Fixes 287 issues (addressing 324 👍). Hoisted installs restored as default for backward compatibility. CPU profiling with --cpu-prof, faster installs for packages with post-install scripts, bun:test onTestFinished hook, ServerWebSocket subscriptions getter, Alpine 3.22 in Docker images, improved Git dependency resolution, bun list alias, and numerous bug fixes across install, HTTP/HTTPS, N-API, bun test, bun build, and runtime.

Eliminate CI guesswork with Enterprise Task Analytics. Identify performance regressions, prioritize flaky task fixes, and make data-driven decisions about workspace health—all with graph-powered insights only Nx can provide.

We’re announcing the retirement of NGINX Amplify, our free-to-use NGINX monitoring service. If you currently use Amplify to monitor your NGINX instances, please read on for timeline details, why we’re making this change, and how to move to the NGINX One Console. Why we’re retiring Amplify Key benefits of transitioning to NGINX One Timeline Gaps […]

Nearly a billion commits later, the way we ship code has changed for good. Here’s what the 2025 Octoverse data says about how devs really work now.The post What 986 million code pushes say about the developer workflow in 2025 appeared first on The GitHub Blog.

Discover the best AI content tools in 2025. Compare free & paid options like ChatGPT, Jasper, Gemini, and CKEditor AI for SEO-driven content creation.

The new CSS sibling-index() (and -count()) functions are perfect for staggered timing affects. This goes a little step further staggering both before and after a selected element.

SVG is one of those web technologies that’s both elegant and, at times, infuriating. In this article, pioneering author and web designer Andy Clarke explains his technique for animating SVG elements that are hidden in the Shadow DOM.

Announcing a new self-serve API for Bring Your Own IP (BYOIP), giving customers unprecedented control and flexibility to onboard, manage, and use their own IP prefixes with Cloudflare's services.

AI lab made Hermes, their open-source language model, free for one week to increase accessibility. Within days, automated scripts overwhelmed the service with fake accounts performing high-volume inference requests across thousands of accounts to bypass rate limits.Nous ResearchDespite having Cloudflare Turnstile in place, bulk signups continued. The abuse led to wasted inference compute and inflated identity provider bills. After the promotion ended, Nous realized that before reintroducing any

We’ve introduced the Vercel Sandbox CLI, a command-line interface for managing isolated compute environments. Built on the familiar Docker CLI model, developers can now:Full reference now available in the .Sandbox CLI docsRead moreCreate and run sandboxes for Node.js () or Python () workloads.node22python3.13Execute commands inside existing sandboxes.Copy files between local and remote environments.List, stop, and remove sandboxes across projects and teams.Run interactively with support for , ,

You can now search for domains on Vercel using AI-powered smart search.Press in the search bar to enter smart search mode. This mode uses AI to suggest domain names based on your input.spaceIn smart search, you can:Try it at .vercel.com/domainsRead moreClick a domain name to generate similar suggestions.Search across all supported TLDs for that name.

HTTPS connections to the Vercel network are now secured with post-quantum cryptography.Most web encryption today could be broken by future quantum computers. While this threat isn’t immediate, attackers can capture encrypted traffic today and decrypt it later as quantum technology advances.Vercel now supports post-quantum encryption during TLS handshakes, protecting applications against these future risks. Modern browsers will automatically use it with no configuration or additional cost require

Transition to the other side with container query unitsSomething we're always looking for is usages of container queries and their units that you might not have thought of. Ryan has exactly that for you here.Trusting the browserA really interesting read about long lasting accessibility damage thanks to previous browser defaults and of course, AI generated code.Fluid responsive typography: easy when you know howFrom James of Utopia fame:You don’t need to be a hot-shot developer to get this workin

データ基盤チームの橋口です。この記事はデータ基盤チーム & Unit9（エビデンス創出プロダクトチーム）ブログリレー2日目の記事です。 昨日は坂元さんの『冴えたClaude Codeの育て方（50本のSQLをdbt化した話）』でした。 私の所属するチームでは、社内のデータ活用サポート（データマート作成、分析支援など）を重要な業務の1つとしており、関連部門と一緒にプロジェクトを進める機会も多くあります。 関連部門とプロジェクトを進めていく中で、私は技術的な課題と同じくらい、ステークホルダーといかに上手く協業するかが大事だと学んできました。 なぜなら、データ利活用は「ビジネス課題の特定」から「どの…

Haize Labs for AI Agent Security: Features, Pricing, and Alternatives

The Scope Creep: Pretty fun(ny) Choose Your Own Adventure style game Assume the role of a humble project manager, tasked with delivering a website brief for one of your agency’s clients. Unbeknownst to you, the project is cursed by a dark force determined to infinitely extend the job, and send you into a delirious state […]

Hi, I’m Nam! I’m currently working as ...

Curious about using GitHub Copilot in your terminal? Here's our guide to GitHub Copilot CLI, including a starter kit with the best prompts for a wide range of use cases.The post GitHub Copilot CLI 101: How to use GitHub Copilot from the command line appeared first on The GitHub Blog.

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

TypeScript just became the most-used language on GitHub. Here’s why, according to its creator.The post TypeScript’s rise in the AI era: Insights from Lead Architect, Anders Hejlsberg appeared first on The GitHub Blog.

Why should you use a semantic <button> instead of a generic <div>? Accessibility, right? By how exactly does it help accessibility?Explaining the Accessible Benefits of Using Semantic HTML Elements originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

We’re excited to announce the open sourcing of tokio-quiche, our async QUIC library built on quiche and tokio. Relied upon in our services such as iCloud Private Relay and our next-generation Oxy-based proxies, tokio-quiche handles millions of HTTP/3 requests per second with low latency and high throughput.

Cloudflare Stream provides a unified platform for video storage, encoding, and delivery. We are now enabling developers to seamlessly extract audio from videos.

Agents present incredible promise for increased productivity and higher quality outcomes in enterprises. Companies are already using them to streamline customer support, code reviews, and sales operations.When building custom internal agents, the challenge isn't whether AI can create value, it's identifying the problems it's ready to solve today, at a cost that makes sense for the business. At Vercel, we are going through the same AI transformation as our customers. We use our our own products t

AI Gateway is a Node.js service for connecting to hundreds of AI models through a single interface. It processes billions of tokens per day. The secret behind that scale is Fluid.Read more

are moving from package-based to per-unit pricing on the Pro plan. You’ll continue paying the same effective rates, but now you’ll be billed per unit to align costs directly with your usage.Edge Config Reads and WritesThe new rates are:Per‑unit billing scales more smoothly across team sizes and usage patterns. It also helps teams on Pro use Edge Config without immediately consuming a large portion of the included monthly usage credit. or learn more about .Get startedEdge ConfigRead more $0.00000

A medium-severity in Nuxt DevTools was responsibly disclosed, and has been fixed for version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. security vulnerabilityNuxt DevTools users are encouraged to upgrade to the latest version. Read more details below.A vulnerability chain in Nuxt DevTools allows remote code execution in development environments through a combination of cross-site scripting (XSS), authentication token exfiltration, and path

You can now access Moonshot AI's latest and most powerful thinking models, Kimi K2 Thinking and Kimi K2 Thinking Turbo, using Vercel's with no other provider accounts required.AI GatewayKimi K2 Thinkingis oss and excels at deep reasoning, handling up to 200–300 sequential tool calls, and achieves top results on benchmarks for reasoning and coding. Kimi K2 Thinking Turbo is a high speed version of Kimi K2 Thinking and is best suited for scenarios requiring both deep reasoning and low latency. AI

You can now configure your project's max age to persist for the entire lifetime of your deployments.Skew ProtectionSet the value to any duration less than or equal to your project's policy.Deployment RetentionThis removes the previous limits of 12 hours on Pro and 7 days on Enterprise.Learn more about and . Skew Protectionenable it in your projectRead more

A low-severity in Vercel's AI SDK was responsibly disclosed, and has been fixed for 5.0.52, 6.0.0-beta.* The issue may have allowed users to bypass filetype whitelists when uploading files. security vulnerability Vercel customers are encouraged to upgrade to the latest version. Read more details below.Vulnerability in Vercel's AI SDK prompt conversion pipeline where improper URL-to-data mapping allows attackers to substitute arbitrary downloaded bytes for different supported URLs within the same

The aptly named View Transition API is a powerful way to create animated transitions between two states. I use the word 'powerful', because the View Transition API is powerful — more powerful than anyone would expect. You can navigate between pages, or modify the DOM, or meddle with your webpage in a number of other ways, and have an animation between the two states.It is incredibly powerful, and one could write quite the book (or several) explaining all the features and intricacies. There is pl

How the cascade, the animation-fill-mode, and implicit keyframes make things a bit more complicated then you’d initially think …

Learn how to build a simple MCP Server with Python. This guide covers everything you need to bring AI-powered automation to your CI/CD.The post Let’s Build an MCP Server appeared first on Semaphore.

newmoでは、pnpm workspaceで管理している複数のアプリケーションやライブラリに対してESLintを実行しています。 プロジェクトの成長とともにLint対象のファイル数が増加し、CI実行時間とメモリ使用量が増加していました。GitHub Actionsのmatrixオプションを使用した動的なShardingを実装し、これらの問題に対応しました。 newmoフロントエンドの開発原則 newmoのフロントエンド開発では、次の原則を重視しています。 1つ目は、「同じ目的を達成するための手段を統一する」という原則です。同じ目的に対する複数の手段が混在するよりも、統一した手段を使うことで学…

システムを運用していると時折直面するのが「移行作業」です。 新しい技術に触れられるのは楽しいです。一方、大量のコードの書き換えはちょっと辛いですよね。単純な置換で済めばよいのですが、そううまくはいかないことがほとんどです。 今回はこの書き換えを Claude Code を活用して楽に、精度良く実施したお話です。 データ基盤チーム/Unit9（エビデンス創出プロダクトチーム）エンジニアの坂元です。このブログはデータ基盤チーム/Unit9 ブログリレー 1 日目の記事です。 背景 はじめの一歩 独り立ち そして検証も… できたこと 残った課題 細かい工夫 全文読んでから対応すること セルフレビュー…

When IT and security teams lack visibility and control over the SaaS apps employees use, the result is wasted spend, unsanctioned access, and compliance failures. Yet 1Password’s research shows that all too often, SaaS usage is evading the tools meant to govern it.This blog is part two in our series analyzing the 1Password Annual Report 2025: The Access-Trust Gap. To read part one, which addresses AI governance, click here.If you haven’t had a chance to read the full report yet, download it here

Password sharing quietly eats away at seat-based revenue and introduces risk when companies tighten authentication rules. WorkOS Radar gives teams a smarter way to detect shared credentials, reduce false positives, and protect growth.

Technical founders understand the product, ship faster, and make better decisions. Here's why engineering experience creates exceptional leaders.

はじめに こんにちは。AIセクションでソフトウェアエンジニアをしている藤田です。 12月16日（火）に開催される「AI Engineering Summit Tokyo 2025」に、LegalOn Technologiesはゴールドスポンサーとして協賛し、登壇発表・ブース出展を行います。 イベントの詳細は、こちらの公式ページをご覧ください。 ai-engineering-summit-tokyo.findy-tools.io 本日は、登壇セッションの内容や、私の所属するチームについて簡単にご紹介できればと思います。イベント当日、ぜひ会場に足を運んでいただけると嬉しいです。

There are a number of things that can rain on your sticky parade. Maybe it's time to actually understand why.

How GitHub Copilot works today—including mission control—and how to get the most out of it. Here’s what you need to know.The post GitHub Copilot tutorial: How to build, test, review, and ship code faster (with real prompts) appeared first on The GitHub Blog.

Workers VPC Services enter open beta today. We look under the hood to see how Workers VPC connects your globally-deployed Workers to your regional private networks by using Cloudflare's global network, while abstracting cross-cloud networking complexity.

BotID Deep Analysis, Vercel’s advanced bot protection system, will be free for all Pro and Enterprise customers from November 5 to January 15, 2026. is an invisible CAPTCHA to stop advanced, human-like bots from attacking high-value endpoints like registrations, AI invocations, and checkouts. Deep Analysis, our most advanced solution, uses thousands of telemetry points for real-time client-side checks.BotIDTo participate, visit the section in the Firewall dashboard and opt in. BotID usage will n

Let’s dive into the building blocks of UX strategy and see how it speaks the language of product and business strategy to create user value while achieving company goals. Part of the Measure UX & Design Impact (use the code 🎟 IMPACT to save 20% off today).

The majority AI viewAnd for those who aren't insiders in the tech industry, it's vital that you understand that you've been presented with an extremely distorted view about what tech workers really think about AI.Tapping the sign.Instant snapportScroll padding is actually a lot more useful than you might think as the ultimate global style.How to optimize SVG files: A complete guide for beginnersExtremely handy article!Detect fallback positions with anchored container queriesCSS just keeps gettin

Introducing CKEditor AI for intelligent writing assistance and the new Footnotes feature for structured references, plus restricted editing updates and extended support timeline for legacy installations.

Nuxt Image v2 is out - with full TypeScript support, IPX v3, and new providers!

We're launching publisher pages in the Chrome Web Store.

Stainless chooses Astro and Starlight to power the new Stainless Docs Platform and joins as our newest official sponsoring partner of the Astro open-source project.

Image compression involves countless trade-offs between quality, size, and speed. In this final part of the series, we experiment with codecs, metrics, and tools to find practical ways to balance efficiency and visual fidelity.

In Episode 3 of Securing the Win, 1Password’s docuseries exploring the behind-the-scenes teams powering Oracle Red Bull Racing, Nimesh Kotecha, Group Head of End User Services, takes us behind that digital command center, not into the cockpit, but into the technology ecosystem that keeps the entire organization moving.Kotecha and his team manage the infrastructure behind every device, login, and workflow, designing systems that let people move at full speed securely from anywhere in the world. K

Summary and key findings1Password surveyed 2,000 American adults to learn how people are protecting themselves from phishing scams this holiday season (“phishing” refers to all those scammy emails, shady texts, and fake ads, where hackers try to trick people into clicking a link that lets them steal money or information). What we learned is that holiday scams are getting bolder and harder to spot, thanks to the help of AI. Here are some of the other most eye-opening findings:AI is the new gift w

Explore how SCIM’s advanced features, bulk operations and filtering, make identity synchronization faster and more efficient for large-scale environments.

When people complain about Photoshop or other various Adobe products and the subscription model they require (The Onion had a good one), people tend to reply with two options: But now, Affinity is free (and all the varieties combined into one app). You can thank the Canva acquisition for that. You might think that would […]

Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.

End-to-end testing for Cloudflare Workflows was challenging. We're introducing first-class support for Workflows in cloudflare:test, enabling full introspection, mocking, and isolated, reliable tests for your most complex applications.

We're announcing an integration with for . With this, you can connect v0 to Snowflake, ask questions about your data, and build data-driven applications that deploy directly to Snowflake.Snowflakev0Next.jsThe application and authentication are managed through Vercel's secure vibe coding architecture, while compute runs on Snowflake's secure and governed platform, ensuring that your data never leaves your Snowflake environment. to get notified when it's ready for testing.Sign up for the waitlistR

You can now choose whether build traffic, such as calls to external APIs or CMS data sources during the build process, routes through your Static IPs.To enable this, go to your Project Settings → Connectivity → toggle "Use static IPs for builds."By default, this setting is disabled. When enabled, both build and function traffic will route through Static IPs and count toward usage.Private Data TransferThis is available to all teams using Static IPs. or learn more .Try it outhereRead more

With component variants, design systems become more flexible, letting you reuse the same component while adapting its look or state with ease. In this article, Daniel Schwarz demonstrates how design tokens can be leveraged to manage components and their variations using Penpot, the open-source tool built for scalable, consistent design.

あの日見たパターンの名前を僕たちはまだ知らない. よくある一覧 + 詳細画面を作りたい 例えば TODO アプリで, /todo にアクセスしたらタスクの一覧を, /todo/42 にアクセスしたら一覧は表示したまま ID = 42 のタスクの詳細を表示する, というよくあるパターンの画面を作りたい. 世の中の実例としては Asana や, URL の形は異なりますが GitHub の Projects なんかがこういう感じですね. /todo で一覧, /todo/42 で一覧 + 詳細 技術的には要するに SPA なのでやればできるはずなんですが, これを Next.js (App Rou…

Continuing to fund open source software

Serious Games are a great way to learn. This article focuses on the workshops about communication we attended at #play14 Nancy that left a lasting impression.

Learn what session revocation is, why it’s essential for securing user and AI agent sessions, and how WorkOS makes it simple to build “Sign Out Everywhere” into your app with just a few lines of code.

Learn how to delay individual requests in Chrome DevTools. Debug performance issues or bugs that happen when specific resources are delayed.

A deep dive into how JavaScript source maps work under the hood, with examples showing how all the pieces fit together.

Superpowers is an MCP that enforces systematic workflows. I used it to upgrade skillcraft to Next.js 16 and didn't miss a single file.

Tooltips are a natural fit for the abilities of Anchor Positioning, which can help place them on *any* side or corner. It does make dealing with the pointer extra tricky though.

Last time, we discussed that, sadly, according to the State of CSS 2025 survey, trigonometric functions are deemed the “Most Hated” CSS feature.That shocked me. I may have even been a little offended, being a math nerd and …The “Most Hated” CSS Feature: tan() originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Cloudflare used historical data to investigate reports of potential new firewall tests in Turkmenistan. Shifts in TCP resets/timeouts across ASNs corroborate large-scale network control system changes.

Improved observability into and is now available to all Vercel customers. redirectsexternal rewritesExternal rewrites forward requests to APIs or websites outside your Vercel project, effectively allowing Vercel to function as a reverse proxy or standalone CDN. Customers on all plans get new views that offer visibility into key rewrite metrics:Customers on Pro and Enterprise plans can upgrade to to get:Observability Plus have also been updated to support the following:Drains or learn more about

Today, Safari 26.1 is available with iOS 26.1, iPadOS 26.1, macOS Sequoia 26.1 and visionOS 26.1, as well as for macOS Sequoia and macOS Sonoma.

From Chrome 142, the FedCM dialog can display the iframe's domain when the RP is embedded as a third-party iframe.

HighlightsThis patch release fixes an issue introduced in ESLint v9.39.0 where visitors of all rules are invoked with a second argument. This change broke third-party rules that expect visitor functions to receive only a single argument, notably @typescript-eslint/unified-signatures. To ensure compatibility, ESLint v9.39.1 restores the previous behavior of invoking visitors for JavaScript/TypeScript with only the target node as the argument.Bug Fixes650753e fix: Only pass node to JS lang visitor

A guide on how to prepare your e-commerce site for AI-driven search and shopping, covering on-site content, structured data, and off-site brand presence.

WorkOS now supports automated seat-based billing with Stripe. It tracks organization members and sends seat usage to Stripe Meters so billing stays accurate without custom scripts, webhooks, or billing infrastructure.

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Okta, Python, and WorkOS, with just a few lines of code.

Lighthouse CI fails your builds when performance drops. I run it on every pull request.

Windows の Node.js で存在しないファイルを fs.readFileSync で読み取ろうとすると ENOENT が返ってくる。けど ENOENT は POSIX で定義されてるエラーコードであって、Windows のものではない。どこかで正規化されてるのか? という疑問が出てきたので調べてみた。 答え Node.js の公式ドキュメントの error.errno の説明に答えが書いてあった。 https://nodejs.org/api/errors.html#errorerrno On Windows the error number provided by the syst…

The Next.js DevTools MCP connects Claude and Cursor to your running dev server. I use it every day.

GitHub’s annual month-long game jam is back for its 13th year! This November, make a game inspired by the theme WAVES—literal, digital, or emotional. 👋🏻 🌊 📡The post GitHub Game Off 2025 theme announcement appeared first on The GitHub Blog.