🚨 Security Alert: axios versions 1.14.1 and 0.30.4 were compromised on npm with a remote access trojan hidden in a postinstall script. Both versions have since been removed. This was not a Laravel vulnerability — but we're taking proactive steps to protect our community from this supply chain attack. If you installed or updated axios in the last 24 hours, scan your machine. What we did: • Pinned axios to safe versions in laravel/laravel • laravel/installer now runs package installs with --ignore-scripts by default • Blocked the attacker's domain across Laravel Cloud More info: github.com/axios/axios/issue…

Laravel 13 ships passkeys natively. Face ID, fingerprint, hardware keys — no third-party packages, no stored passwords. Here's how it works and why it matters. Passkeys work via two ceremonies: ATTESTATION (Registration): 1. Server sends a challenge your domain (RP ID) user ID 2. Browser asks device to generate a public/private key pair 3. Private key is stored in hardware. It NEVER leaves the device. 4. Public key signed challenge → your server 5. Server stores the public key. That's it. ASSERTION (Authentication): 1. Server sends a new random challenge 2. Browser asks device to sign it 3. User does Face ID / fingerprint / PIN 4. Signed challenge → server 5. Server verifies with the stored public key. User is in. What you give up with passwords: ❌ Phishable — fake domains steal them ❌ Reused across services — one breach cascades ❌ Stored server-side — breach exposes hashes ❌ Forgotten — resets, support tickets ❌ Brute-forceable — rate limits required What you gain with passkeys: ✅ Phishing-proof — cryptographically bound to your exact domain ✅ Not reusable — per-site, per-device credentials ✅ No server secret — only public keys stored ✅ No resets — biometric = always remembered ✅ Replay-proof — sign_count prevents assertion reuse Setup in Laravel 13 — new apps: // config/fortify.php Features::passkeys(), // one line // starter kit scaffolds everything else Setup for existing apps: Spatie’s laravel-passkeys package `HasPasskeys` trait PASSKEYS_RELYING_PARTY_ID=yourdomain.com Two honest caveats: ⚠️ Requires HTTPS (localhost is exempt for dev) ⚠️ Device loss = can't log in. Always keep a fallback encourage multiple device registration. Full guide — both setup paths, complete frontend code, the five-step migration strategy from passwords to passkeys — linked here. #Laravel #Laravel13 #Passkeys #WebAuthn #Security #PHP #WebDevelopment medium.com/p/i-ditched-passw…

On March 20th 2020 Animal Crossing was released and loads of us played it in lockdown during Covid. Now Pokemon's Pokopia has been released (an animal crossing style game) and there's a meningitis outbreak 🙃

Worst attempted put down ever... and a lesson why you should always read the full post!

A few things I've noticed as all devs write code with AI. When you write foundational / architectural code of a new project by hand, you "feel" the code pushing back if your abstraction isn't right. You feel when something is harder than it should be. The code is telling you it's not in the right shape. Good engineers are sensitive to this. When you're using an LLM, you keep pushing right through this in a way that feels like you're making progress, and it may even be directionally correct in a sense, but the underlying foundation of it all is actually bad in a way that either kills progress of the LLM later as it buckles under the complexity it has created or destroys your ability to maintain the code long term. Related to this, I see a general restlessness with just sitting and thinking about a problem for a while. As I've been working on a new library here at Laravel, there have been days where it feels like I mainly just stare at my screen thinking about something. When Claude Code is at your fingertips, it's tempting to just start yapping into the terminal and watching code come out the other end. Again, directionally correct in some ways, but often doesn't land on the elegant solution that is waiting to be discovered.

Today is the 25th anniversary of Banjo-Tooie! 🧩

i beg your finest fucking pardon

I fucking love Wonton, this is an amazing update

A display AD for Silent Hill 2 Remake in Shibuya Tokyo that slowly rusted over the course of 7 days revealing Pyramid Head and the rusty Otherworld

i care about this little cat’s recovery more than literally anything else on earth right now

I check my Twitter daily to see how Wonton is doing. I really want this Cat to fully recover 🙏🏻 She suffered a terrible accident but I'm so impressed with the progress so far

🚀 Introducing Motion for @vuejs — A feature-complete port of Motion for React (prev Framer Motion). Springs, scroll, AnimatePresence, gestures, and yes, layout animations. All that and more, powered by Motion's unique hybrid engine, wrapped up with its simple API.

Quick reminder: I'm charging $1,000/hour to fix your vibe-coded mess.

Join us for the SILENT HILL Transmission, where we'll share the latest news streaming March 13 at 3:00pm PDT. This Transmission will uncover SILENT HILL f. We will share the stream link soon, so please watch this space. #SILENTHILL #SILENTHILLf

All of the billions spent on AI innovation just so we can get these beautiful cat videos

Lovely to know that viewers of #TheTraitors have donated as much as Alexander would have won.

max WHO

Joe acting like he was murdered because he knows everything, when he actually knew less than Meryl in series 1 😭 #TheTraitors