
Observable announced Observable Notebooks 2.0 last week - the latest take on their JavaScript notebook technology, this time with an open file format and a brand new macOS desktop app. …
11 Malicious Go Packages Distribute Obfuscated Remote Payloads
Socket uncovered 11 malicious Go packages using obfuscated loaders to fetch and execute second-stage payloads via C2 domains.
Convert HTML to Design in Figma
Convert HTML to design in Figma instantly. Import websites into fully editable Figma designs and generate on-brand variations with AI.
How Arcjet approaches open source
How we think about open source licensing, releasing open source projects, forks, and contributing upstream.
Bringing Back Parallax With Scroll-Driven CSS Animations
Parallax is a pattern in which different elements of a webpage move at varying speeds as the user scrolls, creating a three-dimensional, layered appearance. It once required JavaScript. Now we have scroll-driven animations in CSS, which is free from the main-thread blocking that can plague JavaScript animations.
Fix over-caching with dynamic IO caching in Next.js 15
Next.js 15 caching overhaul: Fix overcaching with Dynamic IO and the use cache directive.
TC39 Advances 11 Proposals for Math Precision, Binary APIs, and More
TC39 advances 11 JavaScript proposals, with two moving to Stage 4, bringing better math, binary APIs, and more features one step closer to the ECMAScr...
No, AI is not Making Engineers 10x as Productive
Colton Voege on "curing your AI 10x engineer imposter syndrome". There's a lot of rhetoric out there suggesting that if you can't 10x your productivity through tricks like running a …
How to set up and use the Linear MCP server
Learn how to set up and use the Linear MCP server. Fusion supercharges your project management using AI integrations.
Understanding Flame Graphs in Node.js (and How AI Makes Them Easier with N|Solid)
Flame graphs are one of the most powerful tools for understanding performance bottlenecks, but they can also be one of the hardest to read.
Introducing NCM v3: AI-Enhanced Security & Performance for Node.js
Today, we’re proud to introduce NodeSource Certified Modules v3 (NCM v3): a complete rearchitecture of our module scanning and observability engine.
UX analytics changed my career — here’s how it can change yours
Analytics helped me stop guessing and start designing smarter. Here’s how it made me a better UX designer.