Socket’s first CISO brings deep experience securing high-growth SaaS companies as open source supply chain threats accelerate.

Miasma and Hades worms are spreading across npm and PyPI, running on import and project open. See how Dev Machine Guard's Suspicious Files detects them.

Alerts are more trustworthy and actionable when noise is reduced. See how we improved the verification step with context-aware LLM reasoning.The post Making secret scanning more trustworthy: Reducing false positives at scale appeared first on The GitHub Blog.

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a33">datasette 1.0a33</a></p> <p>This alpha is a significant step on the road to a stable 1.0, finally extending the <code>?_extra=</code> pattern I introduced <a href="https://docs.datasette.io/en/1.0a3/changelog.html#a3-2023-08-09">in Datasette 1.0a3</a> to cover queries and rows in addition to tables. That pattern is also <a href="http...

npm v12 makes install scripts opt-in by default, closing the install-time execution path behind a year of npm supply chain worms from Nx to Red Hat.Category: News

Aikido now supports Docker Hardened Images with built-in VEX integration, helping teams reduce CVE noise and focus on container vulnerabilities that actually need attention.Category: Product & Company Updates

<p><strong>Release:</strong> <a href="https://github.com/simonw/asyncinject/releases/tag/0.7">asyncinject 0.7</a></p> <p>I built this utility library to support an <code>asyncio</code> dependency injection pattern a few years ago. I was using it with Datasette and Claude Fable 5 spotted some bugs in the dependency which it then fixed for me. It's a very proactive model!</p> <p>Tags: <a href="https://simonwillison.net/tags/asyn...

<p><strong><a href="https://www.wired.com/story/anthropic-responds-to-backlash-on-claudes-secret-sabotage-on-ai-research/">Anthropic Walks Back Policy That Could Have ‘Sabotaged’ AI Researchers Using Claude</a></strong></p>Big scoop for Maxwell Zeff at Wired:</p><blockquote><p>“We’re changing Fable 5’s safeguards for frontier LLM development to make them visible.” Anthropic said in a statement to WIRED. “We made the wrong tradeoff and we apo...

Every val gets its own blobs

pnpm used to expand $ placeholders everywhere it found them — including in the .npmrc and pnpm-workspace.yaml files that live inside the repository you just cloned. That turned out to be a way for a malicious repository to steal the secrets in your environment. As of v10.34.2 and v11.5.3, pnpm stops expanding environment variables in repository-controlled registry and credential settings.

Upgrade guide for Fumadocs OpenAPI v11.

Azure is now a provider for DeepSeek V4 Pro and V4 Flash on .AI GatewayRequests to either model can route through Azure alongside the existing providers for another failover path. No code changes are required: default routing considers Azure automatically, and if a provider fails the gateway falls back through the remaining list.If you want requests to try Azure first, use in the gateway provider options to prefer Azure while keeping the other providers as fallback for or in the :orderdeepseek/d

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent/releases/tag/0.2a0">datasette-agent 0.2a0</a></p> <p>Highlights from the release notes:</p><blockquote><ul><li>Tools can now ask the user questions mid-execution. Tools that declare a <code>context</code> parameter receive a <code>ToolContext</code> object, and <code>await context.ask_user(...)</code> can ask a y...

<p><strong><a href="https://blog.google/innovation-and-ai/technology/developers-tools/diffusion-gemma-faster-text-generation/">DiffusionGemma</a></strong></p>Last May Google briefly released an experimental Gemini Diffusion model. I <a href="https://simonwillison.net/2025/May/21/gemini-diffusion/">tried the preview at the time</a> and recorded it running at 857 tokens/second. It was an exciting model, but Google made no further announcements about...

Developers are coding everywhere. AI agents, Slack bots, and MCP servers have made the developer device the biggest security blindspot.Category: News

Replit is integrating Socket Firewall into its AI-powered development experience to help protect builders from malicious open source packages.

Install and configure LSP servers for GitHub Copilot CLI, replacing brute-force grep/decompile with real code intelligence. The post Give GitHub Copilot CLI real code intelligence with language servers appeared first on The GitHub Blog.

Each pseudo element plays a distinct role in how the view transition animates. The browser does most of the heavy lifting though, which makes it a little hard to see what’s actually happening under the hood.

<blockquote cite="https://twitter.com/jeremyphoward/status/2064595816875217362"><p>Easy solution to slow down recursive AI self improvement:</p><ul><li>The lab with the top-ranked model must agree THEY must not use it for working on frontier AI</li><li>But everyone else should have access to it.</li></ul><p>By definition, this means the frontier doesn't advance.</p><p>It also has the critical benefit of avoiding a dangerous...

記事は ics.media へアクセスしてご覧ください。

ENISA's 2026 SBOM adoption report covers 334 organizations and surfaces a consistent gap between generating SBOMs and actually using them. Here is what stood out.Category: News

There are many ways to create memorable experiences. Sometimes it's as simple as a form that completes smoothly. But here I'm interested in sharing techniques I reach for when I want a site to feel alive and be remembered.Creating Memorable Web Experiences: A Modern CSS Toolkit originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Application Services for Private Origins is available now in closed beta. Route public hostnames to private IP origins over your existing IPsec, GRE, CNI, or Cloudflare Mesh paths. No public IPs or extra connector software required.

The compromised onering Rust crate v1.4.1 on crates.io shipped a malicious build.rs that exfiltrates the diff of your latest commit to a hosted Sentry endpoint every time you build.Category: Vulnerabilities & Threats

Findings from an exploratory user research study highlighting the unique insights and practical UX recommendations shared by participants with cognitive disabilities.

Aikido Security discovered a critical unauthenticated authentication bypass in phpBB affecting tens of millions of users. A single HTTP request is all it takes to take over any account — a vulnerability that's been sitting in the codebase since 2014.Category: Vulnerabilities & Threats

This week, we launched the Field Guide to Grid Lanes at gridlanes.webkit.org.

Many organizations are already deploying agentic workflows. Some are still experimental, while others are running in production. Once an AI agent can take action on behalf of a business, the question is no longer whether it’s useful, but what happens when something goes wrong. It’s tempting to focus on blame: the AI vendor, the manager, […]

はじめに はじめまして。東京電機大学大学院修士1年の佐藤聖璃です。 2026年4月の1ヶ月間、株式会 ...

はじめに：生成AIの登場とQAに投げかけられた問い生成AIが登場した際、多くの職種に対して似たような疑問が投げかけられました。「この仕事はAIに代替されるのか？」「反復的な業務は自動化されるのではない...

<p><strong><a href="https://jonready.com/blog/posts/claude-fable5-is-allowed-to-sabotage-your-app-if-youre-a-competitor.html">If Claude Fable stops helping you, you'll never know</a></strong></p>Jonathon Ready highlights one of the more eyebrow-raising details from the <a href="https://www-cdn.anthropic.com/d00db56fa754a1b115b6dd7cb2e3c342ee809620.pdf">319 page system card</a> for Fable 5 and Mythos 5. Here's a longer excerpt, highlights ...

Aaron T. Grogg has a nice page chock full of examples of UI, which used to be the sort of thing that we’d use JavaScript for, but can now be done in HTML & CSS. No hate: I have nothing against JS, but it has better things to do The examples are very modern, like […]

Potluck joined the team. Claude became our biggest source of new users

A practical guide to encrypted storage, OAuth connection management, and session-scoped access for autonomous agents

How to scope what an AI agent can do on a user's behalf, and why the answer is never the user's full permission set.

A practical security audit for backend engineers building or inheriting agentic systems, covering identity, token design, delegation, and the patterns that fail in production

Threshold billing now sends Pro teams a partial invoice mid-cycle once on-demand usage reaches a threshold, instead of holding all charges until the end of the billing period. Partial invoices and the end-of-cycle invoice add up to your total usage, so the same usage is never billed twice.Learn more about .partial invoicesRead more

<p>I didn't have early access to today's <a href="https://www.anthropic.com/news/claude-fable-5-mythos-5">Claude Fable 5</a> release, but I've spent the past ~5.5 hours putting it through its paces. My initial impressions are that this is something of a <em>beast</em>. It's slow, expensive and has been quite happily churning through everything I've thrown at it so far. As is frequently the case with current frontier models the challenge is finding tasks that it can...

こんにちは。サイバーエージェントの佐藤です。 先日開催された CA DATA NIGH ...

はじめに LegalOn Technologiesでは、2027年卒からソフトウェアエンジニア（SWE）の新卒採用を本格的にスタートします。 以前公開した「初めての新卒SWEインターンはどう始まったか。プロジェクトメンバーで振り返る」では、新卒採用本格スタートに向けた長期インターンシップの、設計から選考、受入れまでの裏側をお届けしました。今回はその続編として、実際にインターン生を受け入れた各チームのメンターに話を聞きました。 どんなタスクを任せたのか、どんな成長を期待したのか、そしてメンター自身がどんな学びを得たのか。初めてのSWEインターンを現場視点で振り返ります。 今回話を聞いたのは以下の…

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm/releases/tag/0.32a3">llm 0.32a3</a></p> <p>Almost entirely written by the new Claude Fable 5, see <a href="https://simonwillison.net/2026/Jun/9/claude-fable-5/#adding-features-to-datasette-agent-and-llm-using-claude-code">my write-up for more details</a>.</p> <p>Tags: <a href="https://simonwillison.net/tags/projects">projects</a>, <a href="https://...

<p><strong>TIL:</strong> <a href="https://til.simonwillison.net/llms/agentsview-custom-model-price">Setting a custom price for a model in AgentsView</a></p> <p>I've been really enjoying <a href="https://agentsview.io/">AgentsView</a> by Wes McKinney as a tool for exploring my token usage across different coding agents running on my laptop.</p><p>Claude Fable 5 came out today and wasn't yet included in the pricing database AgentsV...

npm confirmed a tooling bug incorrectly marked several one-character packages as security holders and said it was working on a rollback.

StepSecurity's new Threat Center API returns the compromised packages for any supply chain incident, so you can automate response and confirm exposure fast.

An attacker hijacked a co-founder's GitHub account for gpt-pilot, a 33K-star AI coding tool, and force-pushed a credential-stealing Shai-Hulud payload to the main branch. The ruff Python linter caught formatting and lint violations in the malicious code and blocked the CI build -- twice. The attacker gave up.

On June 8, 2026, multiple Graph ML PyPI packages in the bioinformatics ecosystem were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections to misdirect scanners, and a token-revocation wiper.

On June 5, 2026, the Miasma worm campaign reached Microsoft's Azure GitHub organizations. GitHub disabled 73 repositories across four Microsoft GitHub organizations after a malicious commit was pushed to the Azure/durabletask repository using a previously compromised contributor account. The attack planted configuration files that execute a credential-harvesting payload when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code.

Three malicious versions of Microsoft's official durabletask Python SDK were published to PyPI on May 19, 2026. The compromised package silently downloads and executes a 28 KB payload that steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations, then spreads laterally through cloud infrastructure. The payload skips systems with a Russian locale, a hallmark of Eastern European cybercrime operations. The attack has been linked to the TeamPC

<blockquote cite="https://twitter.com/karpathy/status/2064409694761054332"><p>I feel a lot of things changing as working software increasingly comes out on a tap. The Jevon's paradox kicks in and I feel my own demand for software growing substantially. You can ask for anything - explainers, visualizers, dashboards, bespoke single-use apps (e.g. a full wandb that is hyper-specific just for your project), you can 10X your test suite, auto-optimize code, run giant research projects wit...

MapKit JS allows you to bring the power and simplicity of Apple Maps to your website or web app.

Custom agents let GitHub Copilot CLI understand your stack and team workflows, turning one-off terminal prompts into repeatable, reviewable processes.The post From one-off prompts to workflows: How to use custom agents in GitHub Copilot CLI appeared first on The GitHub Blog.

Deep dive into binding.gyp, the often overlooked npm build file that can execute malicious code at install time through shell expansions, sandbox escapes, and compiler hijacking.Category: Vulnerabilities & Threats

CA DATA NIGHTは、サイバーエージェントが主催するデータサイエンスに特化した技術者向けの勉 ...

Build structured tools for your website, so agents can complete tasks accurately.

Claude Fable 5 from Anthropic is now available on . A Mythos-class model, Fable 5 is a notable step up over prior Claude models on long-running, ambiguous, multi-step tasks, executing end-to-end on work that previously required frequent human check-ins.AI GatewayThe model sustains productive output across multi-day runs and dependably dispatches parallel sub-agents, and lower effort settings often match what prior Claude models produced at their highest effort. Code review, bug-finding, and repo

In our post about Project Glasswing, we made the argument that the architecture around a vulnerability matters more than the speed of the patch. Here we walk through what that architecture looks like, the threats it defends against, and how we run it ourselves as Cloudflare's customer zero.

newmoではフロントエンドとバックエンドの通信をGraphQLで行っています。GraphQLのスキーマは、フロントエンドとバックエンドが合意した唯一の正しい定義、いわば「正となる単一の情報源(Single Source of Truth)」です。このスキーマを正として、開発と自動テストの両方をここから組み立てたい。その基盤として@newmo/graphql-fake-serverを自作してOSSとして公開しています。 このライブラリは、スキーマを正としたまま、2つの使い方を1つのサーバで両立します。1つはスキーマに@example* directiveを書くだけで値が返るDeclarativ…

A designer and an engineer shipped a production MVP in four weeks on Rails + Inertia. In this post, we share our agentic coding stack, the skills we built, and why it clicked.

Today, we're announcing the new Nuxt Agent: Nuxi. We want to make your Nuxt experience less generic and more personalized, with the care that characterizes the Nuxt community.

Node-RED 5.0 is now available to install. If upgrading, please read the upgrade instructions.

What you're actually signing up for when a customer's IdP doesn't speak SCIM.

Everything you need to know to implement and validate JWTs securely in .NET: from token creation and JWKS verification to ASP.NET Core middleware integration, with code examples and best practices throughout.

Prompt injection ends when the session closes. Memory poisoning persists across sessions, activates weeks later, and is nearly invisible to detect.

AI costs are getting harder to forecast. As teams lean more on coding agents and other token-heavy workflows, a key can burn cost faster than anyone notices:Set a spend cap on any key, and rejects further requests on that key once the limit is exceeded, until the budget resets or you raise it. The cap applies to all AI Gateway providers and models running through the key, making it easier to consolidate and govern AI costs.AI GatewayOn the , click , enable the option, enter a limit in dollars, a

You can now use the Vercel CLI to search domains. Using the command, you can supply a domain name and retrieve availability and price results for all TLDs that Vercel supports. vercel domains searchYou can also filter by TLD, apply sorting, and filter out unavailable domains.Upgrade your Vercel CLI to version to get started.54.10.1Read more

<p>Given how badly burned anyone who took Apple's <a href="https://simonwillison.net/2024/Jun/10/apple-intelligence/">2024 WWDC Apple Intelligence announcements</a> at face value was, I'm holding to a strict "I'll believe it when I see it" policy for everything <a href="https://www.apple.com/newsroom/2026/06/apple-unveils-next-generation-of-apple-intelligence-siri-ai-and-more/">they announced today</a>. </p><p>The new Siri AI features do at least look f...

こんにちは！AI事業本部/協業リテールメディアにてPdMをしております三浦です。 先日、CyberA ...

Safari Technology Preview Release 245 is now available for download for macOS Tahoe and macOS Sequoia.

Welcome to WWDC26.

Safari 27 beta is here.

Newer packages in this compromise use native extensions and .pth loaders to execute JavaScript stealers in developer environments.

Find the answers to some of the most common GitHub-related questions.The post GitHub for Beginners: Answers to some common questions appeared first on The GitHub Blog.

NGINX Ingress Controller 5.5 brings full support for mTLS in Ingress objects! This blog post gives a more in-depth overview of our GitHub deployment examples and shows how to configure both our new ingress and egress mTLS Policy CRDs in NGINX Ingress Controller using annotations. Ingress mTLS Ingress mTLS configures how NGINX verifies client certificates […]

Here's a brand new approach to creating staggered animations in CSS using a single progress value, allowing for smooth linkage to various inputs like scrolling. By utilizing a mathematical formula, it enhances control over animated elements without isolating their timelines, making animations more versatile and scrubbable.

I've said one and mean another, and I've used one when I needed another. Comparing scroll-driven animations, scroll-triggered animations, container query scroll states, and view transitions for my future self.Scroll-Driven, Scroll-Triggered, Scroll States, and View Transitions originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Cloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time.

My Take on AI as of June 2026. Most people say AI kills the creativity and the fun in building. I want to offer the other side: managing agents feels a lot like the tech lead job I already loved.

Every month, routes tens of trillions of tokens between production applications and AI labs, giving us visibility into what AI usage actually looks like, separate from leaderboards and benchmarks. We publish the data monthly in the AI Gateway production index. AI GatewayLast month, headlines about blown token budgets dominated tech news: its annual Claude Code budget shortly after Q1 and Amazon to curb unproductive tokenmaxxing. While runaway cost is a real problem, this month’s report shows tha

大規模なネイティブアプリの開発では、新しい技術を知っているだけでは足りません。難しいのは、それを歴史ある現場へどう適用するかです。ユーザー影響の大きいプロダクトでは、素早く価値を届ける「アジリティ（速...

WASI P3 is almost here, bringing native async support to the WebAssembly System Interface (WASI) and Component Model. In this post, we’re looking to the next big milestone: a stable, formally specified Component Model 1.0. At February’s Bytecode Alliance Plumbers Summit, Luke Wagner and Alex Crichton gave a preview of what the path to a stable 1.0 actually looks like. At Wasm I/O 2026 in Barcelona in March, Luke expanded on that vision. So let’s take a look at where the Component Model is headin

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent-edit/releases/tag/0.1a0">datasette-agent-edit 0.1a0</a></p> <p>I'm planning several plugins for <a href="https://agent.datasette.io/">Datasette Agent</a> which can make edits to existing pieces of text - things like collaborative Markdown editing, updating large SQL queries, and editing SVG files.</p><p>Agentic editing of text is a little tricky to...

カミナシエンジニアの osuzu です。 「状態管理にどのライブラリを使うか」への違和感 Reactの状態管理の話になると、だいたいライブラリの比較から始まります。少し前なら Redux か Zustand か Jotai か、最近だと TanStack Query と React Hook Form を組み合わせれば残りはわずか、みたいな話が多い印象です。 ただ、読んでいてどこか議論がかみ合わない感じがずっとありました。 理由はたぶんシンプルで、その問いは手前にすべきモデリングを飛ばしているからだと考えてます。 ライブラリ起点・コンポーネント起点はなぜこじれるのか フロントの状態管理でやりが…

AI もすなるコードレビューといふものを、人間もしてみむとてするなり。 — AI 紀貫之 AI がコードを書くようにはなっても基本的には人間がレビューする生活を続けているので, いま何を考えてどうしているかをスナップショットとして書いておきます. 仕事 メンタルモデルとして AI コーディングエージェントを単なる道具としてみなしていた時代は, 人間(A): タスクに着手, コーディングを AI に指示, 検収 AI: 人間(A)の代わりにコードを書く 人間(B): 人間(A)が書いたコードとしてレビューする というような構造だったんですが, これは人間(A)の検収と人間(B)のレビューが実質的…

Socket found 37 malicious PyPI wheels that abuse Python startup hooks to launch a Bun-powered credential stealer tied to Mini Shai-Hulud/Miasma.

AI SAST is emerging as a new SAST category, but the meaning is unclear. We clarify the difference between AI-native SAST and AI-assisted SAST, as well as how AI SAST sits in the stack between traditional SAST and AI pentesting.Category: DevSec Tools & Comparisons

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a2">micropython-wasm 0.1a2</a></p> <p>I added a CLI to <code>micropython-wasm</code> (<a href="https://github.com/simonw/micropython-wasm/issues/7">issue #7</a>), inspired by the first draft of <a href="https://simonwillison.net/2026/Jun/6/micropython-in-a-sandbox/">the blog entry</a> when I realized it would be a great wa...

<p>I've been experimenting with different approaches to running code in a sandbox for several years now, but my latest attempt feels like it might finally have all of the characteristics I've been looking for. I've released it as an alpha package called <a href="https://github.com/simonw/micropython-wasm">micropython-wasm</a>, and I'm using it for a code execution sandbox plugin for <a href="https://github.com/datasette/datasette-agent">Datasette Agent</a> called &...

Vitest の `isolate: false` オプションを有効にすることで、テストの実行時間を大幅に短縮できましたが、その際に大規模なコードの修正が必要でした。Claude Code の `/goal` コマンドを活用することで、最終的なゴールを達成するために必要なステップを自律的に判断して実行させることができます。この記事ではその経験について紹介します。

AI increases engineering speed, but it also increases the cost of poor context. The best teams will not be the ones that generate the most code; they will be the ones that preserve enough understanding to review, operate, and own what they ship. Context stewardship is what keeps AI-assisted work from accelerating away from human judgment.

Every time I bet on myself instead of taking a paycheck, and what each one taught me.

<p><strong><a href="https://help.openai.com/en/articles/20001061-lockdown-mode">OpenAI Help: Lockdown Mode</a></strong></p>OpenAI first teased this <a href="https://openai.com/index/introducing-lockdown-mode-and-elevated-risk-labels-in-chatgpt/">in February</a>, but now it's live and "rolling out to eligible personal accounts, including Free, Go, Plus, and Pro, and self-serve ChatGPT Business accounts":</p><blockquote><p>Lockdown...

Most programming languages follow a familiar trajectory: early experimental releases, rapid iteration, and then – at some point – a 1.0 version that signals stability and the potential for serious adoption. Zig hasn’t followed that well-trodden path. What could be the reason? Andrew Kelley quit his job in 2018 to build a programming language. Eight […]

AI Gateway now features real-time spend limits to prevent runaway token bills across multiple AI providers. By integrating with Cloudflare Access, companies can use identity-driven budgets and policies.

Using @counter-style for tricky visual effects like word rotation and obfuscation.

eyeballIncredibly addictive game. Best to use a mouse/trackpad than a touch device to give yourself a chance too!Dollar Slice Surf Report, New York CityA cool project by Scott Jehl as, using pen, pencil, Procreate and Figma as a much needed antidote to the slop era.Speaker feedsFFconf have a huge library of previous talks and speakers. Now, you can discover their RSS feeds and follow them. Handy!Let's get creativeFolks love it when we share indexes of cool stuff, so here's another!Protecting Blu

<blockquote cite="https://ladybird.org/posts/changing-how-we-develop-ladybird/"><p>We will no longer accept public pull requests. [...]</p><p>A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds. [...]</p><p>Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users...

Zed は Rust で書かれたネイティブアプリケーションで、非常に高速な動作と軽量な設計が特徴の新しいエディタです。この記事では、Zed のインストール方法と、実際に使ってみて感じた主要な機能や特徴について紹介していきたいと思います。

RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.

Renovateのクラウド版はメモリや実行時間の制限があるため、GitHub Actionsを使ったSelf Host版に切り替える方法やコストについて

now supports drives in private beta. Drives are persistent, attachable storage with a lifecycle independent from any sandbox.Vercel SandboxCreate a drive once, then mount it at a configurable path when starting a sandbox. When the sandbox stops, the drive remains available to attach to a later sandbox.Install the beta () or beta (), then create and mount a drive:SDKCLI@vercel/sandbox@betasandbox@betaSandbox Drives are useful for:During the private beta, a drive can be mounted read-write by one s

100ms deploys from Claude Code, Codex & Cursor

The API is now available. Authenticate with your project's and start querying more than 600,000 skills from across the open-source ecosystem.skills.shVercel OIDC tokenSearch for skills, pull detailed info on any one, check its security audit, and more.Vercel issues a short-lived token scoped to your team and project, rotated automatically, so there's no long-lived secret to leak or rotate. On each request, skills.sh verifies the token and applies a rate limit of 600 requests per minute per team

<p><strong><a href="https://charitydotwtf.substack.com/p/ai-enthusiasts-are-in-a-race-against">AI enthusiasts are in a race against time, AI skeptics are in a race against entropy</a></strong></p>Charity Majors neatly captures the dynamic between AI enthusiasts and AI skeptics, both of whom are trying to build great software, often in the same teams:</p><blockquote><p>The enthusiasts are <em>not wrong</em>. We are starting to see...

こんにちは。カミナシで「カミナシ 設備保全」の開発を行っている澤木です。今回はフロントエンドのコンポーネントディレクトリの構成、特に「ネストを深くしないために何をやっているか」という話をご紹介したいと思います。 feature-basedなディレクトリ構成 まず前提として私たちのチームでは機能（feature）単位でディレクトリを切り、各featureの中をさらにcomponents / hooks / contexts / model / repositoryといった責務ごとのディレクトリに分けるスタイルを採用しています。現在のフロントエンドの実装では一般的な構成かと思います。 featur…