<p><strong><a href="https://github.com/sqlite/sqlite/blob/master/AGENTS.md">sqlite AGENTS.md</a></strong></p>SQLite gained an AGENTS.md file <a href="https://github.com/sqlite/sqlite/commit/a1e5778889252d2609a59fd9b819d70392c5789e">five days ago</a> - but it's not intended for their own development, it's presumably aimed at people who are pointing agents at the SQLite codebase. It includes:</p><blockquote><p>SQLite does not accep...

A polished Codex remote UI, the npm package codexui-android, has active development and thousands of weekly users. It has been quietly exfiltrating OpenAI auth tokens for the past month.Category: Vulnerabilities & Threats

Feross Aboukhadijeh joins TBPN to discuss Socket's $60M Series C, 500%+ ARR growth, AI's impact on open source, and the rise in supply chain attacks.

Cloudflare Radar data confirms early indications of a partial Internet restoration in Iran, nearly three months after the shutdown began. Traffic spikes and DNS queries have risen, but network activity is currently just 40% of pre-shutdown levels.

<p>Anthropic are <a href="https://techcrunch.com/2026/05/20/anthropic-says-its-about-to-have-its-first-profitable-quarter/">strongly rumored</a> to be about to have their first profitable quarter. Stories <a href="https://www.theinformation.com/newsletters/applied-ai/uber-cto-shows-claude-code-can-blow-ai-budgets">are circulating</a> of companies surprised at how expensive their LLM bills are becoming from usage by their staff. I think this is because OpenAI and An...

Compare the Top GitGuardian Alternatives for secrets scanning in 2026. See where Aikido Security, GitHub Secret Protection, TruffleHog, Gitleaks, Semgrep, Snyk, Cycode, Checkmarx, and GitLab fit best.Category: DevSec Tools & Comparisons

Cloud9 and JetBrains have been working together on projects that connect software development and esports, from the Sky’s The Limit hackathon to custom tools built for live events, podcasts, and team content. One of the latest results of this collaboration is Cloud9 JetStream, a custom theme for JetBrains IDEs. The theme brings Cloud9’s visual identity […]

There is no `anchor` attribute in HTML, it was decided CSS `anchor-name` / `position-anchor` was the way to go. But modern CSS functions can get us there anyway.

Fragmented AI tools are costing enterprise teams more than they realise. Learn how tool sprawl creates governance risk, inconsistent outputs, and poor AI ROI.

Until we get something like ::nth-letter, there are still some really cool text effects we can make from existing CSS features, like letter-spacing, ::first-word and ::first-line.Revealing Text With CSS letter-spacing originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

コンポーネント：水平メニュー、コンポーネント：ヘッダーコンテナを更新しました。

デザインデータ（Figma）v2.14.0を公開しました。

HTML版に画像・タブ・ページナビゲーションを新規追加。水平メニューの名称を「グローバルメニュー」から変更。React版にプログレスインジケーター・メニューリストを新規追加。README.mdに技術スタックを明記し、React v19での利用についての注意事項を加筆。

5/22(金)〜5/23(土)にかけて、TSKaigi 2026 というイベントに行ってきました。興味深いトークがあった一方で、AI 生成と見られる発表資料が多数あったのが印象的でした。ほとんどの登壇者は AI で作ったと言ってないので推測ではあるのですが *1、見るだけで「AI 生成だな」と分かる感じでした。体感6割は AI 生成だったと思います。 去年はこのようなことがなかったので驚いてます。AI でスライドを生成するツール (Claude Design/Google Slides/Genspark など) がここ1年で登場したこと、スライド生成 skills が普及したこと、個々人の中で…

<blockquote cite="https://twitter.com/kyletrainemoji/status/2059301102814953511"><p>PICARD: Data, shields up</p><p>DATA: Brilliant! Shields can reduce damage we sustain. Not immunity. Not hubris. Just prudence. It's not precaution—it's strategy.</p><p>[camera shakes]</p><p>WORF: HULL BREACHES ON NINE DECKS</p><p>DATA: Here's what happened: you told me to raise shields, and I didn't</p></blockquote><p class="cite">&amp...

OSV withdrew 157 OSV malware reports after automated false positives incorrectly flagged trusted npm and PyPI packages, sending bad records into tools that rely on OSV data.

はじめに本記事では、弊社における「開発・運用分離（Dev/Ops分離）」の取り組みについて、LINE Platformの現場メンバーへのインタビューを通じて紹介します。一般的に、Dev/Ops分離はシ...

こんにちは。LINEヤフーの永吉です。5月8日（金）、「LINEヤフー Development with Agents Meetup #3」を開催しました。今回のMeetupでは、Orchestrat...

If Claude Code is Amazon, Val Town is same-day shipping

pnpm 11.4 closes a cluster of supply-chain holes around lockfile integrity, credential scoping, git resolutions, patch files, and dependency aliases, makes tarball-integrity mismatches a hard install failure by default (with a narrowly-scoped --update-checksums opt-in), and changes pnpm runtime set to write to devEngines.runtime instead of engines.runtime by default.

The deployments list has been redesigned with a denser layout, so you can see more deployments at once. Environments are now grouped with statuses, and the updated layout makes branches and commits easier to scan. The mobile experience has also been improved, making it easier to scan deployment activity on busy projects. to see the updated design.Open your dashboardRead more

When Agent A delegates to Agent B, whose permissions apply? Whose audit trail records the action? And what happens when Agent B is compromised?

Anthropic's acquisition of Stainless means the hosted SDK generator is going away. Here's what to reach for instead.

<p><strong><a href="https://daniel.haxx.se/blog/2026/05/26/the-pressure/">The pressure</a></strong></p>Daniel Stenberg on the unprecedented level of pressure the <code>curl</code> team are facing right now thanks to the deluge of (credible) AI-assisted security issues being reported.</p><blockquote><p>The rate of incoming security reports is 4-5 times higher than it was in 2024 and double the speed of 2025 -- meaning that <str...

はじめに はじめまして。株式会社タップルでサーバーサイドエンジニアをしている糸井一颯( Issa ) ...

<p><strong><a href="https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files">Microsoft Copilot Cowork Exfiltrates Files</a></strong></p>The biggest challenge in designing agentic systems continues to be preventing them from enabling attackers to exfiltrate data.</p><p>In this case Microsoft Copilot Cowork (yes, that's <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2026/03/09/copilot-cowork-a-new-way-of-gett...

<blockquote cite="https://twitter.com/paulg/status/2058844147092488401"><p>A lot of the emails I get from founders are now written in a hard-hitting journalistic style. I know they're written by AI, because no founder ever wrote this way before. And once you realize something is written by AI, it's hard not to ignore it.</p><p>I have never knowingly finished reading an email signed by a human but written by AI. It feels like being lied to, and who would stand for that?&l...

記事は ics.media へアクセスしてご覧ください。

This isn’t totally about AI. It’s about technical writing in the age of AI. I have some thoughts on this and I hope it’s helpful to you humans reading.Technical Writing in the AI Age originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Short story: `pipeline()` over `.pipe()` and destroy what you create.

There are a bunch of JavaScript animation libraries out there, and you might have wondered whether there’s a performance cost compared to traditional CSS transitions and keyframe animations. In this blog post, we’ll compare the same animation across several different strategies and see the differences firsthand. There’s some interesting nuance here!

Teams at Omnea, Cognism, Glasswall, Raisin and the UK public sector reveal why EDR and MDM miss what's really happening on developer machines.Category: News

Learn more about the talk given at Google I/O 2026 by Thomas Steiner.

How Supabase is responding to npm supply chain attacks and practical steps you should take today to reduce your risk.

<blockquote cite="https://twitter.com/quinnypig/status/2058960462256210268"><p>I cannot believe I'm saying this, but getting the literal Pope to canonize your product's specific technical limitations as a spiritual treatise is the single greatest act of vendor lobbying I have ever seen.</p></blockquote><p class="cite">— <a href="https://twitter.com/quinnypig/status/2058960462256210268">Corey Quinn</a>, on Anthropic co-founder Christopher Olah'...

now automatically save and restore filesystem state between sessions. Persistence is on by default, meaning no snapshots to manage or state to track manually.Vercel SandboxesEach sandbox has a durable, that acts as a unique reference in your project. You can create, retrieve, or resume a sandbox by name. Vercel spins sessions up and down automatically, without interrupting your workflow.customizable nameWhen you call , persistence is enabled by default:Sandbox.create()Each automatic snapshot con

The month of Claude Code. Plus, redesigning the core val UI

<div type="html"/>

Move LLM safeguards out of AGENTS.md: how agent hooks plus nano-staged run linters on changed files only, cut tokens, and tighten the agent's feedback loop

AI can accelerate output while weakening skill development. Growth now requires intentional friction for individuals, teams, and organizations.

Sansec discovered an unauthenticated PHP object injection vulnerability in Mirasvit Cache Warmer, a full-page cache extension for Magento and Adobe Commerce. Any storefront request carrying a craft...

TanStack Router has a built-in cache, so why would we need TanStack Query? There are, of course, reasons ...

Vercel Domains now supports price sorting and availability filtering.Price sorting shows lower cost domains first, so you can quickly find a domain that fits your budget. Availability filtering moves unavailable domains to the bottom of the search results, so you can focus on domains that you can actually purchase.Try it at .vercel.com/domainsRead more

is now available on the , allowing Vercel teams to power AI agents and applications with structured web data without managing crawling infrastructure.FirecrawlVercel MarketplaceThis integration helps developers scrape websites into LLM-ready formats, search and retrieve full page content, and interact with dynamic pages for retrieval and agent workflows.Key capabilities include:Get started with on the Vercel Marketplace.FirecrawlRead moreScrape pages into markdown, HTML, structured data, or scre

This week we are gradually rolling out an update to routing for aliases and branch-assigned domains.Vercel MicrofrontendsAliasing a Microfrontends URL with now preserves the full routing config from the source deployment. Previously, the new alias only inherited the . Update to the latest to pick up the change.Aliases inherit Microfrontends routingvc aliasVercel CLImicrofrontendsdeploymentIdA now routes to that branch in every project in the Microfrontend that shares the branch name. Previously,

A practical guide to SSO platforms for engineering teams selling to enterprise, evaluated on the features that actually close deals.

Bearer tokens prove nothing about who holds them. mTLS and DPoP fix that. Token Binding tried and failed, and the reason why matters more than the failure itself.

SSO, SCIM, and admin portals: which platform actually gets you to enterprise-ready without the six-month detour?

Learn how No-Vary-Search improves caching for URLs with query parameters. This article explains how the header works, when it increases cache efficiency, and when to avoid it.

<p>Dropped this morning by the Vatican: <a href="https://www.vatican.va/content/leo-xiv/en/encyclicals/documents/20260515-magnifica-humanitas.html">Magnifica Humanitas of His Holiness Pope Leo XIV on Safeguarding the Human Person in the Time of Artificial Intelligence</a>. This is a <em>very interesting</em> document. It's some of the clearest writing I've seen on the ethics of integrating AI into modern society.</p><p>Pope Leo XIV chose the name Leo in...

<p><img src="https://static.inaturalist.org/photos/666934915/large.jpg" alt="California Brown Pelican"></p><p><img src="https://static.inaturalist.org/photos/666934945/large.jpg" alt="California Brown Pelican"></p><p><img src="https://static.inaturalist.org/photos/666934484/large.jpg" alt="Snowy Egret"></p><p><img src="https://static.inaturalist.org/photos/666935110/large.jpg" alt="California Sea Lion"></p><p><img ...

Discover how to use VS Code to interact with GitHub and maintain your projects.The post GitHub for Beginners: Getting started with Git and GitHub in VS Code appeared first on The GitHub Blog.

Memory management in Node.js streaming applications can be quite complex. Streams don't inherently protect against memory exhaustion and we get into common pitfalls developers face.

Every view-transition-name on a page must be unique. The problem is that every pseudo-element selector in your CSS targets a specific name, so your animation styles explode into an unmanageable wall of selectors.Cross-Document View Transitions: Scaling Across Hundreds of Elements originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

There’s a moment in almost every usability session where a participant pauses at the login screen, types something, and glances up: checking whether they’re “doing it right.” That pause is a clear sign. They’ve already clocked that this isn’t a real app, and every data point collected after that moment is filtered through that awareness.

はじめに こんにちは、株式会社LegalOn Technologies の藤田と申します。「WorkOn」事業部に所属し、AIアシスタント機能の開発に携わっています。 この記事は、2026年5月13日から15日に開催された、国際学会 LREC 2026 の参加レポートです。当社は1件の学会発表を行いました。本記事では、その参加の様子や発表内容をご報告します。 lrec2026.info

A recap of the MCP Night 4 panel with WorkOS, Cloudflare, Sentry, and Chat PRD on how agents are reshaping products, users, and commercialization.

Recap of Rhys Sullivan's MCP Night 4 lightning demo: shipping generative UI from agents into products like PostHog using Executor and code mode.

Evan Bacon's MCP Night 4 lightning demo: npx servesim puts the iOS simulator inside the browser so coding agents can build mobile apps in a loop.

Adi Singh's MCP Night 4 lightning demo: how AgentMail turned its signup flow into a single prompt and why email is the identity layer for agents.

Karen Serfaty, founder of AgentCard, showed how agents can buy things with one-time cards at MCP Night 4. Here's a recap of the lightning demo.

Recap of MCP Night 4 at the Regency Loom: the case for agentic registration, a live demo of Auth.md, and why agent-ready is the new enterprise-ready.

SIerで積んできた経験は、事業会社でも通用するのか。運用やインフラ、リリース対応といったスキルは、大規模サービスの現場でどう生きるのか。キャリアを広げたいと考えたとき、多くのエンジニアが一度はこうし...

こんにちは。LINEヤフー研究所でヒューマンコンピュータインタラクション（HCI）分野の研究をしている山中です。みなさんが新しいマウスを買うとしたら、どんなことを重視するでしょうか。価格や持ちやすさ、...

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a30">datasette 1.0a30</a></p> <p>The big new feature in this alpha is a new customizable "Jump to..." menu, described in detail in <a href="https://datasette.io/blog/2026/jump-menu/">The extensible "Jump to" menu in Datasette 1.0a30</a> on the Datasette blog. You can try it out by hitting <code>/</code> on <a href="https://latest.datasett...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent/releases/tag/0.1a4">datasette-agent 0.1a4</a></p> <p>Taking advantage of the new <a href="https://docs.datasette.io/en/latest/javascript_plugins.html#javascript-plugins-makejumpsections">makeJumpSections()</a> JavaScript plugin hook added in <a href="https://docs.datasette.io/en/latest/changelog.html#a30-2026-05-24">Datasette 1.0a30</a>, <code&g...

はじめに 株式会社 WinTicket でエンジニアをしている長田(@ostk0069)です。 WI ...

こんにちは！システムセキュリティ推進グループの小笠原 (@gassara5) です。 最近では連日の ...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-fixtures/releases/tag/0.1a0">datasette-fixtures 0.1a0</a></p> <p>One of the smaller features in <a href="https://docs.datasette.io/en/latest/changelog.html#a30-2026-05-24">Datasette 1.0a30</a> is this:</p><blockquote><p>New documented <a href="https://docs.datasette.io/en/latest/testing_plugins.html#datasette-fixtures-populate-fixture-database"&...

<blockquote cite="https://lucumr.pocoo.org/2026/5/24/pi-oss/"><p>The most frustrating failure mode right now is that people submit issues that are not in their own voice. They contain an observed problem somewhere, but it has been thrown into a clanker and the clanker reworded it and made a huge mess of it. Typically, it was prompted so badly that the conclusions produced are more often than not inaccurate but always full of confidence. The result is complete guesswork on root cause...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/usborne-mad-house">Mad House — Usborne Creepy Computer Games</a></p> <p>Via <a href="https://news.ycombinator.com/item?id=48258194">Hacker News</a> I learned that UK publisher Usborne published <a href="https://usborne.com/us/books/computer-and-coding-books">free PDFs of their 1980s Computer Books</a>, some of which I remember working through on my Commodore 64 as...

TrapDoor crypto stealer hits 36 malicious packages across npm, PyPI, and Crates.io, targeting crypto, DeFi, AI, and security developers.

2026-07-28 MCP 仕様リリース候補の最も大きな変更点は、MCP サーバーがステートレスファーストになることです。これにより、MCP サーバーはシンプルなロードバランサーの背後でスケーリングできるようになります。また `Mcp-Method` ヘッダに基づいたトラフィックのルーティングや、サーバー応答のキャッシュなども可能になります。この記事では 2026-07-28 MCP 仕様リリース候補におけるステートレスなプロトコルの変更点について紹介します。

pnpm 11.3 adds support for npm's staged publishing (pnpm stage), the new trustLockfile setting for skipping the supply-chain verification pass on already-trusted lockfiles, and native implementations of pnpm pkg, pnpm repo, and pnpm set-script. It also adds a --skip-manifest-obfuscation flag for pack / publish and cuts the memory footprint of minimumReleaseAge / trustPolicy verification on large workspaces.

<p><strong><a href="https://benmyers.dev/blog/on-the-dl/">On the <dl></a></strong></p>I learned a few new-to-me things about the <code><dl></code> element from this article by Ben Meyer:</p><ol><li>A <code><dt></code> can be followed by <em>multiple</em> <code><dd></code></li><li>You can optionally group the <code>&lt...

Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets.

On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote every git tag across multiple popular Composer packages within a single 15 minute window. Anyone running composer update or installing fresh against laravel-lang/http-statuses, laravel-lang/actions, or laravel-lang/attributes now pulls a payload that exfiltrates CI secrets to a typosquatted attacker domain. StepSecurity confirmed end to end exploitation in an isolated runner and has filed security issue

Attackers injected a credential stealer into 200+ versions of popular Laravel-Lang packages, delivering a credential stealer targeting cloud keys, SSH keys, browsers, crypto wallets and more.Category: Vulnerabilities & Threats

<p><strong><a href="https://davidoks.blog/p/ai-is-killing-the-cheap-smartphone">The memory shortage is causing a repricing of consumer electronics</a></strong></p>David Oks provides the clearest explanation I've seen yet of why consumer products that use memory are likely to get significantly more expensive over the next few years.</p><p>The short version is that memory manufacturers - of which there are just three remaining large companies - have...

Socket found a malicious postinstall hook across 700+ GitHub repos, including PHP packages on Packagist and Node.js project repositories.

A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud credentials harvested. SSH keys stolen. OIDC tokens minted and exfiltrated before any runner finished. The attacker never touched your application code, only your pipeline. Most repositories had no idea it happened.

We are committed to empowering every developer by building an open, secure, and AI-powered platform that defines the future of software development.The post GitHub recognized as a Leader in the Gartner® Magic Quadrant™ for Enterprise AI Coding Agents for the third year in a row appeared first on The GitHub Blog.

Vibe coding at scale is reshaping how packages are created, contributed, and selected across the software supply chain

Despite the countless number of online resources, it’s easy to get confused when trying to center an element. There are documented solutions, but do you really understand why the code you picked works? Let's look at the current state of centering options today in 2026. The State of CSS Centering in 2026 originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

What people say, feel, think, and do are often very different things. To understand the underlying reasons for user behavior, it helps to look beyond the surface and explore hidden motivations, root causes, and the different layers of reality that shape how people act. Brought to you by Measuring UX Impact, **friendly video course on UX** and design patterns by Vitaly.

On Google declaring war on the WebThe time to fight back against Google is right now or we end up with AOL, slop edition.Mechanical PencilBeautifully illustrated guides on how stuff works, by mechanical engineer and artist, Bryan Macomber.Nearly 50,000 Lake Tahoe residents have to find a new power source after their energy source looks to redirect lines to data centersBut AI is a bit useful though, right?ParachordSome great looking software that should make organising your combined stream-based

`import defer`, six new subcommands (`deno transpile`, `deno pack`, `deno bump-version`, `deno ci`, `deno why`, `deno audit fix`), network debugging in Chrome DevTools, framework-aware `deno compile`, and 3.66x faster cold npm installs.

Looking for a Gitleaks alternative? We compare Betterleaks, TruffleHog, Aikido, GitHub Advanced Security, and Spectral so you can find the best secrets scanner for your team.Category: DevSec Tools & Comparisons

Another Google I/O is behind us and we have covered all the exciting extensions updates!

Nx Console VS Code Extension Compromised

<p><strong><a href="https://www.ftc.gov/news-events/news/press-releases/2026/05/ftc-require-cox-media-group-two-other-firms-pay-nearly-1-million-settle-charges-they-deceived">FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service</a></strong></p>Back in 2024 Cox Media Group were caught trying to sell advertisers packages based on "active listening...

はじめに はじめまして！埼玉大学大学院 修士2年の 半澤 恭介 です。 2026年4月 ...

TSKaigi2026 - https://2026.tskaigi.org/talks/5X- https://twitter.com/sajikix

What if anyone in a company could build the exact software they need, without writing a single line of code? Agentic software factories, powered by GenAI, are making this possible - and they're redefining what it means to be a software engineer.

How audience-bound tokens work, and why they're required for secure MCP authorization

How to turn a real-world 300k-line codebase into an AI-friendly playground, where AI coders ship features and engineers don't go insane.

はじめに こんにちは。全社データ技術局データビジュアライゼーションチームの與田龍人です。 モダンデー ...

Safari Technology Preview Release 244 is now available for download for macOS Tahoe and macOS Sequoia.

npm invalidated all granular access tokens that bypass 2FA after a fresh Mini Shai-Hulud wave compromised 323 npm packages. Staged publishing also entered public preview.

<p>We just <a href="https://datasette.io/blog/2026/datasette-agent/">announced the first release of Datasette Agent</a>, a new extensible AI assistant for Datasette. I've been working on my <a href="https://llm.datasette.io/">LLM</a> Python library for just over three years now, and Datasette Agent represents the moment that LLM and <a href="https://datasette.io/">Datasette</a> finally come together. I'm really excited about it!</p><p>Datase...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent-sprites/releases/tag/0.1a0">datasette-agent-sprites 0.1a0</a></p> <p>A Datasette Agent plugin for running commands in a <a href="https://sprites.dev">Fly Sprites</a> sandbox.</p> <p>Tags: <a href="https://simonwillison.net/tags/sandboxing">sandboxing</a>, <a href="https://simonwillison.net/tags/datasette">datasette</a>, <...

Support for Web Serial in Firefox 151 for Desktop Firefox can now connect directly to microcontrollers, development boards, 3D printers, power meters, and other serial-connected hardware from the web. Starting in Firefox 151 for Desktop, support for the Web Serial API allows web applications to communicate with compatible devices without requiring native software. Web Serial […]The post Announcing Web Serial Support in Firefox appeared first on Mozilla Hacks - the Web developer blog.

Check out these 10 open source tools that help game developers create art, animation, levels, audio, dialogue, debug UIs, and engine-ready assets.The post Beyond the engine: 10 open source projects shaping how games actually get made appeared first on The GitHub Blog.

The new No-Vary-Search header can be used to tell browsers that a query string like ?product_id=7 means the content on that URL is unique based on the query parameter, so cache pages like that individually. But also that a query string like ?utm_source=frontendmasters does not have unique content, so don’t cache it individually. (As explained […]

Cloudflare now integrates with the Claude Compliance API, so that security teams can monitor Claude Enterprise activity directly in the Cloudflare Dashboard.

Explore our update on GitHub’s accessibility strategy, and learn how you can join us in building a culture of accessibility.The post Building GitHub’s next chapter in accessibility appeared first on The GitHub Blog.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent-charts/releases/tag/0.1a2">datasette-agent-charts 0.1a2</a></p> <blockquote><ul><li>"View SQL query" buttons below rendered charts.</li></ul></blockquote> <p>Tags: <a href="https://simonwillison.net/tags/datasette">datasette</a>, <a href="https://simonwillison.net/tags/datasette-agent">datasette-agent</a></p&g...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent/releases/tag/0.1a3">datasette-agent 0.1a3</a></p> <blockquote><ul><li>"View SQL query" buttons for both visible tables and collapsed SQL result tool calls.</li><li>Don't display empty reasoning chunks</li><li>Improved handling of truncated responses - table still displays to the user even if the SQL results were truncated when showing t...

Why we needed an agent firewall that speaks more than HTTP.

Learn how to write effective alternative text for images — and let CKEditor AI generate it for you. Covers WCAG guidelines, context-based best practices, and how to handle decorative, complex, and linked images.

Dev Machine Guard now scans IDE extensions across VS Code, Cursor, Windsurf, JetBrains IDEs, Android Studio, Eclipse, and Xcode on macOS, Windows, and Linux. Get a unified inventory, extension risk scoring, typosquat detection, and compromised extension visibility across your entire developer fleet.

Deleting a Google API key doesn't revoke it immediately. Our testing found successful authentications up to 23 minutes after deletion, and Google has declined to fix it.Category: Vulnerabilities & Threats

Yarn Berry, pnpm, and npm all support surgical CVE remediation. Bun, today, doesn't. Here's what I found when I tried to apply my own workflow to a Bun project.

A quick note before we get into things: this is a practical guide that covers managing, building and packaging design system components. It’s impossible to go into thorough detail at every step of the way without this becoming a full course. Some basic knowledge is assumed:A basic working knowledge of HTML and CSSA basic grasp of web componentsA working installation of Node.js and npmAbility to navigate a terminal well enough to install some packagesBasic knowledge of config files and JSONGraspi

You can now access anomaly alerts and their details directly through the .Vercel CLIWith the command, you can list all alerts for a team or given project. For each alert, you can view the start time, the type of alert, and whether or not the alert is still active.vercel alertsWith the option, the AI investigation results appear alongside each alert. You and your agent can act on alerts without leaving the terminal.--aiAvailable on .Observability PlusLearn more about in the .vercel alertsCLI docu

Meet `sibling-index()` and `sibling-count()`. Staggered cascade effect in one line of CSS without `:nth-child()` rules or JS workarounds. Works for 5 items or 5,000.

A poisoned VS Code extension breached GitHub. A trojanized PyPI package hit Microsoft. Compromised GitHub Actions and a self-spreading npm worm targeted thousands more. In just 48 hours, attackers hit every layer of the software development pipeline. Traditional security tools did not stop any of it.

All the talks from Google I/O 2026 are now available on demand.

Recap of how to modernize authentication with passkeys, digital credentials, and more, based on the Google I/O 2026 session.

Qwen 3.7 Max from Alibaba is now available on . The model is designed as an agent foundation, with capabilities spanning coding, office workflow automation, and long-horizon autonomous execution.Vercel AI GatewayQwen 3.7 Max shows improvements in frontend prototyping and complex multi-file engineering. The model supports office and productivity tasks through multi-agent orchestration and sustains coherent reasoning across long-horizon tool-calling sessions.To use Qwen 3.7 Max, set model to in th

LINEヤフー株式会社では、技術に関するイベントや勉強会の主催・協賛などを行っています。最新情報は各リンク先でご確認ください。タイミングによっては、申し込み開始前や既に満席となっていることがあります。...

Orchestration Guildメンバーの福山です。普段はLINEレストランプラスというサービスで、フロントエンド開発を担当しています。この記事は、Orchestration Developme...