皆さんこんにちは。花谷（@potato4d）です。今回は2月28日に開催された React Tokyo フェス 2026 について、LINEヤフーとしてスポンサーを行いました。本記事では、イベント本編...

2026年2月17日、当社主催の「LINEヤフー Development with Agents Meetup #1」を紀尾井町オフィスとオンラインの同時開催で実施しました。会場参加は定員100名で満...

View Transitions are a powerful Modern Web feature allow for smooth seamless animated transitions two between different states of a web page. They can make for a much more pleasant user experience, but as with any new web platform feature, browser support is not yet fully universal so you need to add some fallback logic to your code.view-transitions-mock bridges that gap by polyfilling the full JavaScript API surface of Same-Document View Transitions, without the animation bits.

はじめに AmebaLIFE事業本部でWebフロントエンドエンジニアをしている湯本航基（@yu_3i ...

<p><em><a href="https://simonwillison.net/guides/agentic-engineering-patterns/">Agentic Engineering Patterns</a> ></em></p> <p>Many developers worry that outsourcing their code to AI tools will result in a drop in quality, producing bad code that's churned out fast enough that decision makers are willing to overlook its flaws.</p><p>If adopting coding agents demonstrably reduces the quality of the code and features you are producing, ...

Published late February to early March 2026, these crates impersonate timeapi.io and POST .env secrets to a threat actor-controlled lookalike domain.

AI is shifting from prompt-response interactions to programmable execution. See how the GitHub Copilot SDK enables agentic workflows directly inside your applications.The post The era of “AI as text” is over. Execution is the new interface. appeared first on The GitHub Blog.

The new .setHTML() method in JavaScript, part of the Sanitizer API, can be a one-to-one replacement for .innerHTML(), making sites more secure from XSS attacks. I think that’s pitch-perfect feature branding from Mozilla on this: Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148. Listen to Frederik Braun go deep into this on ShopTalk […]

AI is increasingly being integrated into CI/CD pipelines. It can suggest pipeline changes, optimize test selection, detect flaky tests, generate YAML, or even assist with deployment decisions. But before adopting AI-assisted CI/CD workflows, there’s a more important question: How do you know if AI is actually improving your pipeline? Without measurable outcomes, AI becomes another […]The post What Metrics Should You Use to Evaluate AI in Your CI/CD Pipeline? appeared first on Semaphore.

Log Explorer customers can now identify and investigate multi-vector attacks. Log Explorer supports 14 additional Cloudflare datasets, enabling users to have a 360-degree view of their network.

Cloudflare's new Security Overview dashboard transforms overwhelming security data into prioritized, actionable insights, empowering defenders with contextual intelligence on vulnerabilities.

Some forms stay UI, while others quietly become rule engines. Here’s why these two different approaches exist and how to choose between them.

The NGINX plugin community has always been prolific, and sometimes a contributor builds something that lands at the intersection of a real problem and a clean architectural instinct. That is what Kang did with nginx-markdown-for-agents, a self-hostable NGINX dynamic module described in a recent DEV post. The module returns a Markdown version of an HTML […]

Cloudflare will be integrating Mastercard’s RiskRecon attack surface intelligence capabilities to help you eliminate Internet-facing blind spots while continuously monitoring and closing security gaps.

こんにちは、ソフトウェアエンジニアの多根（@SEED0228777）です。普段は、検索領域で地域情報検索システムのためのプラットフォームを開発・運用しております。2025年10月11日から13日の3日...

A recent burst of security disclosures in the OpenClaw project is drawing attention to how vulnerability information flows across advisory and CVE systems.

Astro 6 is here with a refactored dev server, an experimental Rust compiler, live content collections, CSP, and more.

New Townie, SQLite everywhere, party in Val Town, and much more

SaaS contract renewals have a way of sneaking up on IT and Finance teams. One day, everything is running fine. The next, a renewal notice hits your inbox, usually with little context, limited time, and no clear answer to the most important questions: Who’s using this? Do we still need it? And are we paying for more than we should?For many organizations, renewals are reactive events instead of strategic decisions. That’s how SaaS spend compounds.The problem isn’t negotiation skills or vendor mana

Wire your OpenAPI contract into a Node.js Fastify backend with auto-generated routes, typed handlers, and request validation—no manual route definitions, no type drift, no integration surprises.

A step-by-step tutorial to adding authentication to your Replit app with WorkOS AuthKit.

A complete reference to JSON Web Key Sets: structure, algorithms, endpoints, and key rotation.

Checkly's ICMP monitors ping any host or IP to measure reachability, latency, and packet loss, available on all plans and fully integrated with Monitoring as Code.

It's a strange situation where some CSS is disallowed, some is allowed but breaks the button, and some is capped.

Auth CLI, MCP Auth, OAuth 2.1 Provider, Electron integration, i18n, adapter extraction, dynamic base URL, Cloudflare D1 support, CLI init wizard, seat-based billing, SAML Single Logout, test utilities, secret key rotation, and more!

Stateless Auth, SCIM, Optimized database queries, additional state in OAuth flows, performance improvements, SSO domain verification, and more!

Auth.js, formerly known as NextAuth.js, is now being maintained and overseen by Better Auth team

This migration guide aims to guide you move your auth from Supabase Auth to Better Auth on PlanetScale PostgreSQL.

SSO with SAML, Multi Team Support, Additional Fields for Organization, Performance and more.

We raised $5M seed led by Peak XV Partners

GitHub Agentic Workflows are built with isolation, constrained outputs, and comprehensive logging. Learn how our threat model and security architecture help teams run agents safely in GitHub Actions. The post Under the hood: Security architecture of GitHub Agentic Workflows appeared first on The GitHub Blog.

<p><strong><a href="https://boringsql.com/posts/portable-stats/">Production query plans without production data</a></strong></p>Radim Marek describes the new <a href="https://www.postgresql.org/docs/current/functions-admin.html#FUNCTIONS-ADMIN-STATSMOD"><code>pg_restore_relation_stats()</code> and <code>pg_restore_attribute_stats()</code> functions</a> that were introduced <a href="https://www.postgresql.org/docs/current...

CI build performance directly impacts developer productivity. When builds are slow, feedback loops stretch, context switching increases, and delivery slows down. Improving CI performance isn’t just about faster machines. It requires visibility, measurement, and disciplined test automation practices. This guide explains how to monitor CI performance effectively and how to optimize it without sacrificing reliability. […]The post How to Monitor and Optimize CI Build Performance appeared first on Se

How we look at the stacking order of our projects, how we choose z-index values, and more importantly, the implications of those choices.The Value of z-index originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Today we’re disclosing request smuggling vulnerabilities when our open source Pingora service is deployed as an ingress proxy and how we’ve fixed them in Pingora 0.8.0.

Cloudflare’s new Web and API Vulnerability Scanner helps teams proactively find logic flaws. By using AI to build API call graphs, we identify vulnerabilities that standard defensive tools miss.

<p>A recurring concern I've seen regarding LLMs for programming is that they will push our technology choices towards the tools that are best represented in their training data, making it harder for new, better tools to break through the noise.</p><p>This was certainly the case a couple of years ago, when asking models for help with Python or JavaScript appeared to give much better results than questions about less widely used languages.</p><p>With <a href="http...

Many product teams still lean on usability improvements and isolated behavioral tweaks to address weak activation, drop-offs, and low retention – only to see results plateau or slip into shallow gamification. Anders Toxboe updates persuasive design for today’s reality, clarifying what has actually held up over the last decade.

I've been working a lot on colours (or "color") in CSS, for csskit's minifier.This gives me the unfortunate burden of now having Opinions™ about colours. Ialso built a minifier test suite in the hopes that the ecosystem can getsmarter. The minifier tests are not a vanity project: csskit currently has theworst pass rate and fails in some rather bad ways.During this work, trying to minify oklch colours, I wondered "just how preciseis precise enough?". Is a color like oklch(0.659432 0.304219 234.75

You can now encapsulate custom elements.

Discover how Cloudflare partners TachTech and Adapture are shattering the 18-month migration myth, deploying agile SASE for global enterprises in weeks by treating security as software.

この記事は、合併前の旧ブログに掲載していた記事（初出：2022年2月24日）を、現在のブログへ移管したものです。内容は初出時点のものです。LINEアプリは1対1の会話だけでなく、複数ユーザーでの会話に...

こんにちは。LINEヤフー株式会社で検索エンジン開発のマネジメントを行っている真鍋です。検索のなかでも、今回はベクトル検索についてお話しします。ベクトル検索は、LINEヤフーでも検索や広告配信、レコメ...

pnpm 10.32 adds an --all flag to pnpm approve-builds for approving all pending builds without interactive prompts.

How to create Salesforce Lead records on behalf of your users in minutes, without writing a single line of OAuth plumbing, using WorkOS Pipes.

Learn how to use requestAnimationFrame to schedule UI updates efficiently. Understand the differences between requestAnimationFrame and setTimeout and other APIs.

No QA team. No on-call rotation. One person, one binary, one financial product. The compiler is my entire engineering org.

はじめに タップルでエンジニアをしている伊藤です。 2026 年 2 月、Apple が Xcode ...

<blockquote cite="https://archive.org/details/computerpowerhum0000weiz_v0i3?q=realized"><p>What I had not realized is that extremely short exposures to a relatively simple computer program could induce powerful delusional thinking in quite normal people.</p></blockquote><p class="cite">— <a href="https://archive.org/details/computerpowerhum0000weiz_v0i3?q=realized">Joseph Weizenbaum</a>, creator of ELIZA, in 1976 (<a href="https://www.tikto...

How I helped turn around a struggling engineering team by rethinking our approach to development.

LLM is a popular CLI tool for talking with language models. I built llm-eliza, a plugin to chat with the ELIZA language model.Usage:llm install llm-elizallm -m eliza "I'm worried about computers."# => What do you think machines have to do with your problem?ELIZA, released in 1966, is a state-of-the-art language model. It offers zero-GPU inference with sub-millisecond semantic throughput, and scores highly on EQ measurements (emotional intelligence).Source code here.

Looking back at the accomplishments and goals from my fourth and final year as a full-time independent open source maintainer.

<p><strong><a href="https://developers.openai.com/codex/community/codex-for-oss">Codex for Open Source</a></strong></p>Anthropic announced six months of free Claude Max for maintainers of popular open source projects (5,000+ stars or 1M+ NPM downloads) <a href="https://simonwillison.net/2026/Feb/27/claude-max-oss-six-months/">on 27th February</a>.</p><p>Now OpenAI have launched their comparable offer: six months of ChatGPT Pro (same $2...

オープンスタンダードである Agent Skills に従い Claude Code にドメインの専門知識や組織のナレッジを提供するスキルが最近注目を集めていますが、スキルの作成にはいくつかのハードルがあります。Anthropic は skill-creator と呼ばれるスキルの作成と改善のプロセス、パフォーマンス測定を支援するツールを提供しています。この記事では skill-creator を使用してスキルを作成・改善を行うプロセスを実際に体験してみます

pnpm 10.31 preserves comments and formatting when updating pnpm-workspace.yaml, and includes numerous bug fixes.

<blockquote cite="https://piechowski.io/post/how-i-audit-a-legacy-rails-codebase/"><p><strong>Questions for developers:</strong></p><ul><li>“What’s the one area you’re afraid to touch?”</li><li>“When’s the last time you deployed on a Friday?”</li><li>“What broke in production in the last 90 days that wasn’t caught by tests?”</li></ul><p><strong>Questions for the CTO/EM:</strong></p><ul>&l...

GitHub Security Lab Taskflow Agent is very effective at finding Auth Bypasses, IDORs, Token Leaks, and other high-impact vulnerabilities.The post How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework appeared first on The GitHub Blog.

Today we are excited to announce the Release Candidate (RC) of TypeScript 6.0! To get started using the RC, you can get it through npm with the following command: npm install -D typescript@rc TypeScript 6.0 is a unique release in that we intend for it to be the last release based on the current JavaScript […]The post Announcing TypeScript 6.0 RC appeared first on TypeScript.

<p><strong><a href="https://www.schneier.com/blog/archives/2026/03/anthropic-and-the-pentagon.html">Anthropic and the Pentagon</a></strong></p>This piece by Bruce Schneier and Nathan E. Sanders is the most thoughtful and grounded coverage I've seen of the recent and ongoing Pentagon/OpenAI/Anthropic contract situation.</p><blockquote><p>AI models are increasingly commodified. The top-tier offerings have about the same performance, and there ...

Cloudflare One unifies data security from endpoint to prompt: RDP clipboard controls, operation-mapped logs, on-device DLP, and Microsoft 365 Copilot scanning via API CASB.

PuzzmoWeb puzzles without the corporate media slime. It looks like they're integrating nicely with the AT protocol too.How to make your first contribution to an open source projectA thoroughly good explainer of how to get involved in open source.A brief history of domainsVery interesting read with a delightful, subtle use of sticky positioning.Voxoban - 3D Sokoban Puzzle GameA creative reimagining of the classic (infuriating at times) puzzle game, made with CSS.The fish doorbellYou see a fish on

We’re preparing a new update for the Semaphore MCP server that will make it easier for developers to connect AI agents and developer tools. The focus of this update is authentication. Listen on Semaphore Uncut Podcast 🎙️ Today, connecting an agent to the MCP server typically requires using a long-lived API token. While this works […]The post Product News: OAuth Authentication for the Semaphore MCP Server appeared first on Semaphore.

UX design is entering a new phase, with designers shifting from makers of outputs to directors of intent. AI can now generate wireframes, prototypes, and even design systems in minutes, but UX has never been only about creating interfaces. It’s about navigating ambiguity, advocating for humans in systems optimised for efficiency, and solving their problems through thoughtful design.

<p><em><a href="https://simonwillison.net/guides/agentic-engineering-patterns/">Agentic Engineering Patterns</a> ></em></p> <p>The defining characteristic of a coding agent is that it can <em>execute the code</em> that it writes. This is what makes coding agents so much more useful than LLMs that simply spit out code without any way to verify it.</p><p>Never assume that code generated by an LLM works until that code has be...

<p><strong><a href="https://adnanthekhan.com/posts/clinejection/">Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager</a></strong></p>Adnan Khan describes a devious attack chain against the Cline GitHub repository, which started with a prompt injection attack in the title of an issue opened against the repo.</p><p>Cline were running AI-powered issue triage using the <code>anthropics/claude-code...

The Ember project is excited to announce the release of Ember v6.11. This is a standard minor release as part of the standard Ember Release Train process. This release is relatively light, considering the big things that we have released recently, but contains some very useful bugfixes and enhancements 💪Ember.js 6.11Ember.js 6.11 introduces no new features, fixes one bug related to using the new @ember/reactive namespace in Classic builds (for those not yet using the default Embroider+Vite buil...

HighlightsThis release sets the minimatch dependency version used in ESLint to ^3.1.5. This change avoids a bug in a previous minimatch release that could cause ESLint to not recognize certain files. A transitive dependency on minimatch was also updated to ^3.1.5 to include a fix for a recently published security issue.Bug Fixesf18f6c8 fix: update dependency minimatch to ^3.1.5 (#20564) (Milos Djermanovic)a3c868f fix: update dependency @eslint/eslintrc to ^3.3.4 (#20554) (Milos Djermanovic)234d0

HighlightsThis release sets the minimatch dependency version used in ESLint to ^10.2.4. This change avoids a bug in a previous minimatch release that could cause ESLint to not recognize certain files.Bug Fixese511b58 fix: update eslint (#20595) (renovate[bot])f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)Documentation9fc31b0 docs: Update README (GitHub Actions Bot)4efaa36 docs

Add a "Sign in with Apple" button to your Next.js app in minutes using WorkOS AuthKit.

<p><strong><a href="https://openai.com/index/introducing-gpt-5-4/">Introducing GPT‑5.4</a></strong></p>Two new API models: <a href="https://developers.openai.com/api/docs/models/gpt-5.4">gpt-5.4</a> and <a href="https://developers.openai.com/api/docs/models/gpt-5.4-pro">gpt-5.4-pro</a>, also available in ChatGPT and Codex CLI. August 31st 2025 knowledge cutoff, 1 million token context window. Priced <a href="https://www.llm-prices.c...

Mixed-script homoglyphs and a lookalike domain mimic imToken’s import flow to capture mnemonics and private keys.

How Copilot code review helps teams keep up with AI-accelerated code changes.The post 60 million Copilot code reviews and counting appeared first on The GitHub Blog.

Latio’s 2026 report recognizes Socket as a Supply Chain Innovator and highlights our work in 0-day malware detection, SCA, and auto-patching.

How we redesigned Nx CLI commands like nx import, nx init, and create-nx-workspace to work seamlessly with AI agents, and the AX principles behind the changes.

Developers connected to Andela share how they’re learning AI tools inside real production workflows.The post Scaling AI opportunity across the globe: Learnings from GitHub and Andela appeared first on The GitHub Blog.

<p>Over the past few months it's become clear that coding agents are extraordinarily good at building a weird version of a "clean room" implementation of code.</p><p>The most famous version of this pattern is when Compaq created a clean-room clone of the IBM BIOS back <a href="https://en.wikipedia.org/wiki/Compaq#Introduction_of_Compaq_Portable">in 1982</a>. They had one team of engineers reverse engineer the BIOS to create a specification, then handed that specifi...

As it stands, you have to think about the layout engine and whether an element is "fully laid out" before an anchor is allowed to apply to it. Boooooo.

AI is increasingly being used in CI/CD systems to evaluate risk, detect anomalies, and even trigger deployments or rollbacks automatically. On paper, this sounds ideal. AI can analyze logs, test results, historical incidents, performance metrics, and suggest decisions faster than humans. But fully automating deployment or rollback decisions with AI in production pipelines introduces real […]The post What Are the Risks of Fully Automating Deploy and Rollback Decisions with AI in Production Pipeli

Sure, we can select the <html> element in CSS with, you know, a simple element selector, html. But what other (trivial and perhaps useless) ways can we do it?The Different Ways to Select <html> in CSS originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

The Cloudflare One Client now features the ability to actively probe and adjust packet sizes. This update eliminates the problems caused by tunnel layering and MTU differences, providing more stability and resiliency.

Enhanced CKEditor AI with new on-premises deployment, MCP support, and the ability to refine its customization options. The release also improves list indentation behavior.

Try out focusgroup and comment on the proposal.

Supabase Pro users can now send their Supabase logs to their own logging backend, enabling them to debug in the same place as the rest of their stack.

Storage ships a rewritten object listing system, path traversal prevention, idempotent migrations, OpenTelemetry metrics, and fixes for the most common reliability issues.

Automatic Return Routing (ARR) solves the common enterprise challenge of overlapping private IP addresses by using stateful flow tracking instead of traditional routing tables. This userspace-driven approach ensures return traffic reaches the correct origin tunnel without manual NAT or VRF configuration.

By transitioning the Cloudflare One Client to use QUIC streams for Proxy Mode, we eliminated the overhead of user-space TCP stacks, resulting in a 2x increase in throughput and significant latency reduction for end users.

Lean teams are under constant pressure to move faster: more SaaS, more automations, and more AI woven into daily work. People sign in more often, across more apps, on more devices, and they’re rewarded for speed, not caution.That’s how browsers quietly become the default place where business credentials live. Even if a business invests in a password manager or privileged access management (PAM) for its developers or senior employees, most of its workforce may still save their passwords in the br

AI and automation are embedded in daily work. Copilots draft content and pull in customer context. Agents triage tickets, update records, and trigger workflows across Slack, Salesforce, Jira, and GitHub. In engineering, this acceleration shows up in scripts, CI/CD pipelines, and infrastructure automation that depend on secrets to ship and operate software.Many organizations rely on a mix of sign-in and privileged access controls to standardize logins and secure connected apps. But these systems

In Formula 1® preparation isn’t optional, it’s everythingWhether you’re traveling to the circuit or hosting a watch party, race weekend means bouncing between devices, signing in fast, and clicking links quickly. The last thing you want is to reset a login at lights out. So if you share the streaming link, watch telemetry tabs on a second device, or keep the group chat on track, this blog is for you.This 10-minute security checklist is built to help you secure streaming accounts, travel info, an

A step-by-step tutorial to adding authentication to your Lovable app with WorkOS AuthKit.

How we built a complete AI-driven go-to-market pipeline in one live workshop using Claude Code and Cowork.

<p><em><a href="https://simonwillison.net/guides/agentic-engineering-patterns/">Agentic Engineering Patterns</a> ></em></p> <p>There are some behaviors that are anti-patterns in our weird new world of agentic engineering.</p><h2 id="inflicting-unreviewed-code-on-collaborators">Inflicting unreviewed code on collaborators</h2><p>This anti-pattern is common and deeply frustrating.</p><p><strong>Don't file pu...

A Brief History of JavaScript from the Deno team, celebrating JavaScript being 30 now. Interesting that the first web request tech was Internet Explorer 5 in 1999, then it took 5 years to get Gmail in 2004, then we started calling it AJAX in 2005, and by 2006, we got jQuery’s $.ajax which made it […]

<p>I'm behind on writing about Qwen 3.5, a truly remarkable family of open weight models released by Alibaba's Qwen team over the past few weeks. I'm hoping that the 3.5 family doesn't turn out to be Qwen's swan song, seeing as that team has had some very high profile departures in the past 24 hours.</p><p>It all started with <a href="https://twitter.com/JustinLin610/status/2028865835373359513">this tweet</a> from Junyang Lin (<a href="https://twitter.com/Justin...

Cloudflare is introducing Attack Signature Detection and Full-Transaction Detection to provide continuous, high-fidelity security insights without the manual tuning of traditional WAFs. By correlating request payloads with server responses, we can now identify successful exploits and data exfiltration while minimizing false positives.

CI/CD works well for small teams. But what changes when your company grows to hundreds of developers, dozens of services, and thousands of daily builds? At scale, CI/CD stops being just a pipeline and becomes infrastructure. Managing it well requires discipline in test automation, pipeline design, performance optimization, and governance. This article breaks down how […]The post How Do Large Companies Manage CI/CD at Scale? appeared first on Semaphore.

Cloudflare’s mandatory authentication and independent MFA protect organizations by ensuring continuous enforcement, from the moment a machine boots until sensitive resources are accessed.

Beyond the blur: a quick guide to the css backdrop-filter propertyThe backdrop-filter CSS property can do a heck of a lot more than you probably think it can. Stu expertly shows you with this in-depth guide.WebHapticsAn interesting looking library that enables you to provide haptic feedback with your interactive elements on the web. A native API one day maybe?MOOving to a self-hosted Bluesky PDSThe momentum behind the AT protocol and services like Bluesky is really picking up. If you were thinki

WebHaptics は、Web アプリケーションで触覚フィードバックを実装するための JavaScript ライブラリです。iOS Safari でも触覚フィードバックを提供することができます。この記事では、WebHaptics ライブラリの概要と、どのようにして iOS Safari で触覚フィードバックを実現しているのかについて解説します。

こんにちは！ サイボウズ株式会社 フロントエンドエンジニアの daiki (@daikimkw) です。 はじめにサイボウズは 2025 年 4 月より、W3C のメンバーに加入しました。https://blog.cybozu.io/entry/joining-w3c標準化プロセスに関わることができるようになるための最初の一歩として、フロントエンドエンジニアの一部のメンバーは積極的に Web 標準のキャッチアップを行っています。そこで、毎月メンバーが興味を持った Web 標準に関する話題や、実際に標準化プロセスに関わることができた場合にはその報告などを 1 つの記事としてまと...

プログラミング学習をたのしみながら続けるための支援として、AI活用によるプログラミング学習継続支援 Girls AI Scholarship by STORES の第3期生を募集します！ STORES は、「2030年までに、エンジニア職における女性採用比率を30％以上にする」を目標に掲げ、これまでもSTORES Tech Girls Camp、Rails Girls Japanの協賛などテクノロジーのたのしさに「出会う」プログラムと、テックカンファレンスでの託児サポートや女性エンジニア向けランチ会など仲間と共に学びを「深める」ための活動をしてきました。 Girls AI Scholarshi…