The @phpstorm marketplace author experience is legit pretty epic.

🔥🔥🔥 Some folks from our community are already building their apps with Super Native with wild success - fully native mobile UI rendering from @official_php @laravelphp

Our friend Marty Friedel is taking the stage at Laracon AU in Brisbane this November with a talk called High Performance Statamic — the story of dragging a decade-old, 50k-page site into Statamic Bard and making it FAST.

Flights booked for Laracon US ✈️

Curious development. #statamic

Aikido's malware feed is now built into Composer 2.10, Packagist.org's latest release. 🐘 Malware will be blocked at install time automatically, keeping PHP developers safe. Supply chain attacks on PHP packages are rising. Just weeks ago, attackers hijacked laravel-lang and intercom/intercom-php through stolen credentials to push malicious releases. The new update prevents users from installing malicious or compromised packages like these. Make sure to update your Composer to get built-in supply chain security!

its alive! back to what i was doing before #statamic

databases for speed and performance filesystem for awesome flexibility and the best sync/publishing story i want both. so here i go.😮‍💨

Attention Filament users: we’ve identified and resolved a few security vulnerabilities. To address these vulnerabilities in your applications, please update to the following versions: v3.3.52 v4.11.5 v5.6.5

Happy Saturday, everyone! I hope you all have a great weekend 😊

After a very thorough 3 day full security sweep and hardening process, we'd like to issue an official all clear ✅ on TanStack repo and package security. Full details have been updated in our post-mortem and security followup blog (linked below). TL;DR: - Only the Router/Start repo was affected. 42 monorepo packages, 2 versions per package. These were promptly deprecated within the hour and removed by NPM shortly after - All other repos and packages were unaffected and remain secure including: Query, DB, Store, AI, Table, Form, HotKeys, Virtual, Pacer, Config, Devtools, CLI, Intent, etc. - All available and published versions of every TanStack package are safe to download, including TanStack Router/Start. tanstack.com/blog/npm-supply… tanstack.com/blog/incident-f…

This looks awesome

nah im just not gonna run npm install anymore

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/router/i… Credit to the security researcher for responsible disclosure.

Building an MCP server and set of skills and then interviewing the agents afterwards to learn what sucked about it such an interesting activity. Would recommend

Happy Sunday and Mother's Day!

Are you into coding? Take the survey, and you could be the lucky winner of a brand-new MacBook Pro.

Nothing better than a simple refactor that dramatically improves performance and overall feel 😮‍💨

Effective today, we are: 1) Doubling Claude Code’s 5-hour rate limits for Pro, Max, and Team plans; 2) Removing the peak hours limit reduction on Claude Code for Pro and Max plans; and 3) Substantially raising our API rate limits for Opus models.

We’ve agreed to a partnership with @SpaceX that will substantially increase our compute capacity. This, along with our other recent compute deals, means that we’ve been able to increase our usage limits for Claude Code and the Claude API.