Unpopular opinion: I don’t care if most web apps look the same. All I care about is whether it does what it says and does it fast. Make it fast. Make the UX obvious. Put the right things in the right place and little to no animations.

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/router/i… Credit to the security researcher for responsible disclosure.

Drizzle v1.0.0-rc.1 is out 🚀 ▪︎ Effect v4 native support ▪︎ JIT row mappers to reduce ORM overhead to ~0 ▪︎ Reworked casing API (breaking change) ▪︎ Drizzle for LLM agents (preview) Drizzle is now as fast as using raw driver and mapping(or not mapping) results by hand 🙃

Happy to announce TSRX. Think it as the spiritual successor to JSX. We extracted it from Ripple, and made it framework agnostic. It can compile to React, Ripple and Solid, other frameworks to come soon. It's a TypeScript superset language, with a parser, compiler and a selection of plugins for editors Prettier ESlint, etc It's early alpha but we thought people might be interested in it. 🧵

Back in January, I actually asked the author about the underlying architecture, and I sketched out the flowchart below based on my understanding (no guarantees on its accuracy, though!). Really looking forward to seeing it mature and get released soon!

stop overengineering.. just use a database databases can handle auth, queues, drivers, caching, sessions, and more keep it simple 🤌🏻

"Laravel's wildcard validation is O(n ) — here's how to fix it" #DEVCommunity dev.to/sandermuller/laravels…

20 million developers used to be the gatekeepers to software. Wabi CEO Eugenia Kuyda on who gets to build now:  "The only people who could make software up until last year or so [were] just professional developers... Very few people in the world." "Even if you have a good idea, go ahead, find an engineer, find a co-founder, find a technical co-founder to build this. But you can't really otherwise build it... It requires a lot." "But now anyone can." "This is just wild." "Before  we had to spend months developing that, developing an app and figuring out some illustrations and sounds. Now you just write one prompt and it's there." @wabi CEO @ekuyda on @solofounders with @julianweisser