It's been a while in the making but FeatureBoard and @CoreyGinnivan gives a good overview of why we are different to many existing products We are really keen to get a few partner organisations on board for feedback in exchange we will be helping you get the most out of it.

🚨 Breaking: Trivy GitHub Actions supply chain attack – 75 out of 76 version tags compromised. If your CI/CD pipelines reference “aquasecurity/trivy-action” by version tag, you’re likely running malware right now. At Socket, we identified that an attacker force-pushed nearly every version tag in the official aquasecurity/trivy-action repository. That’s @​0.0.1 all the way through @​0.34.2. Over 10,000 GitHub workflow files reference this action. The malicious payload runs silently before the legitimate Trivy scan, so nothing looks broken. Meanwhile it’s: - Dumping runner process memory to extract secrets - Harvesting SSH keys - Exfiltrating AWS, GCP, and Azure credentials - Stealing Kubernetes service account tokens The only unaffected tag right now appears to be @​0.35.0. Socket independently detected this at 19:15 UTC and generated 182 threat feed entries tied to this campaign – all correctly classified as Backdoor, Infostealer, or Reconnaissance malware. This is the second Trivy compromise this month. Earlier in March, attackers injected code into the Aqua Trivy VS Code extension on OpenVSX to abuse local AI coding agents. The compromised tags are still active. Pin to @​0.35.0 or use a SHA reference until this is fully remediated. Full write-up: socket.dev/blog/trivy-under-…

Today, @nodejs published a security release for Node.js that fixes a critical bug affecting virtually every production Node.js app. If you use React Server Components, Next.js, or ANY APM tool (Datadog, New Relic, OpenTelemetry), your app could be vulnerable to DoS attacks. 👇

Anyone got a comet invite code I could use? :)

React 19, Vite 6, React Router v7 Everything is in order for RSC and middleware that I've been hoping for! Team is working hard on all of it. Soon you can use React in whatever way you prefer

NEW: React Router v7 React Router is the best bridge for React 18 👉 19. Use it as a full framework or library with your own architecture The same router used by millions of React apps, now ready for the next decade 💪 Read our blog post for more remix.run/blog/react-router-…

In @JakeGinnivan's latest blog post, he explains how you can bridge the gap between @opentelemetry and Application Insights, and save time by understanding how they work together. There are tips, gotchas, and insights just for you. hubs.ly/Q02Tm-RM0

Announcing @voidzerodev: a company building the next-generation unified toolchain for JavaScript. We are the creators and core-contributors of Vite, Vitest, Rolldown and Oxc - and we will unite these projects under a coherent vision to power the next generation of web applications. We have raised $4.6M in seed funding led by @Accel - read more in the blog post: voidzero.dev/posts/announcin…

Today is the day! Hope to see you at PulumiUP: pulumi.com/pulumi-up/ We have tons of exciting product news and the speaker lineup is amazing. Join us at Stoup in Seattle afterwards for beers and code! 🍻 meetup.com/pulumi-seattle/ev…

Junior folks sometimes get into a demoralized headspace where Seniors seem like our knowledge/ability to spot a solution is magic. It’s not, we’ve just seen that before. Further: we’ve broken that before.

Maximising ROI in the Microsoft Commercial Marketplace," hosted by Arkahna and Microsoft. Join us next week to learn strategies and best practices for boosting your Marketplace success! Sign up here: tinyurl.com/erat7n74 #MicrosoftMarketplace #SaaS #Webinar #TechGrowth

Okay, lets talk nerdy. One of most fundamental underpinnings of the way we think about doing infrastructure automation is the idea that it's best done in a declarative way. Having a declaration of intent, followed by an idempotent, convergent control loop.

Great read, lots of things in there for people at every level / role in software development teams. We need to be growing the next generation of great engineers, and short term thinking around replacing juniors with AI is bad for everyone

Excited to announce Platinum Sponsor, @MakerXAU for @DDDPerth's 10th anniversary! Thank you for your incredible support in making this milestone year unforgettable #DDDPerth #diamondedition #MakerX #DEI #Innovation #community #celebrating10years

We got a small group of people don't some amazing work here, but we need more. The codemods are very easy to implement, even if you've never implemented one before! One codemod only takes about half an hour (max!) to implement, theres just a lot. If you want to help, link below

The value of meetups was a discussion at @webdirections attendee party, over the past few years we have lost many great meetups. While we have some new people stepping up, we need more. Support the meetups around you, and offer to help out if you can! It’s worth it

Exaggerated vulnerability ratings take a toll on open source maintainers and can have disruptive downstream effects. socket.dev/blog/node-ip-main… #NodeJS #JavaScript @indutny

The reports of my death are greatly exaggerated — Remix v2.10 is now available This release brings Fog of War (unstable) as well as a number of bug fixes and dependency upgrades Checkout the changelog for more details remix.run/docs/en/main/start…

Ticket sales are open 💎💎💎 for this diamond class event of the year dddperth.com

Just landed in Melbourne for web directions code (tomorrow and Friday), my talk: SPAs, where did it all go wrong Last chance to get tickets and see some awesome talks! webdirections.org/code/

@RyanRRoyals gets to the core of one of the more quirky config problems with #Azure storage accounts and networking. Spoiler alert: it is DNS. It is always DNS.... 🙄 hubs.ly/Q02B_j7p0