The TanStack npm Supply Chain Attack: Why pull_request_target Is Dangerous
Analysis of the @tanstack/* supply chain incident. The risks of pull_request_target, GitHub Actions cache, and OIDC trusted publishers, and how to defend against them.
20 POSTS
Page 1
Bun rewrite Exposed Something: OSS Could Only Stop External AI
Bun moved roughly 960,000 lines from Zig to Rust in six days using Claude Code. The meaning here is not code quality but OSS governance and resource asymmetry.
What makes a package you can keep using for years different
A good package has to be user-friendly not just in features, but in dependencies, version bumps, compatibility, and release policy.
The invisible cost in PR diffs: we are not reviewing the code our users receive
The bundle costs that code review misses, and how to surface them in the PR.
◆ Directive Deep Dive'use cache' Directive Deep Dive: To the End of Cache Boundaries
Build-time transformations, cache key serialization, ResumeDataCache, cacheHandler, and Cache Components - everything created by a single 'use cache' line
◆ Directive Deep Dive'use client' Directive Deep Dive: To the Edge of Client Boundaries
Module boundaries created by a single line of 'use client', build-time transformations, Flight serialization, and performance implications
AI Only Amplifies Me to the Level I Can See
I'm definitely coding faster, but why are my codebase and skills staying the same? Examining the gap between perceived and proven benefits.
◆ The State of Next.jsWhy We Still Use Next.js
Switching costs stronger than technical superiority
◆ The State of Next.jsIs Next.js Fast Enough?
The uncomfortable truth benchmarks reveal
◆ The State of Next.jsWhose React Is It?
The questions React Foundation must answer
◆ The State of Next.jsWhy Cloudflare Rebuilt Next.js
What question does vinext really ask?
◆ The State of Next.jsThe Rise and Fall of Next.js Edge Runtime
Hey Edge Middleware, how have you been?
◆ Directive Deep DiveReact Server Functions Deep Dive: To the End of "use server"
What happens behind a single line of "use server"?
React's <ViewTransition>: Browser-Native Animation, Done the React Way
What happens when React wraps the View Transition API
The Pitfalls of Node.js vm Module: Why It's Not a Sandbox
A preview of section 5.2 (Pitfalls of the vm Module) from the upcoming Node.js Deep Dive book.
The Downfall of Infinite Scroll — Why Google Removed Infinite Scrolling
How infinite scroll is being reevaluated from UX, performance, accessibility, and legal perspectives
Deep Dive into Effect Systems: From Monads to Algebraic Effects, and Effect-TS's Choices
I dug deep into what Effect-TS is all about and why everyone seems so excited about it.
Seeking Beta Readers for Node.js Deep Dive (Working Title)
Please show lots of interest and support!
React Compiler Deep Dive: From Principles to Output
A deep exploration of how React Compiler analyzes code and what it produces, from pipeline to final output.
In the Age of AI-Generated Code, Where is Frontend Engineering Headed?
AI coding tools aren't changing developers—they're changing the nature of what developers do.