Building the future of dev tools 🚀 🛠️ #DotCommand 🔐 #DotEnvy 🧠 #DotSense All #OpenSource & built for you. 🔗 linktr.ee/DotFreeRave #BuildInPublic #VSCode #TypeScript

Lost 2,800 words of a Dev.to article to a VS Code WebView reset. Wrote for 2 hours. Switched tabs. Came back to an empty form. So I built a proper drafts system. Here's what I shipped in DotShare v3.2.5 The problem with WebViews: they're iframes. They suspend when hidden. They wipe on restart. Any state you haven't explicitly saved is gone the moment you look away. For a tweet that's annoying. For a 3,000-word article — it's devastating. The fix: one Draft interface covering everything. Social posts. Blog articles. Dev.to drafts pulled from the API. All the same type, all resumable with one click. No two separate systems. No branching logic. One union type does the job. The part I'm most proud of: Two-Way Sync. Loading a draft rewrites BOTH the WebView form AND the active .md editor file simultaneously. One click. Two surfaces. Always identical. Never out of sync. Remote drafts too. DotShare pulls your existing Dev.to articles from the API and shows them alongside local drafts in the same grid. Load one → Two-Way Sync fires → article lands in both the WebView and your Markdown editor. Also shipped: → Split-Editor: opening Dev.to/Medium auto-creates dotshare-devto.md beside the panel → Reset Boilerplate button: one click back to clean state → Upsert saves: no duplicates no matter how many times you hit save All in v3.2.5 "Nexus" Watch it in action 👇 youtube.com/watch?v=AIb4Ye9P… Here is the deep dive into the Two-Way Sync and UI code: Read Part 2 here: dev.to/freerave/building-a-u… (If you missed it, Part 1 on Types & Storage is here: dev.to/freerave/building-a-u… ) Install free on VS Code: marketplace.visualstudio.com… VSCodium / Open VSX: open-vsx.org/extension/freer… Source: github.com/kareem2099/DotSha… #VSCodeExtensions #DotShare #VSCode #OpenSource #FreeRave

🚨 Vercel confirmed a security breach today. GitHub tokens. NPM tokens. Internal employee systems. API keys. Thread on what happened, why it's serious, and what you need to do right now. --- 1/ First — what's confirmed vs claimed. ✅ Confirmed by Vercel: - Unauthorized access to internal systems - Limited subset of customers affected - Incident response team engaged - Services still operational ⚠️ Claimed (unverified): - GitHub NPM tokens stolen - ~580 employee records exposed - $2M ransom demanded --- 2/ Why Vercel specifically? Because it's a crown jewel target. It holds: → Secrets for thousands of apps → Deep GitHub integration → NPM publish access → DB credentials → OAuth tokens to literally everything One breach. Thousands of blast radii. This is textbook Supply Chain Compromise. --- 3/ The misconception killing people right now: ❌ "They encrypt env vars, I'm safe." Encryption at rest ≠ access control. If the attacker has authenticated access to internal systems, the system decrypts for them on request. The encryption layer never even sees the attack. --- 4/ The Linear exposure is underrated. Vercel uses Linear internally. Alleged access means: → Unpatched bug reports → Architecture discussions → Accidentally pasted credentials in comments → Post-mortems documenting past weaknesses An issue tracker is a treasure map. --- 5/ NPM tokens are the scariest part. Publish access to any package = push malicious code to everyone downstream. npm audit won't save you here. You need to think about WHO has publish access to your deps, not just what the current code does. --- 6/ 🔴 Do these RIGHT NOW: → Revoke Vercel's GitHub OAuth → re-authorize → Rotate Upstash / Redis / DB credentials → Revoke reissue NPM tokens → Audit connected OAuth apps on GitHub → Review recent build logs for leaked secrets --- 7/ The real lesson: If rotating your secrets takes more than 30 minutes — you don't have a Vercel problem. You have a resilience problem. Build rotation infrastructure BEFORE you need it. --- 8/ Wrote a full deep-dive: → Full attack surface breakdown → Why GitHub tokens are catastrophic → NPM ecosystem risk → Exact steps to take dev.to/freerave/the-vercel-b… RT if this helped someone in your timeline.

We hit 2,500 followers on dev.to in 15 days. The goal was April 30th. We finished April 15th. Here's the honest story behind 20 tools, a chaotic scoreboard, and why laziness is actually engineering. You didn't just follow — you engaged. Comments that pushed me to think harder. DMs with Easter egg screenshots from dotUniverse. Real people sharing real work. 2,631 of you did that. I don't take it lightly. The real origin story: I'm lazy. Every single tool in the DotSuite ecosystem exists because past-me refused to do something the hard way ever again. Laziness, scaled properly, is just engineering. VS Code Extensions I built out of spite: DotShare — post to 8 platforms at once (1,979 DLs) dotenvy — .env manager AI secret detection (1,130 ) dotcommand — command manager ML suggestions (909 ) CodeTune — Quran, prayer times in your editor (899 ) More VS Code tools: DotFetch — HTTP client with .env support (692 ) DotReadme — README quality auditor, A to F (515 ) dotsense — AI burnout detection wellness (129 ) Total across Marketplace Open VSX: 6,253 downloads. CLI Telegram: DotGhostBoard — AES-256 encrypted clipboard manager DotScramble — auto face/plate blur, 8 effects, Arabic RTL support DotDownloader — Instagram/TikTok/YouTube/Reddit/Spotify bot DotFormate — PDF/DOCX/PPTX conversion with OCR Mobile Apps: DotReminder — AI reminders, biometric auth, location-based DotBurn — Gym & calorie system management app DOTShredzilla — offline-first workout tracker, Kotlin Jetpack Compose The April scoreboard. Some of it is painful. ✅ dev.to: 2,631 / 2,500 — DONE 💼 LinkedIn: 396 / 500 — 79% 🎵 TikTok: 33 / 100 — 33% ▶️ YouTube: 29 / 100 — 29% 𝕏 Twitter: 16 / 500 — 3% X at 3% is basically a comedy sketch. The scoreboard stays public. What's shipping next: → DotShare v3.2 — Reddit media uploads, S3 pipeline almost stable → dotenvy — LLM layer for config management, full release article incoming → dotUniverse Terminal 2.0 — piping, SSH sim, VIM-lite (Q2) → dotsuite — full portfolio platform this year I'm self-taught. Building all of this from a small city in Egypt. Mostly at night. Mostly alone. No team, no VC, no algorithm boost. Next target: 3,000. I give it two weeks. Live portfolio: kareem2099.github.io/dotuniv… Type `ls ~/tools` in the terminal 🦥