ソースコードや設定ファイルに含まれるAPIトークンやパスワードなどの機密情報を見つけるSecretlintのv13.0.0をリリースしました。Release v13.0.0 · secretlint/secretlintこのバージョンの主な変更点は次の3つです。ファイル探索時に.gitignoreをデフォルトで尊重するように変更（Breaking Change）グロブメタ文字を含むパスが実在する場合はリテラルとして扱うように変更Tailscale/Stripeの検出ルールを新規追加、CloudflareをcanaryからrecommendへPromoteBreaking Change: .gitignoreをデフォルトで尊重v13.0.0では、ファイル探索時に.gitignoreの内容をデフォルトで尊重するようになりました。ripgrepと同じ挙動で、ネストされた.gitignoreファイルもサブディレクトリへカスケードして適用されます。深い階層のネガティブルール（!）で上位の判定を上書きできます。feat!: respect .gitignore by default via @se

<blockquote cite="https://daringfireball.net/2026/05/y_combinators_stake_in_openai"><p>So it’s well known that Y Combinator owns <em>some</em> stake in OpenAI. But how big is that stake? This seems like devilishly difficult information to obtain. I asked around and a little birdie who knows several OpenAI investors came back with an answer: Y Combinator owns about 0.6 percent of OpenAI. At OpenAI’s current <a href="https://openai.com/index/accelerating-the-next-phase-...

<p><strong><a href="https://simonw.github.io/granite-4.1-3b-gguf-pelicans/">Granite 4.1 3B SVG Pelican Gallery</a></strong></p>IBM released their <a href="https://research.ibm.com/blog/granite-4-1-ai-foundation-models">Granite 4.1 family</a> of LLMs a few days ago. They're Apache 2.0 licensed and come in 3B, 8B and 30B sizes.</p><p><a href="https://huggingface.co/blog/ibm-granite/granite-4-1">Granite 4.1 LLMs: How They’re Built&l...

<blockquote cite="https://blog.andymasley.com/p/data-center-land-use-issues-are-fake"><p>[...] Between 2000 and 2024, farmers sold in total a Colorado-sized chunk of land all on their own, 77 times all land on data center property in 2028, and grew more food than ever on what was left. None of this caused any problems for US food access.</p><p>And then, in the middle of all this, a farmer in Loudoun County sells a few acres of mediocre hay field to a hyperscaler for ten ...

<p>I just sent out the April edition of my <a href="https://github.com/sponsors/simonw/">sponsors-only monthly newsletter</a>. If you are a sponsor (or if you start a sponsorship now) you can <a href="https://github.com/simonw-private/monthly/blob/main/2026-04-april.md">access it here</a>.</p><p>In this month's newsletter:</p><ul><li>Opus 4.7 and GPT-5.5, both with price increases</li><li>Claude Mythos and LLM security rese...

pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/tre-python-binding#readme">TRE Python binding — ReDoS robustness demo</a></p> <p>If it's <a href="https://simonwillison.net/2026/May/4/redis-array/">good enough for antirez</a> to add to Redis I figured Ville Laurikari's <a href="https://github.com/laurikari/tre/">TRE</a> regular expression engine was worth exploring in a little more detail.</p...

Twenty-nine hours after [email protected] and @cap-js/[email protected] were compromised by the Shai-Hulud worm, a third major npm package has fallen: [email protected], the official Node.js SDK for the Intercom customer messaging platform, with 361,510 weekly downloads — more than the two yesterday’s compromised packages combined. The malicious version was published today at 14:41 UTC via a hijacked GitHub Actions OIDC publishing pipeline, confirming the worm is actively propagating through CI/CD infra

On April 30, 2026, a supply chain compromise was identified in the lightning PyPI package — versions 2.6.2 and 2.6.3. The project’s GitHub account shows signs of compromise, with issues reporting the attack closed rapidly by suspicious responses.

StepSecurity has detected a new npm supply chain attack campaign using preinstall hooks to download the Bun JavaScript runtime and execute an 11 MB obfuscated payload. At least two SAP-ecosystem packages are confirmed compromised so far.

A malicious version of elementary-data (0.23.3) was published to PyPI and is, at the time of writing, still listed as the latest release. The same release run also pushed a multi-arch container image to GitHub Container Registry at ghcr.io/elementary-data/elementary, tagged both 0.23.3 and latest.

@bitwarden/[email protected] — the official command-line interface for the Bitwarden password manager — was found compromised on npm. A malicious preinstall hook silently bootstraps the Bun JavaScript runtime and launches a 9.7 MB obfuscated credential stealer that targets developer secrets, GitHub Actions environments, and — explicitly — AI coding tool configurations including ~/.claude.json and MCP server configs. All stolen data is encrypted with AES-256-GCM and exfiltrated to audit.checkmarx.cx,

xinference

On April 21, 2026, malicious versions of pgserve were published to npm. pgserve is an embedded PostgreSQL server for development — zero config, auto-provisioned databases, designed to be dropped into any Node.js project. The compromised versions (1.1.11, 1.1.12, and 1.1.13) inject a 1,143-line credential-harvesting script that runs via postinstall on every npm install.

StepSecurity adds cooldown and group support for Dependabot configuration, giving teams control over update frequency and PR batching across npm, pip, Docker, and GitHub Actions. Reduce alert fatigue. Merge more patches. Strengthen your supply chain.

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/redis-array">Redis Array Playground</a></p> <p>Salvatore Sanfilippo submitted <a href="https://github.com/redis/redis/pull/15162">a PR</a> adding a new data type - arrays - to Redis. </p><p>The new commands are <code>ARCOUNT</code>, <code>ARDEL</code>, <code>ARDELRANGE</code>, <code>ARGET</code>, <code>ARGETRAN...

:nth-child supports the keyword `of` in the argument which can be super useful on it's own. Combo that with a :has() selector to do some pretty wild stuff!

OpenClaw builders will gather at GitHub HQ during Microsoft Build 2026 for demos and conversations. Join in person, or watch the livestream on Twitch.The post Register now for OpenClaw: After Hours @ GitHub appeared first on The GitHub Blog.

Getting a multi-column of cards to line up equally is is a headache we've all faced, and it gets even harder when working with fixed heights.Fixed-Height Cards: More Fragile Than They Look originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Branching without Git is now the default for all Supabase projects.

General Intelligence on VercelMigrating Cofounder's Python backend to VercelRunning Cofounder as a multi-tenant app on Vercel8-person team (5 engineers) shipping 10 PRs and 70+ commits per engineer, per day4,000+ preview branches with ~100 parallel app versions running at any moment90% of SRE work automated through Vercel and their own agent (Cofounder)Cofounder launches with a managed Vercel account for every customerGeneral Intelligence is building a platform that lets any founder run a compan

Today we’re open sourcing : a security harness powered by coding agents. It runs on your own infrastructure and surfaces hard-to-find issues in large codebases. deepsecYou can run on your laptop without setting up a cloud service for privileged source code access. For inference, you can use your existing Claude or Codex subscription without any additional setup. deepsecScanning large repos can take multiple days on a single machine. To run research jobs in parallel, supports optional fanout to V

私自身は Web 開発の経験はありますが、iOS アプリ開発の経験はほとんどありません。このようなバックグラウンドを持つ私がコーディングエージェントである Codex を利用して iOS アプリ開発をどこまで進められるか試してみました。コーディングエージェントは単に中身を見ずにアプリケーションを作るいわゆる「バイブコーディング」的な使い方だけでなく、なぜこのコードが必要なのか？より良い設計にできないか？といったことを随時質問しながら進める学習用途の使い方が中心です。

The latest National Institute of Standards and Technology (NIST) draft guidance on mobile driver’s licenses (mDLs) is about more than one use case or credential type. While the draft primarily focuses on the financial sector due to its high-assurance requirements, the bigger takeaway is that government-issued identity can be cryptographically verified and shared more selectively. This provides strong, cryptographically verifiable evidence of identity and shows what a more interoperable digital i

How identity providers learn what your SCIM server can do, through three discovery endpoints.

Email and IDP ID both fail as universal join keys. The fix is sensible defaults with real escape hatches.

Can a CDN help your site rank higher in search results? We break down the SEO benefits of using a CDN and walk through setting one up with Cloudflare.

Polypane 29 introduces an updated panel UI, a new network panel for inspecting requests, a new snippet store for discovering and installing…

<blockquote cite="https://www.anthropic.com/research/claude-personal-guidance"><p>We used an automatic classifier which judged sycophancy by looking at whether Claude showed a willingness to push back, maintain positions when challenged, give praise proportional to the merit of ideas, and speak frankly regardless of what a person wants to hear. Most of the time in these situations, Claude expressed no sycophancy—only 9% of conversations included sycophantic behavior (Figure 2). But ...

Playwright CLI v0.1.9 で追加されたアノテーション機能は AI エージェントに視覚的なフィードバックを与えるために便利な機能です。アノテーション機能を利用すると、ブラウザの要素を選択して、その要素に対するコメントを残すことができます。AI エージェントはこのアノテーションが残された要素を簡単に特定できるため、どのコードを修正すればよいのかを判断しやすくなります。

<p><strong><a href="https://simonwillison.net/elsewhere/sighting/">/elsewhere/sightings/</a></strong></p>I have a new camera (a Canon R6 Mark II) so I'm taking a lot more photos of birds. I share my best wildlife photos on <a href="https://www.inaturalist.org/">iNaturalist</a>, and based on yesterday's <a href="https://simonwillison.net/2026/May/1/inat-sightings/">successful prototype</a> I decided to add those to my blog.</p>&lt...

We have completed a massive engineering effort to make our infrastructure more resilient. Through new tools like Snapstone and the Engineering Codex, we've implemented safer configuration changes and automated best practices to prevent future incidents.

The remediated findings include organization permission bugs, stale project access after transfers, OIDC replay edge cases, audit logging gaps, and an IDOR in API token deletion.

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/inat-sightings">iNaturalist Sightings</a></p> <p>I wanted to see my <a href="https://www.inaturalist.org">iNaturalist</a> observations - across two separate accounts - grouped by when they occurred. I'm camping this weekend so I built this entirely on my phone using Claude Code for web.</p><p>I started by building an <a href="https://github.com/simonw/inaturali...

TanStack Form offers a powerful solution for handling form complexity in React. It emphasizes strong typing, performance, and detail management.

How we built a Slack-native AI blog bot on Cloudflare Workers + Durable Workflows — proactive proposals, durable retries, and a multi-model writer pipeline.

Developers have been experimenting with HTML-in-Canvas, a hexagonal world map-analytics feature, a web-based OS for e-ink devices, replacing image sources using the content property, and more. This is What’s !important #10.What’s !important #10: HTML-in-Canvas, Hex Maps, E-ink Optimization, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Dynamic Workflows is a library that lets you route durable execution to tenant-provided code on the fly. Built on Dynamic Workers, it enables platforms to serve millions of unique workflows at near-zero idle cost.

Fraude DesignWhy slop it when you can Fraude it?heerich.jsA really nice tool for generating 3D voxel scenes with fantastic documentation and examples.Searching for birdsSo much good stuff in this piece. It's so refreshing to see this sort of thing without scroll-jacking too.The sites we lostA huge archive of old websites from the older days that would have otherwise vanished or been taken over by ads.Digital Independence DayWe've shared a few things to help you get away from big tech over time b

Streaming UIs are an easy concept on the surface, but are quite complicated in practice. There are many considerations that need to be accounted for, from layout shifts and motion preferences to proper markup and various states, that may not be instantly obvious. What happens if the stream is interrupted? Can users tab through the UI on the keyboard as it shifts? What ARIA attributes might be needed?

GitBook on Vercel30,000 documentation sites hosted on a single Vercel deployment120 million monthly page views served from the edge40,000 cache invalidations processed daily, each resolved in under 300ms41% of all traffic now comes from AI crawlers and automated systemsGitBook hosts 30,000 documentation sites on Vercel, serving 120 million page views every month. Companies like n8n, Nvidia, and Zoom trust the platform to keep their docs fast and current. For modern engineering teams and coding a

JavaScript Primer (https://jsprimer.net/) では、毎年ECMAScriptの新しい仕様への追従を行っています。ES2026は2026年6月に正式リリースされる予定です。TC39ではすでにFeature Freezeが行われ、ES2026に入る予定の機能が確定しています。TC39 Process今年もES2026で追加される機能についての対応Issueを作成しました。これらのIssueを一緒に進めてくれるContributorと、JavaScript Primerの活動を支援してくれるSponsorを募集しています。次のDiscussionにコメントをください募集しているDiscussion: ES2026に対応するIssueへのContributorを募集しています · js-primer/js-primer · DiscussionsES2026対応のIssueES2026のMeta Issueとして次のIssueがあります。ES2026の対応 · Issue #1869 · js-primer/js-primer具体的に対応するものとして次の

can now connect to hosted Postgres databases, including , , , , and . To enable a connection, add the database host to your Sandbox's allowed domains.Vercel SandboxNeonSupabaseAWS RDSNilePrisma PostgresWhen is used with Vercel Sandbox, the sandbox firewall restricts outbound network access by checking the domain name during a connection's TLS handshake. This works seamlessly for HTTPS traffic, where the domain is visible at the start of the connection.SNI based filteringPostgres, however, negoti

GitHub account BufferZoneCorp published sleeper packages that later added credential theft, GitHub Actions tampering, fake go wrappers, and SSH persistence.

The Ember project is excited to announce the release of Ember v6.12. Following Ember's Major Version Policy, version 6.12 will be the final release of the 6.x series. This release of Ember.js is an LTS (Long Term Support) candidate. LTS candidates prioritize stability over the addition of new features, and have an extended support schedule.Ember.js 6.12Ember.js 6.12 does not introduce any new features in this release, but we have done some major improvements to the internal structure of the repo

Highlightsno-unused-private-class-members SuggestionsThe no-unused-private-class-members rule now provides suggestions to remove reported unused private class members.For example, for the following code, in which the rule reports #doSomethingElse as unused:class C { /** * My public method. */ doSomething() { } /** * My private method. */ #doSomethingElse() { }}12345678910111213141516Copy code to clipboard It will now suggest removing #doSomethingElse. After applying the suggestion, the method an

Whether you’re juggling travel bookings with friends or packing the kids’ suitcases, planning a summer vacation can be far from relaxing. And once you get to your destination, the confirmation codes and passport numbers are always buried in the group chat when you need them most. But when you have all your travel essentials saved securely in one place, you can skip the scramble and put safe travels on autopilot. Before you take off this summer, check these tips to keep your information safe and

This month we got a ton of improvements to SvelteKit's remote functions, TypeScript 6.0 support and the experimental release of community plugins in the Svelte CLI.Svelte was also featured in ThoughtWorks Technology Radar!Big month, bigger showcase... so let's dive in!What's new in SvelteKitSvelteKit now supports TypeScript 6.0 (2.56.0, Docs, #15595)form fields can now specify a default value using field.as(type, value), reducing boilerplate for pre-populated forms (2.56.0, Docs, #15577)Remote f

<p><strong><a href="https://github.com/openai/codex/releases/tag/rust-v0.128.0">Codex CLI 0.128.0 adds /goal</a></strong></p>The latest version of OpenAI's Codex CLI coding agent adds their own version of the <a href="https://ghuntley.com/ralph/">Ralph loop</a>: you can now set a <code>/goal</code> and Codex will keep on looping until it evaluates that the goal has been completed... or the configured token budget has been exhausted.&lt...

<p><strong><a href="https://www.aisi.gov.uk/blog/our-evaluation-of-openais-gpt-5-5-cyber-capabilities">Our evaluation of OpenAI's GPT-5.5 cyber capabilities</a></strong></p>The UK's AI Security Institute <a href="https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities">previously evaluated Claude Mythos</a>: now they've evaluated GPT-5.5 for finding security vulnerability and found it to be comparable to M...

Socket found a malicious Intercom PHP package on Packagist using Composer plugin execution to steal credentials and spread across ecosystems.

<blockquote cite="https://lobste.rs/s/ifcyr1/contributor_poker_zig_s_ai_ban#c_cbtxub"><p>It's a common misconception that we can't tell who is using LLM and who is not. I'm sure we didn't catch 100% of LLM-assisted PRs over the past few months, but the kind of mistakes humans make are fundamentally different than LLM hallucinations, making them easy to spot. Furthermore, people who come from the world of agentic coding have a certain <em>digital smell</em> that is not ob...

<p><strong><a href="https://interconnected.org/home/2026/04/29/syndicating-vibes">We need RSS for sharing abundant vibe-coded apps</a></strong></p>Matt Webb:</p><blockquote><p>I would love an RSS web feed for all those various tools and apps pages, each item with an “Install” button. (But install to where?)</p><p>The lesson here is that when vibe-coding accelerates app development, apps become more personal, more situated, and mo...

Learn the difference between CLI interactive v. non-interactive modes.The post GitHub Copilot CLI for Beginners: Interactive v. non-interactive mode appeared first on The GitHub Blog.

Compromised [email protected] npm package is tied to the ongoing Mini Shai-Hulud worm attack targeting developer and CI/CD secrets.

We're getting new functions for generating random numbers in CSS! But the road to get here has been a long and winding one.The Importance of Native Randomness in CSS originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

CKEditor AI brings AI-assisted writing directly into your rich text editor. Discover how it works, what pain points it solves, and why teams are adopting it.

Cloudflare IPsec now has generally available support for post-quantum encryption via hybrid ML-KEM. We’ve confirmed interoperability with Cisco and Fortinet.

Socket detected a malicious supply chain attack on PyPI package lightning versions 2.6.2 and 2.6.3, which execute credential-stealing malware on import.

Starting today, agents can now be Cloudflare customers. They can create a Cloudflare account, start a paid subscription, register a domain, and get back an API token to deploy code right away. Humans can be in the loop to grant permission, but there’s no need to go to the dashboard, copy and paste API tokens, or enter credit card details.

When I listened to Arthur Brooks' podcast episode Four Practical Ways to Live Like a Stoic with Ryan Holiday, I was surprised and excited to see how it applies to my work as an accessibility practitioner.Among other things, they talk about three principles, and in this article, I’m going to discuss how they can help you in your everyday life doing web accessibility work.Manage yourself, not the outside world“Having the emotion, but not being ruled by it.”You already seem to be living by this pri

Let’s welcome May with a new collection of desktop wallpapers! Following our monthly tradition, the wallpapers were created by the community for the community and can be downloaded for free. Enjoy!

Grok 4.3 is now available on . The model has a 1M token context window and improvements in accuracy, tool calling, and instruction following.Vercel AI GatewayTo use Grok 4.3, set model to in the .xai/grok-4.3AI SDKAI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and performance optimizations for higher-than-provider uptime. It includes built-in , , support, and intelligent provider routing with automatic retries.custom reportingobs

As teams scale isolated environments for AI agents, code generation, or dev workflows, keeping track of which sandbox belongs to whom, and why, becomes critical. Custom tags allow you to organize, filter, and manage at scale. Each sandbox supports up to five tags.Vercel SandboxesTags are flexible by design. Use them to separate staging from production, attribute usage to specific teams, or isolate sandboxes per customer in multi-tenant platforms:Promote a sandbox from staging to production, reas

<p><a href="https://ziglang.org/">Zig</a> has one of the most stringent <a href="https://ziglang.org/code-of-conduct/">anti-LLM policies</a> of any major open source project:</p><blockquote><p>No LLMs for issues.</p><p>No LLMs for pull requests.</p><p>No LLMs for comments on the bug tracker, including translation. English is encouraged, but not required. You are welcome to post in your native language and rely on others to ...

Astro 6.2 introduces an experimental custom logger with JSON output, an SVG optimizer API, a new font file URL helper, and more.

April 2026 - Astro Together London, an alpha preview of Astro 7, and more!

AI has gotten very good at generating answers. The bigger opportunity now is helping people take action.That shift is already underway, and AI is moving from chat into real workflows: researching, navigating applications, and completing multi-step processes across systems. But the moment AI moves from answering questions to getting things done, one problem becomes impossible to ignore: secure access.Secure access, in this context, means ensuring the right human or AI agent can reach the right ap

Listen to this episode on Apple PodcastsnullListen nowListen to this episode on SpotifynullListen nowIf cybersecurity teams were rock bands, offensive security professionals would be the cool drummers; they don’t just have a fun job, they help show the rest of the team where to go.In this episode of TheChasing Entropy Podcast by 1Password, Dave Lewis speaks with a legend of offensive security, Dustin Heywood, known to many as EvilMog. Heywood is an executive managing hacker and senior technical

AI agents make importing existing projects into an Nx monorepo easier: `nx import` does the heavy lifting while the agent handles workspace-specific gaps.

Remix 3 is ready for you to kick the tires and start prompting your next big idea into existence.

Servo 0.1.0 represents Servo’s biggest month ever, with a record 530 commits and our first ever release on crates.io!For security fixes, see § Security.With this release Servo becomes more accessible, thanks to tab navigation (@mrobinson, @Loirooriol, #42952, #43019, #43058, #43246, #43267, #43067), keyboard navigation with Alt+Shift and the accesskey attribute (@mrobinson, #43031, #43144, #43434), and keyboard scrolling with Space and Shift+Space (@mrobinson, #43322).We’ve shipped several new w

How to design an MCP server from a REST API: choosing between tools, resources, and prompts, getting the granularity right, and curating endpoints for the agents that will call them.

Why we start synchronous, when we move to async, and why revocations are different.

Three algorithms compared, a clear default, and the tradeoffs that should make you pick something else.

What are AI tools and agents really, and how do they keep Context in check? Let's poke around Claude Code, do a few experiments, and find out!

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm/releases/tag/0.32a1">llm 0.32a1</a></p> <blockquote><ul><li>Fixed a bug in 0.32a0 where tool-calling conversations were not correctly reinflated from SQLite. <a href="https://github.com/simonw/llm/issues/1426">#1426</a></li></ul></blockquote> <p>Tags: <a href="https://simonwillison.net/tags/llm">llm</a></p>

A brand-squatted TanStack npm package used postinstall scripts to steal .env files and exfiltrate developer secrets to an attacker-controlled endpoint.

<p>I just released <a href="https://llm.datasette.io/en/latest/changelog.html#a0-2026-04-28">LLM 0.32a0</a>, an alpha release of my <a href="https://llm.datasette.io/">LLM</a> Python library and CLI tool for accessing LLMs, with some consequential changes that I've been working towards for quite a while.</p><p>Previous versions of LLM modeled the world in terms of prompts and responses. Send the model a text prompt, get back a text response.</p>&l...

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm/releases/tag/0.32a0">llm 0.32a0</a></p> <p>See <a href="https://simonwillison.net/2026/Apr/29/llm/">the annotated release notes</a>.</p> <p>Tags: <a href="https://simonwillison.net/tags/llm">llm</a></p>

WorkOS is now a supported provider in Stripe Projects. Add enterprise-grade auth to any project from the CLI with a single command — no signup, no payment wall.

While AI for codegen is manageable, integrating AI into team workflows presents more challenges, such as maintaining quality long term and managing technical debt.

The contrast() filter function increases or decreases the contrast of an element.contrast() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The contrast-color() function takes a <color> and returns either black or white, whichever is the most contrasting color for that value.contrast-color() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Compromised SAP CAP npm packages download and execute unverified binaries, creating urgent supply chain risk for affected developers and CI/CD environments.

Leverage your package manager's minimum release age setting to delay the installation of freshly published versions and reduce the risk of pulling in a compromised package.

Our own AI agent on nuxt.com, grounded in the official docs and the Nuxt ecosystem. We built it internally using the AI SDK, our MCP server, and Nuxt UI components.

What schema extensions are, how Docker and Notion use them, and how to design your own.

The reasons why IAM controls built for service accounts and API clients don't transfer to AI agents.

Five platforms for teams who've outgrown Firebase Auth's B2B gaps and Google Cloud lock-in.

Rocky AI analysis is now in your Checkly CLI and behind a public API. Pull root cause analysis straight from `checkly checks get` to get your agents context to fix failed checks faster

Declarative Shadow DOM (DSD) makes server-side rendering of Web Components possible, which can meaningfully improve page load times and Core Web Vitals.

You can now sign up for or upgrade to a Vercel Pro plan directly from Stripe Projects using (SPTs). Agents and developers can manage plan changes programmatically from the Stripe CLI, without leaving their workflow.shared payment tokens This builds on our by enabling end-to-end provisioning and billing in one place. Instead of switching between dashboards, you can now handle infrastructure setup and plan management directly from the terminal.Stripe Projects launch in developer preview If you’re

<blockquote cite="https://github.com/openai/codex/blob/66b0781502be5de3b1909525c987643b9e5e407d/codex-rs/models-manager/models.json#L55"><p><code>Never talk about goblins, gremlins, raccoons, trolls, ogres, pigeons, or other animals or creatures unless it is absolutely and unambiguously relevant to the user's query.</code></p></blockquote><p class="cite">— <a href="https://github.com/openai/codex/blob/66b0781502be5de3b1909525c987643b9e5e407...

You can now run lint and typecheck on every Vercel deployment, in parallel with the build. Native Deployment Checks are available to every team and join your existing alongside GitHub and Marketplace integrations.Deployment ChecksOnce added from your project's , Vercel runs the matching script from your on each deployment, and skips the check if no matching script exists. You can mark a check as required to hold the deployment from production until it passes, and choose which environments each c

Discover how to format and edit your comments and posts using Markdown.The post GitHub for Beginners: Getting started with Markdown appeared first on The GitHub Blog.

Kubernetes applications are designed to change constantly. Pods scale out, roll forward, restart, and disappear, so the traffic layer has to keep pace with a backend set that is never truly static. That is the backdrop for both NGINX Ingress Controller (NIC) and NGINX Gateway Fabric (NGF). In both cases, Kubernetes is the source of […]

How we validated, fixed, and investigated a critical vulnerability in under two hours, and confirmed no exploitation.The post Securing the git push pipeline: Responding to a critical remote code execution vulnerability appeared first on The GitHub Blog.

Let's acknowledge that gap in AI-generated code between code that works and code that is production-ready. It's you.

<blockquote cite="https://twitter.com/mattyglesias/status/2049105745132585161"><p>Five months in, I think I've decided that I don't want to vibecode — I want professionally managed software companies to use AI coding assistance to make more/better/cheaper software products that they sell to me for money.</p></blockquote><p class="cite">— <a href="https://twitter.com/mattyglesias/status/2049105745132585161">Matthew Yglesias</a></p> <p&...

The first quarter of 2026 saw a surge in Internet disruptions, from nationwide shutdowns in Uganda and Iran to unprecedented drone strikes on cloud infrastructure. We explore the data behind these events using Cloudflare Radar.

Socket has acquired Secure Annex to expand extension security across browsers, IDEs, and AI tools.

The new Animation Timeline API allows us to create dynamic scroll animations without any JavaScript! It’s honestly a very lovely API, and in this blog post, we’ll explore some of the super cool things we can do with it.

`contrast-color()` 関数は、指定した色に対して `white` もしくは `black` のどちらがより高いコントラスト比を持つかを自動的に判断し、適切な色を返す関数です。動的に色が変わる場合やユーザーがカスタムテーマを使用する場合など、常にコントラスト比を確保するのが難しい状況で役立ちます。

Here’s what we’ve done—and what we’re still doing—to improve our availability and reliability.The post An update on GitHub availability appeared first on The GitHub Blog.