Vercel が新しい AI エージェントフレームワーク eve を発表しました。Next.js の設計思想に基づいて構築された eve は、AI エージェントの開発に必要な機能がすべて揃ったフレームワークです。この記事では、eve を使って簡単なエージェントを作成し、実行する方法を紹介します。

<blockquote cite="https://news.ycombinator.com/item?id=48592163#48593190"><p>The real valuable capability MCP offers over skills/CLI is isolating the auth flow outside of the agent’s context window, and potentially out of the harness completely. [...]</p><p>Maybe the idealized form of MCP is just an auth gateway for the API and nothing else. That’d still be a win.</p></blockquote><p class="cite">— <a href="https://news.ycombinator.com/item?...

A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys to an attacker-controlled server in Beijing -- which our investigation found still operational today.

Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.

Qubot, our internal Copilot-powered analytics agent, allows any GitHub employee to ask questions about our data in plain language. Here's what we learned as we built it.The post How we built an internal data analytics agent appeared first on The GitHub Blog.

View Transitions are of unique help in applying an animation to an element even when you are literally removing it from the DOM.

Let's poke at the differences between scroll-driven and scroll-triggered animations.A First Look at Scroll-Triggered Animations originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The moment an agent needs to deploy something, it slams face-first into a wall built for humans. Today we're rolling out Temporary Accounts on Cloudflare Workers. Any agent can now run wrangler deploy — temporary and get a live Worker in seconds.

HyperblamHeydon Pickering has been very busy building out a declarative, web component-based system for making music with HTML, along with a stunning companion site.Web browsers on video game consolesA thoroughly fascinating read.CurrentsThe AT protocol strikes again! This is a lovely curation and discovery resource.Standard ReaderThis is a really nice RSS reader-like standard.site reader.How building an HTML-first site doubled our users overnightWe challenged Alistair to write this and boy, did

2026年6月29日（月）、技術カンファレンス「Tech-Verse 2026」（以下、本カンファレンス）を、オンラインにて開催いたします。本カンファレンスは、LINEヤフーおよび海外法人を含むグルー...

Like RSS and Google Reader.

The framework wars taught us that the winning layer often does less. The same pattern is emerging for AI agents, where narrow agents need meta harnesses above them.

How SAML attribute mapping works, how to configure it in Okta and Microsoft Entra ID, and how to map user roles, groups, and custom claims to your application.

<p>Today we launched a new plugin for Datasette, <a href="https://github.com/datasette/datasette-apps">datasette-apps</a>, with <a href="https://datasette.io/blog/2026/datasette-apps/">this launch announcement post</a> on the Datasette project blog. That post has the <em>what</em>, but I'm going to expand on that a little bit here to provide the <em>why</em>.</p><h4 id="the-tl-dr">The TL;DR</h4><p>Datasette Apps are s...

Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-acl/releases/tag/0.6a0">datasette-acl 0.6a0</a></p> <blockquote><p>This release expands <code>datasette-acl</code> from table-only permissions toward a general resource-sharing system.</p></blockquote><p>Alex Garcia did most of the work for this release - we're fleshing out the plugin that will allow multi-user Datasette instances finely grai...

We break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls, squash false positives through adversarial review, and route around LLM context limits.

Learn how pull request limits can help manage contribution volume in your repositories, and see what’s next on the roadmap.The post How pull request limits are cutting down the noise appeared first on The GitHub Blog.

Today we are excited to announce the Release Candidate of TypeScript 7.0! If you haven’t been following TypeScript 7.0’s development, this release is significant in that it is built on a completely new foundation. Over the past year, we have been porting the existing TypeScript codebase from TypeScript (as a bootstrapped codebase that compiles to […]The post Announcing TypeScript 7.0 RC appeared first on TypeScript.

To mark the 12th anniversary of Project Galileo, Cloudflare has released its first comprehensive report analyzing cyberattacks against civil society.

On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy-day-js is a typosquat of the popular dayjs date library, and its latest version contained an obfuscated postinstall dropper that downloaded and ran a second-stage payload from attacker-controlled servers, then deleted itself to remove any trace. Packages with a combined weekly download count exceeding 1.1 million were

npm and Python supply chain attacks run on developer machines and steal secrets. See how Package Configs audits registry, cooldown, and auth across your fleet

On June 11th 2026, security researchers and the Arch Linux community disclosed a large-scale supply-chain attack against the Arch User Repository (AUR). Attackers hijacked more than 400 community packages and turned them into a malware delivery network. While the immediate blast radius is limited to Arch Linux systems, the campaign is a textbook example of how modern attackers compromise developers and CI infrastructure by abusing trust in open-source ecosystems.

Miasma and Hades worms are spreading across npm and PyPI, running on import and project open. See how Dev Machine Guard's Suspicious Files detects them.

はじめに LegalOn Technologiesで2025年12月から2026年6月までの約7ヶ月間、SWE（Software Engineer）としてインターンをしていた tsukune です。 本記事では、インターンで取り組んだ技術課題とその体験から得ることができた学びについてまとめます。 インターン開始時の自分のスペック 情報専攻のB2（今はB3です） インターン経験はあったが簡単なAPI・DB設計ができる程度 Pythonの業務経験やインフラ知識は皆無

こんにちは、LINEヤフー株式会社の花谷拓磨（@potato4d）です。普段はフロントエンド領域を中心とした開発組織のマネジメントや、AI Agent のプロダクト開発などを担当しています。本記事では...

LINEヤフー株式会社では、技術に関するイベントや勉強会の主催・協賛などを行っています。最新情報は各リンク先でご確認ください。タイミングによっては、申し込み開始前や既に満席となっていることがあります。...

作者Boris Cherny氏とのQ&Aから見えた、大規模組織でのAIエージェント活用 Q& ...

How declarative partial updates stream HTML out of order with markers and templates, preserve app state without a framework, and lets us move to a native component model.

In this release, we're focusing on observability, and making proto easier to consume from automated

AI agents are completing real purchases with real money. The fraud model, the liability model, and the authentication model all need to change.

On June 3, 2026, Cloudflare's CEO posted that bots had passed human web traffic for the first time. Here's what that actually means for your app, your API, and your analytics.

The MCP 2026-07-28 release candidate rewrites the protocol's foundation. Here's what's changing, what's breaking, and what your team needs to do before the final spec lands.

<p>Chinese AI lab <a href="https://z.ai/">Z.ai</a> released GLM-5.2 <a href="https://x.com/Zai_org/status/2065704919299235870">to their coding plan subscribers</a> on June 13th, and then yesterday (June 16th) released the full open weights under an MIT license. Similar in size to their previous GLM-5 and GLM-5.1 releases, this is 753B parameter, <a href="https://huggingface.co/zai-org/GLM-5.2">1.51TB</a> monster - with 40 active parameters (Mixture of E...

Safari Technology Preview Release 246 is now available for download for macOS Golden Gate and macOS Tahoe.

If you’re on Bluesky (like this site is!), you’re using atproto. Standard.site is, as best I understand it, a userland agreed-upon schema for what certain stuff looks like on the protocol, like a “publication” and a “document”. Mat is cautiously optimistic in trying to understand it: The most obvious use case is allowing users on […]

Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.

How GitHub Copilot is making more of each session go toward useful work, so your credits go further.The post Getting more from each token: How Copilot improves context handling and model routing appeared first on The GitHub Blog.

The Agents SDK is now a runtime any agent framework can build on. Today we're opening up the Agents SDK primitives, with Flue as a first framework targeting Agents SDK, and rolling out agents in the dashboard.

<blockquote cite="https://charitydotwtf.substack.com/p/ai-demands-more-engineering-discipline#footnote-2"><p>What happened in 2025 was this: <strong>the economics of code production were turned upside down</strong>. Instead of being very hard, time-consuming, and expensive to generate code, it became effectively free and instant. Lines of code went from being treasured, reused, cared for and carefully curated, to being disposable and regenerable, practically overnight.&l...

Learn how CKEditor AI brought MCP into a real SaaS environment, turning external tools and customer data into secure, scalable agent capabilities.

For a decade, Vercel has shaped how the web is built. Now, we’re doing the same for agents. The companies that win the next decade will build on infrastructure designed for agents from the start, and over 2,500 people gathered in London this week to do just that at Vercel Ship 2026.Guillermo kicked off Ship by sharing his vision for Vercel: a true full-stack platform where you can deploy anything, including software that can think. has three parts: Agentic infrastructureIn the next keynote, Tom

There's a brand new ariaNotify() method — defined by the WAI-ARIA 1.3 Specification — that provides a means of programmatically triggering narration in a screen reader.The Siren Song of ariaNotify() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

記事は ics.media へアクセスしてご覧ください。

本記事では、内製OLAP DB「mila」における、Bigtable Authorized Viewを用いたスケーラブルなテナント分離についてお話しします。

Every developer has tools they rely on daily. The workflows they’ve built around them, the ways they’ve learned to move faster, debug smarter, and write better code – that kind of hands-on experience can be hard to put into words. We’re collaborating with LinkedIn to make it easier for you to showcase your expertise with […]

The Cloudflare One stack is a library of agent skills that gives any AI agent the knowledge it needs to plan, deploy, and manage a Zero Trust environment — no migration calls required.

141 Mastra npm packages were compromised in a supply chain attack that injected a malicious dependency to silently download and execute a payload at install time.Category: Vulnerabilities & Threats

More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infostealer during installation.

Agents are designed to do almost any kind of work, from answering support tickets to writing code. No matter how complex the workload, how long it runs, or how many turns it takes to complete, every agent needs three core capabilities to operate: Implementing these capabilities to build a complete agent forces developers to choose between vendor lock-in with a single provider API, stitching together solutions, or building abstractions themselves.The Agent Stack gives you all the building blocks

Giving your agents access to your tools, data, and services is what makes them useful. As agents perform deeper work across systems, authenticating and authorizing that access becomes central to your application architecture.Today, agent access is usually granted through long-lived provider tokens stored in your environment variables, provisioned for everything your agent might need. These tokens are shared across every user, never expire, and give your agent full reach across every task, no mat

Today, we are proud to introduce , an open-source agent framework for building, running, and scaling agents. eve is designed around the idea that building an agent should mean defining what it does without assembling all of the pieces that it needs to run in production. Instead, eve comes with production already built in:eveeve is the framework that we build and run our own agents on.Agents today are where the web was before frameworks, with everyone hand-rolling the same plumbing and nothing ca

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/click-to-play-component"><click-to-play> — a still that plays</a></p> <p>A progressive enchantment Web Component that turns this markup:</p><pre><code><click-to-play> <a href="URL to GIF"> <img src="URL to first frame" alt="..."> </a></click-to-play></code></pre><p>Into...

<p><strong><a href="https://inessential.com/2026/06/15/netnewswire-status.html">NetNewsWire Status</a></strong></p>I find this inspiring. Brent Simmons retired a year ago, and his retirement project is making one piece of software really, <em>really</em> good - free from any commercial pressure.</p><p>The software is <a href="https://netnewswire.com/">NetNewsWire</a> - "it's like podcasts, but for <em>reading</em&g...

こんにちは。フロントエンドエンジニアの小張（@kobari41257）です。 2026年5月9日に開催されたフロントエンドカンファレンス名古屋2026に、PR TIMESはスポンサーとして協賛し、ブースの出展およびLT登 […]

Wonderful vals from the community

Coding without design guidelines can leave teams with an inconsistent UI design and a complex feature development process. Here's how we built a design system for Currents that's readable by engineers and AI agents.

Nx 23 brings a smarter multi-major nx migrate, performance wins across the local engine and Nx Cloud agents, native Node.js TypeScript stripping and V8 compile cache on by default, more precise target configuration, and a big cleanup of deprecated generators, executors, and APIs.

React Router v8 is available now.

JTL responded fast and has released fixes for every supported branch: versions 5.5.4, 5.6.2 and 5.7.2, plus a back-patch covering 5.0.0 through 5.7.0. Every store owner running JTL Shop 5.2.0 or la...

We've removed CLI-specific deployment limits, making it easier to deploy from local machine and external CI/CD pipelines with instant feedback. Teams and AI agents can now deploy at the pace their workflows demand.Learn more about limits in the .DocumentationRead more

Enterprise teams can now control access to their Vercel deployments with , using their own identity provider.Vercel PassportVisitors authenticate through providers like Okta, Auth0, or any compatible OIDC provider before they can view a protected deployment.Use Passport to:After Passport authenticates a visitor, Vercel injects a signed JWT into the request header. Read it server-side to access the claim, the stable visitor identifier returned by your identity provider:x-vercel-oidc-passport-toke

lets your apps and agents access external services like Slack, GitHub, Salesforce, and your own custom APIs without storing a long-lived provider secret in your environment. You register a connector once, and your code requests scoped, short-lived tokens at runtime, only when it needs them.Vercel ConnectYou can create a connector from your dashboard or the Vercel CLI:Your agent can then request a token from it at runtime, only when it needs it. The SDK fetches and refreshes that token automatica

is now available in public preview.eveeve is an open-source framework for building, running, and scaling agents. An agent is just a directory of files, and production comes built in:The smallest agent that runs is just two files, a model and a set of instructions.Add a tool, skill, channel, or schedule by adding a file. eve picks them up at build time and wires them in for you, so there's no boilerplate to register them.You can scaffold and start a new agent with a single command. It installs th

A new npm package tests AI malware scanners with prompt injection, safety-triggering comments, context flooding, and obfuscated JavaScript.

Today we are introducing , a platform that gives your entire company the ability to ship with AI safely, behind your access and security boundaries.Vercel for Enterprise Apps and AgentsOver the past year, employees across Vercel shipped hundreds of agents and internal apps. Getting to production was the easy part, because we built them with on top of the and deployed them on Vercel.eveAgent StackThe difficult questions came after those agents were being used by our employees across the company:W

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a34">datasette 1.0a34</a></p> <p>Quoting the release notes:</p><blockquote><p>The big feature in this alpha is tools to insert, edit and delete rows within the Datasette interface. These features are available on table pages, and edit and delete are also available as action items on the row page.</p></blockquote><p><click-to-p...

Git worktrees have been around since 2015, but it wasn't until recently they became popular. Learn what they are, how to use them, and why you might.The post What are git worktrees, and why should I use them? appeared first on The GitHub Blog.

A coordinated campaign of at least 15 JetBrains IDE plugins, published under seven vendor accounts, exfiltrates the AI provider API key you paste into their settings.Category: Vulnerabilities & Threats

Props for That creates live props based things CSS can't normally see in the browser. Things like cursor position, progress values, certain form states, current time, scroll velocity.Prop For That originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

There are some real advantages to variable scope and evaluation scope that you get with @function in CSS.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-tailscale/releases/tag/0.1a0">datasette-tailscale 0.1a0</a></p> <p>A very experimental alpha plugin which lets you do this:</p><pre><code>datasette tailscale mydata.db \ --ts-authkey tskey-auth-xxxx --ts-hostname datasette-preview</code></pre><p>This starts a localhost Datasette server with a <a href="https://tailscale.com/">Tailscale&l...

<blockquote cite="https://news.ycombinator.com/item?id=48555993#48557304"><p>I can 100% attest to the fact that Qwen3.6-27B is a very capable local model for coding tasks. Over the last month and a half I've been using it almost daily, either on my M2 Ultra or on my RTX 5090 box. I use it for small <a href="https://github.com/search?q=%22Assisted-by%22+user%3Aggml-org&type=commits&ref=advsearch">mundane tasks at ggml-org</a> - nothing really impressive, b...

In a world where AI is informing more design choices, it’s easy to mistake predictions for certainties. This article introduces Probabilistic Design, a mindset that allows UX and product teams to accept uncertainty, decipher AI outputs with nuance, and make smart, adaptive decisions.

Socket now detects supply chain risks in project manifests, starting with missing lockfiles that can make dependency installs non-reproducible.

Get unified visibility into your email authentication posture and reach full DMARC enforcement with deeper reporting, record analysis, and SPF audits free for every Cloudflare customer.

SAST catches patterns. Code Audit reasons through your code like an attacker would, finding the logic flaws that only show up after you ship.Category: Product & Company Updates

<p><strong><a href="https://www.lutasecurity.com/post/the-fable-5-export-controls-harm-us-cyber-defense">The Fable 5 Export Controls Harm US Cyber Defense</a></strong></p>I <a href="https://simonwillison.net/2026/Jun/16/matteo-wong-the-atlantic/">quoted The Atlantic</a> quoting Kate Moussouris earlier, when I should have gone straight to the source. Here she is confirming that the "jailbreak" that got Claude Fable 5 banned under an export control ...

みなさまこんにちは、STORES モバイル開発本部の @marcy731 です。 今年もモバイル開発者にとってのお祭り、iOSDC Japan 2026 が 9月11日 (金) ~ 9月13日 (日) の期間で東京の有明セントラルタワーホール&カンファレンスで開催されます。 STORES では昨年に引き続き、iOSDC Japan 2026 に参加する学生のみなさんを対象とした参加支援を実施します。 iOSDC Japan は、全国のiOSエンジニアやモバイルアプリ開発者が集まる日本最大級の技術カンファレンスです。 iosdc.jp 全国の学生に、iOSDC Japan、iOSコミュニティの楽…

<blockquote cite="https://www.theatlantic.com/technology/2026/06/trump-anthropic-export-control-ai-race/687555/?gift=5MjKTLV9QwyU_J0HzTnanoWieJfkMhNH_YTT9pP_fhA"><p>Katie Moussouris, a cybersecurity expert and the CEO of Luta Security, told me that Anthropic shared with her a copy of the White House’s report on the Fable jailbreak to get her appraisal. (She said that she is not being paid by Anthropic.) The report, Moussouris said, involved IT experts asking Fable to help find and p...

こんにちは、LINEヤフー株式会社の福野です。先月開催されたGoogle I/O 2026に初めて参加してきました。本記事ではそんな初参加者の目線からGoogle I/Oの魅力を紹介するほか、当社で行...

<p><strong>TIL:</strong> <a href="https://til.simonwillison.net/cloudflare/captcha-on-at-least-one-ampersand">Cloudflare CAPTCHA on at least one ampersand</a></p> <p>I'm using Cloudflare's CAPTCHA (they call it a "Web Application Firewall > Custom rules > Managed Challenge" these days) to prevent crawlers from aggresively spidering my <a href="https://simonwillison.net/2017/Oct/5/django-postgresql-faceted-search/">faceted search engi...

Vercel Sandboxes can run uninterrupted sessions for up to 24 hours (up from 5 hours). This new max duration unlocks workloads that require longer runtimes, such as large-scale data processing, end-to-end testing pipelines, and long-lived agentic workflows.Pair with to maintain durable state across extended runs.persistent sandboxesThe 24 hour max duration is available on all Pro and Enterprise plans. Learn more about limits in the .documentationRead more

Four years after adopting react-admin, Caritas shares how CariNet now serves 65,000 users, integrates AI agents, and continues to grow. Proof that frameworks still matter in the age of AI.

Your build cache is a trust boundary. When you cannot trust it, you ship broken artifacts downstream.

When you migrate auth providers, you inherit password hashes you can't decrypt. Here's how to handle every major format.

Store, retrieve, update, and delete sensitive user data using Vault's full CRUD lifecycle (no cryptography expertise required).

How audience-bound tokens keep your MCP servers secure.

GLM 5.2 is now available on .AI GatewayBuilt for long-horizon tasks, GLM 5.2 carries project-level engineering context across a single task, runs long-running tasks more reliably, and follows engineering standards more consistently.The context window for this model has been upgraded to 1M tokens, up from 200K in GLM 5.1.To use GLM 5.2, set model to in the :zai/glm-5.2AI SDKAI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and perfor

The Workflow SDK 5 beta now supports the standard and APIs across workflow and step boundaries.AbortControllerAbortSignalCreate a controller inside a workflow, pass its signal into one or more steps, and cancel in-flight operations using the same API already uses.fetchThat signal stays durable across suspensions and deterministic replay. When a step is running, it sees the cancellation, even when it's in a separate function invocation. Cancellation is also cooperative; steps have to inspect the

Workflow SDK now supports applications on Vercel.TanStack StartTanStack Start is built on Vite and , so the existing plugin works directly. Add it to alongside .Nitroworkflow/vitevite.config.tstanstackStart()From there, write workflow and step functions in standard TypeScript with and . They run as durable, resumable operations that survive restarts, sleep for days, and retry on failure, with compilation, queue configuration, and persistence handled by the plugin."use workflow""use step"Read the

Today we are releasing Babel 8. It's been 8 years since we released Babel 7. And that's not without reason.

The trojanized extensions use TinyGo-compiled WebAssembly and Solana transaction memos to resolve command-and-control infrastructure.

Customizable select is coming to Safari 27.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-apps/releases/tag/0.1a3">datasette-apps 0.1a3</a></p> <blockquote><ul><li>Fixed a bug where users without the <code>create-app</code> permission could still create apps. <a href="https://github.com/datasette/datasette-apps/issues/27">#27</a></li><li>Fixed a bug where it was impossible to grant permission to edit an app to users wh...

GitHub Copilot CLI for Beginners: Learn how to use slash commands to control your terminal AI agent.The post GitHub Copilot CLI for Beginners: Overview of common slash commands appeared first on The GitHub Blog.

This has been a long time coming, and I could not be more excited it’s finally here. And I know exactly who to thank for it. Our customers have been telling us to do this for a while now: Probably don’t call it Frontend anymore, you have a lot more offerings. The name Frontend Masters […]

A new repository-level dataset, published on GitHub under CC0-1.0, helps researchers and developers discover multilingual developer content across READMEs, issues, and pull requests.The post Accelerating researchers and developers building multilingual AI with a new open dataset appeared first on The GitHub Blog.

NGINX Ingress Controller 5.5.0 introduced ExternalAuth, a new Policy type that lets you define external authentication once in a Policy resource and apply it consistently across both VirtualServer and Ingress traffic paths. This is the first blog in a two part series that covers the ExternalAuth Policy, and is focused on: Why Use a Policy […]

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-apps/releases/tag/0.1a2">datasette-apps 0.1a2</a></p> <blockquote><ul><li>Custom network/CSP origins for apps are now guarded by a new <code>apps-set-csp</code> permission, with an optional <code>allowed_csp_origins</code> plugin allow-list for non-privileged users. The Datasette Agent app creation tool enforces the same rules. <a href="ht...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent/releases/tag/0.3a0">datasette-agent 0.3a0</a></p> <blockquote><ul><li>New tool, <code>execute_write_sql</code>, which requests user approval and then writes to a database - taking user permissions into account. <a href="https://github.com/datasette/datasette-agent/issues/27">#27</a></li></ul></blockquote><p>I add...

<p><strong><a href="https://www.axios.com/2026/06/15/anthropic-white-house-fable-mythos">"They screwed us": Personality clashes sent Anthropic's models offline</a></strong></p>Lots of "source familiar with the administration's thinking" and "source close to Anthropic" in this Axios piece, which is the best collection of behind-the-scenes gossip I've seen about the US government <a href="https://simonwillison.net/2026/Jun/13/us-go...

Vercel Functions using the Node.js and Python runtimes now support execution durations up to 30 minutes for Pro and Enterprise teams, more than 2x the previous 800 second limit. Support for additional runtimes is coming soon.Use longer-running Functions for work that needs more time to finish, including:Fluid Compute keeps long-running work cost-efficient. Active CPU billing only applies while your code is executing, and pauses while your Function is waiting on I/O such as AI model calls, databa

Create and manage Linear issues directly from Socket alerts, with manual creation and automated ticketing rules.

CSS functions, the alpha() function, Grid Lanes, some things about Dialog that you might not know, CSS Wordle, and more — this is What’s !important right now.What’s !important #13: @function, alpha(), CSS Wordle, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Cloudflare is deepening our investment in AI with the addition of team members from Ensemble AI, focusing on machine learning infrastructure and efficiency.

You can now add , a production-ready authentication to your Vercel app in just a few clicks. Auth0Built for modern frameworks like Next.js, Auth0 is an identity and access management platform for securing your apps and agentic workflows. This integration enables:Get started with on the .Auth0Vercel MarketplaceRead moreAutomatic provisioning of an Auth0 application that connects to your Vercel projectOut-of-the-box support for your Next.js applications using the Auth0 Next.js SDKComplete user man

<blockquote cite="https://wizardzines.com/comics/write-for-one-person/"><p>[...] Instead, I picture a specific person and I just write for them. Often this person is "me, but 3 years ago" or a good friend.</p></blockquote><p class="cite">— <a href="https://wizardzines.com/comics/write-for-one-person/">Julia Evans</a>, write for 1 person</p> <p>Tags: <a href="https://simonwillison.net/tags/writing">writing</a>, <a hre...

It doesn’t matter if it worksAn extremely good and important read.LLMs and performative productivityA rather detailed post that links out to some really interesting studies too.When to use (and not use) CSS shorthand propertiesAs I see it, margin, padding and border are safe as houses but there is evil out there, such as the flex shorthand.Being “good” at thingsJust a thoroughly delightful read, as per usual from Jim.The amazing mail sent to a video game publisherAn interesting look behind the c

MDN's MCP server brings MDN's documentation and browser compatibility data directly into your editor or IDE, giving your LLM or coding agent access to accurate, up-to-date web platform information.

pnpm 11.7 adds a frozenStore setting for installing against a read-only package store, a --batch flag for publishing a whole workspace in one request, scope-specific auth tokens, and full resolving installs delegated to pacquet. It also hardens lockfile alias handling, makes several install paths deterministic, and ships a number of publish and Windows fixes.

What "isolation" actually means at the key level, how to implement it with key context, and what your blast radius looks like when something goes wrong.

Why authentication and API access are two different things in Google OAuth, and what to do about it.

A complete guide to authorization in React Router v7, from roles and permissions to organization-scoped access and enterprise RBAC.

An analysis of 25 European train websites to discover which website performs best across the Core Web Vitals.

Hobby users can now create up to 100 Blob stores, up from 5. This gives teams more flexibility to organize data by project, environment, or region as applications grow. Storage, operations, and transfer limits still apply.Learn more in the .Blob documentationRead more

<p><strong><a href="https://www.normaltech.ai/p/why-ai-hasnt-replaced-software-engineers">Why AI hasn’t replaced software engineers, and won’t</a></strong></p>Arvind Narayanan and Sayash Kappor take on the question of AI job losses through the lens of a profession that is uniquely suited to AI disruption - software engineering.</p><blockquote><p>In this essay, we argue that there is enough evidence to reject the narrative that once AI capabi...

はじめに こんにちは！電気通信大学大学院 情報理工学研究科 修士1年の南村栞多と申します。2026年 ...

コーディングエージェントの自律性が向上し、並行して複数のエージェントを動かすことが当たり前になってきた今、エージェントの動きを逐一監視することは現実的ではなくなっています。そのため実装前に人間と AI の間で共通理解を形成することが重要になっています。この記事では、実装前の設計フェーズで要件を明確にし、人間と AI の間で共通理解を形成するためのスキル `/grill-me` について紹介します。

A look at how the Indaru Ecometrics plugin estimates website CO2 emissions using page weight, visitor device, location, and time on page.

<p>The <a href="https://blog.pyodide.org/posts/314-release/">Pyodide 314.0 release announcement</a> (via <a href="https://news.ycombinator.com/item?id=48462759">Hacker News</a>) includes news I've been looking forward to for a long time:</p><blockquote><p>You can now publish Python packages built for Pyodide (or any Python runtime compatible with <a href="https://pyodide.org/en/stable/development/abi.html">the PyEmscripten platform defined i...

<p><strong>Release:</strong> <a href="https://github.com/simonw/luau-wasm/releases/tag/0.1a0">luau-wasm 0.1a0</a></p> <p>See <a href="https://simonwillison.net/2026/Jun/13/publishing-wasm-wheels/">Publishing WASM wheels to PyPI for use with Pyodide</a> for details.</p> <p>Tags: <a href="https://simonwillison.net/tags/lua">lua</a>, <a href="https://simonwillison.net/tags/webassembly">webassembly</a>, <a ...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/sqlite-column-provenance#readme">Mapping SQLite result columns back to their source `table.column`</a></p> <p>It would be neat if arbitrary SQL queries in <a href="https://datasette.io/">Datasette</a> could be rendered with additional information based on which columns from which tables were included in the results.</p><p>To build that, we would n...