do you understand what just happened to one of the most used npm packages on the internet? → axios gets downloaded over 100 million times a week and today it got compromised → an attacker hijacked the npm credentials of a lead axios maintainer… changed the account email to an anonymous ProtonMail address… and manually published two poisoned versions → axios@1.14.1 and axios@0.30.4… neither version contains a single line of malicious code inside axios itself. instead they inject a fake dependency called plain-crypto-js that drops a remote access trojan on your machine → the fake dependency was staged 18 hours in advance… three separate payloads were pre-built for macOS, Windows, and Linux… both release branches were hit within 39 minutes. every trace was designed to self-destruct after execution too → there’s no tag in the axios GitHub repo for 1.14.1. it was published outside the normal release process entirely... bypassed CI/CD completely → StepSecurity called it one of the most operationally sophisticated supply chain attacks ever against a top 10 npm package → a routine npm install silently opens a backdoor… no warning… no suspicious code visible in axios itself this is the wake up call all vibe coding bros need to hear right now: → if you installed either version… assume your system is compromised → pin to axios@1.14.0 or axios@0.30.3 → rotate all secrets, API keys, SSH keys, and credentials on affected machines → check network logs for C2 connections → add –ignore-scripts to CI npm installs going forward 100 million weekly downloads and one compromised maintainer account… that’s all it took to wreak absolute havoc and I imagine we see a whole lot more of these… crazy times ahead for cybersecurity and vibe coding be safe out there y’all

Didn't see a single em dash during the entire Cloudflare outage.

I made a Chrome extension that turns localhost into a visual editor for Cursor. Click any element on your dev site → describe what you want changed → it automatically sends the edit request to Cursor in the background with the element context. Here's how it works...

Just for today, do everything without mediocrity. If you are proud of yourself at the end of the day, do it again tomorrow ✌🏾

I’m going to show you how *incredibly easy* it is to add some AI-magic to the search bar in your sites & apps in 2025 using @typesense. Say you’re building a cars site & you have a search bar on top. You have cars. Cars have attributes. You have well structured data like make, model, color, year, hp, mileage, etc. Cool. Along comes a user & types this into your search bar: “A black SUV with less than 30K miles in Houston for less than 20K”. ☠️🫣 If you’ve built any kind of search experience you probably know how hard it is to map free-form text like that to specific attributes in your dataset. Like how do you know that 20K is talking about cost, and black is talking about the overall color and not the color of the seats, and then account for the zillion other ways your users can write the same query? If you haven’t encountered this, let me tell you that it is HARD to use simple full-text search or even fancy semantic search or hybrid search to pull this off. Traditionally you’d have to train and build what’s called intent detection ML models to do this well. Ain’t nobody got time for that! 🤓 Enter @Typesense - an open source, cutting edge, light-weight alternative to Elasticsearch / Algolia. As of v29.0, it now has a built-in feature that cleverly uses the magic of LLMs, to parse your users’ queries, and convert them automatically into a set of filters and sorts, and then executes that query and returns results. So in our example “A black SUV with less than 30K miles in Houston for less than 20K” gets converted by Typesense automatically into this search query: Notice how the free-form user query was correctly mapped to the attributes and values in our cars dataset under the hood. It’s literally one API call to Typesense, to make this magic work: The curl request will return results like this: And you’d display those results in your UI. That’s it. What used to take teams of ML experts, is now one API call away. No PhD required. You now have an AI-powered search bar that’s ready for the most brazenly complicated user queries. How about this one: No problemo! That get's translated to: 🪄 ``` filter_by: "transmission_type:AUTOMATIC" ``` (Only 4 images per tweet, so only text for that one) Even though `transmission_type` only has - `Automatic` and - `Manual` across all records, Typesense is able to automatically convert the user’s intent in “I don’t know how to drive shift” to the fact that we should only show them vehicles with automatic transmission. Easy-peasy. Here’s a step-by-step guide on how to implement Natural Language Search in your own sites and apps: typesense.org/docs/29.0/api/…

Working on a very ambitious project using this. If you're thinking about search alternatives, typesense is the real deal.

PM: This feature will be completed in 2 days. Backend developer:

Developer: I have fully tested this feature, no worries QA:

I'm looking to #connect with people who are interested in 🌐 Web Development 🎨 Front end ⚙️ Coding 🐘 Javascript 🏗️ Building online 🔧 DevOps 🚀 UI/UX 📂 Open Source 💻 Software Development 💼 Freelancing #letsconnect #buildinpublic #tech

Building a feature that needs structure but must stay flexible over time? 2 possible approaches: 1️⃣ Inheritance: Define core fields upfront, extend when needed. 2️⃣ Dynamic DB schema: Let users add fields on the fly. Which one scales better in your experience? #SoftwareEngineering

The funniest social media ads of all time: 1. IKEA

I’d recommend looking at the feature set and pricing of Growthbook Flagsmith LaunchDarkly Posthog The benefit of hosted proxies like Growthbook is the flags are updated live, so you can turn on a feature even if they’re already on the page.

Steal my 50 hours. Get Lobotomi – AI template out now. Like, repost, and comment "efndi" to get your copy (Must follow to allow DMs).

This stack is 🔥🔥🔥🔥. In a single day added reverb, octane and horizon and it just works like magic 🪄 Thanks @laravelphp

Happy birthday, PHP! 💜🐘🎉

Rewriting this code base for the third time, perfection is the enemy of completion

Official stand up meeting track

JavaScript on the server is a mistake

It's a pretty cool @laravelphp Blade directive: `forelse`. It works exactly like `foreach` but allows you to specify what gets displayed if the given iterable is empty. 💅🏻

Laravel 11. Tomorrow. ❤️