I’ve been working successfully with my extensions and widgets experiments for the past few weeks. So I thought I share it with you and get new ideas and suggestions to improve it. 👉 Say hello to Xtended! pub.dev/packages/xtended

🚨 How the TanStack npm attack actually happened: 1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo. 2. GitHub automatically ran CI tests on that PR. 3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run. 4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays. 5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.

Drizzle v1.0.0-rc.1 is out 🚀 ▪︎ Effect v4 native support ▪︎ JIT row mappers to reduce ORM overhead to ~0 ▪︎ Reworked casing API (breaking change) ▪︎ Drizzle for LLM agents (preview) Drizzle is now as fast as using raw driver and mapping(or not mapping) results by hand 🙃

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/verce…

🛡️ React Native Security Rule #6 : AsyncStorage is NOT secure storage. If you save tokens, passwords, or credentials there, you’re storing them in plaintext. On rooted/jailbroken devices, attackers can dump it in seconds. AsyncStorage is fully readable. Treat it as public, not private. Never store: • auth tokens • passwords • API secrets Use instead: • expo-secure-store • react-native-keychain • native Keychain / Keystore

This is one of the perks that made me switch to expo from flutter to begin with. It’s amazing they now support flutter as well!

Looks like the issue is with @vercel since our website is down as well and supabase dashboard is running on it

Their status page says it’s all right though status.supabase.com/

To write a blog post, you must first redesign your blog

i love how software was trending towards being more secure. more sanitizers shipping with clang. more software being written with memory safety in mind. then: vibe coding enters the arena

Vibe coding is a consequence of inexperienced engineers attempting to overcome their imposter syndrome complexes. AI is a tool that you simply have to use to get the job done. We'll be fine once s*** hits the fan and we have to start doing things the right way again.

I’ve been craving this!

IT HAPPENING!!!!!!!! Materal and Cupertino are getting their own packages!!! github.com/flutter/flutter/i…

asking chatgpt for 30 minutes just saved me 3 minutes of reading the docs

This is the tweet that convinced me. MCP is just web3 all over again

I can't believe is a real image shared by Apple. It's worst implementation of glass UI I've ever seen.

I don’t love it either, will we get used to it?

I’m super skeptical about readability. The clear icons are especially bad at that from what we’ve seen at #WWDC25