July is just around the corner, and that means... It’s time for some new desktop wallpapers! As every month, the wallpapers in this collection were created by the community for the community and can be downloaded for free. Enjoy!

OpenCode integrates with Supabase. Connect your agent to your database, Edge Functions, and logs. MCP setup is configured automatically.

こんにちは。普段フロントエンドを中心に開発している古園（@miyabin4113）です。 2026年6月6日（土）に開催された「フロントエンド・PHPカンファレンス北海道2026」にて、PR TIMESはプラチナスポンサ […]

June 2026 - Astro 7, summer swag collection, Astro Germany meetup, and more!

こんにちは。カミナシで「カミナシ 設備保全」サービスの開発を行っている澤木です。 今回はフロントエンドのテスト戦略についての話を書いていこうと思います。 フロントエンドのテストはどこに何をどれだけ書くかが悩ましい領域です。 ユニットテストは書きやすく実行も速いですが全部組み合わせたときに動く保証はないし、E2Eテストは本物に近い保証が得られるけれど書くのもメンテナンスするのも工数がかかります。 特にE2EテストはAIでコーディングができるようになる前は工数が高く、書きたくても書けなかった部分がありました。 それがAIコーディングエージェントの普及で書くコストが下がり、E2Eもだいぶ書きやすくな…

Servo 0.3.0 contains all of the changes we landed in May, which came out to 391 commits (March: 534).For security fixes, see § Security.We’ve shipped several new web platform features:‘font-kerning: none’ (@simonwuelker, #44634)‘font-variant-east-asian’ (@simonwuelker, #44989)‘font-variant-ligatures’ (@simonwuelker, #44903)‘font-variant-numeric’ (@simonwuelker, #44950)‘font-variant-position’ (@simonwuelker, #45142)mp4 files without fast start in <video> (@calvaris, #45084)<form enctype=...

Audit Logs now capture 400+ unique team , giving teams broader coverage for security reviews, compliance workflows, and investigations.activity eventsWith Vercel Drains support, teams can export those events to custom HTTP endpoints or Amazon S3, replacing with a flexible Drains-based workflow.Custom SIEM Log StreamingAudit Log Drains are available for all Enterprise teams, replacing Custom SIEM Log Streaming. They are priced at $0.50/GB through standard Drains pricing, replacing a separate paid

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/html-table-extractor">HTML table extractor</a></p> <p>Yet another in my growing collection of paste-conversion tools. This one accepts pasted rich text from browsers (with embedded HTML tables) and converts every detected table into HTML, Markdown, CSV, TSV, or JSON.</p><p>Try it out by selecting everything on the Wikipedia <a href="https://en.wikipedia.org/wiki/List_of_ci...

はじめに アニメ Tech STUDIO ソフトウェアエンジニアの新です。 この記事では、コーディン ...

Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.

<p>Tiniest TIL, using AppleScript to count the number of open browser tabs in Safari:</p><pre><code>osascript -e 'tell application "Safari" to count tabs of every window'</code></pre><p><img alt="I ran it in a terminal window and got back 370." src="https://static.simonwillison.net/static/2026/tab-shame.jpg" /></p> <p>Tags: <a href="https://simonwillison.net/tags/safari">safari</a>, <a href="https://simonwillison.net/tag...

The open source Git project just released Git 2.55. Here is GitHub’s look at some of the most interesting features and changes introduced since last time.The post Highlights from Git 2.55 appeared first on The GitHub Blog.

CKEditor 5 v48.2.0 brings General HTML Support for CKEditor AI, AI Chat improvements, media embed resizing and alignment, and skip-level list support.

<p><strong><a href="https://deep-reinforce.com/ornith_1_0.html">Ornith-1.0: Self-Scaffolding LLMs for Agentic Coding</a></strong></p>This is an interesting new open weights (MIT licensed) model, the first model release from DeepReinforce.</p><blockquote><p>[...] with variants including 9B Dense, 31B Dense, 35B MoE, and 397B MoE. Built on top of pretrained Gemma 4 and Qwen 3.5, it achieves state-of-the-art performance among open-source models...

The GitHub Advisory Database is processing more vulnerability reports than ever before. Here's what's driving the surge, how we're responding, and how the community can help.The post Inside the Advisory Database and what happens when vulnerability volume breaks records appeared first on The GitHub Blog.

With the `progress()` function in CSS we've got a new way to calculate the size for type based on the viewport without problems of the past.

CSS has always had pseudo-classes that style things when baed on user interactions. Recent features, however, are blurring the line between what CSS "listens" for and how they are alternatives to what Javascript typically listens for.The Shifting Line Between CSS States and JavaScript Events originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

now support Node.js and Python deployments up to 5GB in package size on , a 20x increase over the previous 250MB limit. Large Functions support is in .Vercel FunctionsFluid computepublic betaThis makes Vercel compatible with backend workloads that do not fit within the 250MB limit, such as Python data and AI libraries, large generated clients, browser automation dependencies, image and video processing packages, and routes with substantial shared application code.New projects are automatically e

You can now query Speed Insights datapoints directly through the Vercel CLI. Using the command, you can pull core (LCP, INP, CLS) and other page performance metrics (FCP, TTFB) based on client-side measurements from real user traffic.vercel metricsWeb VitalsBy providing a coding agent access to the CLI, an agent can answer questions such as:For more details on how to use the CLI command and a complete list of supported metrics, dimensions, filters, and query options, explore the .documentationRe

now supports audio/voice. You can add realtime voice, text to speech, and speech to text with the same calls you already use for text, image, and video, routed through AI Gateway alongside every other modality.AI GatewayAudio launches with models from and . Each call gets the same provider routing, observability, spend controls, and bring-your-own-key support you already use for your other models.OpenAIxAIThese capabilities are in beta and available in 7.AI SDKRealtime, speech, and transcription

はじめにLINEヤフーで大規模データ処理基盤の開発を担当している浅沼と楊です。この記事では、秒間数万リクエストを処理する社内の HDFS（Hadoop Distributed File System）...

Vercel Sandbox snapshots now expire based on when they were last used, not when they were created. Active snapshots stay alive as long as workflows depend on them, while unused snapshots expire on their retention policy.Every time a snapshot is used, its expiration timer resets. This lets you set shorter retention windows without worrying that a snapshot will disappear between sessions, making it safer to build long-running workflows on top of Sandbox persistence.Learn more about Sandbox snapsho

Group your environments by product and give each one its own branding, without separate WorkOS accounts.

are now live on AI Gateway. Realtime voice, text to speech, and speech to text are all available through the with the same routing, observability, and spend controls as your other models.xAI's audio modelsAI SDKThese capabilities are available on the AI SDK 7 release. A voice agent has two pieces: a server route that mints a short-lived token, so your API key never reaches the client, and a browser component that connects with it.Add the token route: this example sets to :modelxai/grok-voice-thi

now supports voice and audio models. You can build realtime voice agents, generate speech from text, and transcribe audio to text. This provides the same observability, spend controls, and bring-your-own-key support as text, image, and video models in AI Gateway, with no markup or platform fees. These capabilities are in beta and available via 7.AI GatewayAI SDKWith realtime support, a single model takes audio in and audio out, so a user can talk and hear a reply back in near real time instead o

はじめに サイバーエージェントのアニメ Tech STUDIO でソフトウェアエンジニアをしている、 ...

こんにちは、ソフトウェアエンジニアの渡邉（匠）です。 「カミナシ 設備保全」の開発に携わっています。 以前、「40,000行のAPIテスト作成で学んだClaude Code Skillsの育て方」という記事を書きました。 AI を使って大量の API テストを生成した話です。 今回はその土台になっている、テストそのものの構成を紹介します。 私たちのバックエンドの API テストは、数十のAPIを対象に、200 本を超えるファイル、1,000 件を超えるテストケースまで育ちました。 本記事の主題は、テストフレームワーク runn で書いた runbook の設計、なかでも「何を確かめるか」と「ど…

<blockquote cite="https://blog.jonudell.net/2026/06/28/doctor-it-hurts-when-agents-create-unreviewable-prs-dont-do-that/"><p><strong><del>Human</del> Agent in the loop</strong></p><p>I dislike the phrase “human in the loop” because it cedes authority to the machines. Let’s flip the narrative. It’s our loop, we work the same way we always have, now we recruit agents to join the team. An agent-assisted process need not be a black box that takes in p...

<p><strong><a href="https://www.hackyoursummer.org/">Hack Your Summer</a></strong></p>I learned about this initiative from DJ Patil this morning:</p><blockquote><p>It’s a 4-week, high-velocity production sprint for undergraduate students, graduate students, and recent graduates who want to build something real this summer.</p><p>You’ll learn how to identify a project, make steady progress, get support from mentors and peers, and ...

Flue は AI エージェントを構築するための TypeScript フレームワークです。ハーネス駆動のアーキテクチャを採用しており、エージェントの構築に必要な機能を包括的に提供しています。この記事では SRE エージェントを構築する例を通じて Flue の機能に触れていきます。

We are excited to announce Prettier 3.9!

<blockquote cite="https://www.hyperdimensional.co/p/what-should-be-done"><p>This is a bad state of affairs. Consider, in particular, some industry dynamics:</p><ol><li>Frontier models are trained at an enormous cost, and a significant fraction of that cost is recouped in the few post-release months that they are broadly available. After that period elapses, the models become sub-frontier, competition emerges, and margins compress. Every week of delay is eating into...

<blockquote cite="https://twitter.com/binarybits/status/2070527944817053862"><p>This is like saying there's no learning curve to being a manager because your employees will just do whatever you tell them to do.</p></blockquote><p class="cite">— <a href="https://twitter.com/binarybits/status/2070527944817053862">Timothy B. Lee</a>, on the idea that LLMs take no skill and have no learning curve</p> <p>Tags: <a href="https://simonw...

A look at npm's new 72-hour account freeze, what triggers it, what it blocks, and how it works alongside trusted and staged publishing. Category: News

<p><strong><a href="https://www.fernandoi.cl/posts/hackmyclaw/">What happened after 2,000 people tried to hack my AI assistant</a></strong></p>Fernando Irarrázaval ran a challenge on <a href="https://hackmyclaw.com/">hackmyclaw.com</a> to see if anyone could leak secrets held by his OpenClaw test instance by sending it email.</p><p>Surprisingly, after 6,000 attempts (and $500 in token spend and a Google account suspension triggered by ...

<p><strong><a href="https://nesbitt.io/2026/06/26/incident-report-cve-2026-lgtm.html">Incident Report: CVE-2026-LGTM</a></strong></p>Spectacular hypothetical incident report by Andrew Nesbitt.</p><blockquote><p><strong>Day 2, 16:00 UTC</strong> --- Two AI review agents from competing vendors, both attached to a downstream pull request bumping <code>foxhole-lz4</code>, enter a disagreement loop over whether the package...

<blockquote cite="https://openai.com/index/previewing-gpt-5-6-sol/"><p>We're beginning a limited preview of the GPT‑5.6 series: Sol, our flagship model; Terra, a balanced model for everyday work; and Luna, a fast and affordable model. Terra has competitive performance to GPT‑5.5 while being 2x cheaper and Luna brings strong capability at our lowest cost. [...]</p><p>We believe in broad access, and we plan to make GPT‑5.6 Sol, Terra, and Luna generally available in the co...

Looking for a Koi Security alternative after the Palo Alto acquisition? Compare competitors on device protection, platform breadth, and pricing.Category: DevSec Tools & Comparisons

GitHub joined the United Nations Development Programme in Ghana to explore how open source governance can support one of West Africa's most ambitious digital reform efforts. The post GitHub and UNDP team up to advance development priorities in Ghana with open source appeared first on The GitHub Blog.

A single root package.json can look simpler in an Nx monorepo but dependency hoisting hides ownership and can turn upgrades into confusing production build failures.

Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.

Compromised versions run a malicious payload at npm install time through a binding.gyp node-gyp hook, harvesting credentials from sources like GitHub Actions secrets, cloud provider keys, and package registry tokens, while trying to persist in AI coding assistant configs. Static analysis of version 2.1.2 against the clean 2.1.1 release revealed a new 5 MB index.js and an added binding.gyp, both absent from earlier releases.

Rspack 2.1 is now available, featuring support for the Rust version of React Compiler, import.meta.glob, Source Phase Imports, persistent cache cleanup, and multiple performance and output optimizations.

For a decade, Vercel has shaped how the web is built. Now, we’re doing the same for agents. The companies that win the next decade will build on infrastructure designed for agents from the start, and over 2,500 people gathered in London this week to do just that at Vercel Ship 2026.Guillermo kicked off Ship by sharing his vision for Vercel: a true full-stack platform where you can deploy anything, including software that can think. has three parts: Agentic infrastructureIn the next keynote, Tom

Maybe you don't need a traditional server to run a web app that needs a node server backend. Maybe the requests that need that can go to a cloud function on demand.

Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.

How GitHub's culture and benefits helped me be the best version of myself.The post Transitioning as a Hubber appeared first on The GitHub Blog.

By humans, for humansWe’re approaching—or arguably are in—an era where ‘made by humans’ is a differentiator. A notion that something beyond money and prompts was put into whatever the heck it is we’re using or consuming or enjoying. We should never lose sight of that.A social filesystemA very good explainer of how the AT protocol stuff actually works.I could've rickrolled the entire FIFA World Cup. All I needed was my ID.Actually mind-blowing read. Never use client-side only auth, pals.Context-a

Deno v2.9.0 以降で `deno desktop` コマンドが使えるようになりました。`deno desktop` コマンドは単一の TypeScript ファイルから Next.js プロジェクトまで、デスクトップアプリに変換できます。この記事では Deno でデスクトップアプリを作る方法について紹介します。

You can now query Web Analytics datapoints directly through the Vercel CLI. Using the command, you can pull page views, visitors, and custom events for your Vercel projects to analyze traffic, compare trends, and answer questions about site performance.vercel metricsBy providing a coding agent access to the CLI, an agent can answer questions such as:For more details on how to use the CLI command and a complete list of supported metrics, dimensions, filters, and query options, explore the .docume

Aikido's malware feed now blocks bad package versions in Composer by default. A look at how Packagist is closing whole classes of supply chain attacks.Category: Product & Company Updates

プレイドのインターン体験記。KARTE SignalsのAI分析チャットのGAリリースに向け、AIエージェント開発フレームワーク「Mastra」を用いたワーキングメモリの実装やプロンプト最適化、ハルシネーション抑制にフロントからバックエンドまで一気通貫で挑んだ、裁量権の大きい開発の裏側を綴ります。

LINEヤフーの技術カンファレンス「Tech-Verse 2026」の公式記事です。生成AIで作成された画像もはや最大のボトルネックはコーディング速度ではありません。問題は入力の断片化と、それらをつな...

LINEヤフーの技術カンファレンス「Tech-Verse 2026」の公式記事です。こんにちは。LINEヤフーで機械学習プラットフォームを開発している木原健太と袁逸凡です。今回は、LINEバイトの検索...

HighlightsNew option checkRelationalComparisons in no-constant-binary-expressionESLint v10.6.0 introduces a new option checkRelationalComparisons for the no-constant-binary-expression rule.When enabled, the rule reports relational comparisons using <, <=, >, or >= whose result is always constant based on their literal operands.For example:const value = "a" > "b"; // always `false`1Copy code to clipboard while (0 <= 0) { // always `true` /* ... */}123Copy code to clipboard Rule ...

Agents hit two walls: they are stuck in one repo, and they start every session blank. Polygraph is an agent-agnostic meta-harness that removes both, so your agents can work autonomously across your whole organization.

OAuth and OpenID Connect fixes, protected resources, DPoP, MCP package migration, SAML and SCIM updates, safer defaults, and more.

A complete guide to social login in React Router v7, covering Google, GitHub, Microsoft, and every provider you will need as you grow.

You can now view in your Vercel dashboard for , the open-source agent framework.The Agent Runs tab appears automatically for every eve project, surfacing trigger, duration, and token usage for each session at a glance. Drill into any run to inspect every turn, model call, and tool call in the conversation. Runtime errors that previously vanished into function logs now correlate to the failing step.Agent RunseveTwo views read the same data:Run data is encrypted by default. Retention scales with p

Explore how the GitHub Copilot agentic harness delivers strong results across multiple benchmarks and leading token efficiency, while maintaining flexibility to choose among more than 20 models.The post Evaluating performance and efficiency of the GitHub Copilot agentic harness across models and tasks appeared first on The GitHub Blog.

<p><strong><a href="https://www.schneier.com/blog/archives/2026/06/ai-and-liability.html">AI and Liability</a></strong></p>Bruce Schneier and Nathan Sanders on the recent <a href="https://the-decoder.com/landmark-german-ruling-declares-googles-ai-overviews-are-googles-own-words-and-makes-it-liable-for-false-answers/">German ruling</a> that Google be held liable for errors introduced in their AI overviews:</p><blockquote><p>AI age...

Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-export-database/releases/tag/0.3a2">datasette-export-database 0.3a2</a></p> <p>An embarrassingly tiny release. The <code>pyproject.toml</code> had pinned to <code>datasette==1.0a27</code>, inadvertently making this plugin incompatible with all other Datasette versions. It's now <code>datasette>=1.0a27</code> instead.</p> <p&gt...

AI is on your roadmap, but ownership, governance, security, and maintenance are often unplanned. Here's what IT leaders need to account for.

StepSecurity now supports Maven in GitHub Checks and OSS Package Search, blocking compromised and freshly published Java dependencies in your pull requests.

Google released an AI “skill” at Google I/O last month called Modern Web Guidance. It’s essentially a folder of nested Markdown files that AI agents know how to read and use as part of their context window when they deem appropriate. This skill has a bunch of HTML/CSS/JavaScript information that guides AI to, hopefully, do […]

A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys to an attacker-controlled server in Beijing -- which our investigation found still operational today.

The translateZ() function moves an element closer to or farther from the user. translateZ() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The translateY() function shifts an element vertically by the specified amount. translateY() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The translateX() function shifts an element horizontally by the specified amount. translateX() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The CSS translate() function shifts an element from its default position on a 2-dimensional planetranslate() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Cloudflare Workflows, our durable execution engine for multi-step applications, now supports saga-style rollbacks, allowing developers to specify a compensating action for each step.do().

AI SDK, with over 16 million weekly downloads, is the TypeScript SDK for building AI applications, features, frameworks, and agents across any model provider. It's the same layer , Vercel's open-source agent framework, is built on.eveAI SDK 7 adds production depth for agent work across five areas:Building well-behaved agents requires fine-grained control over model reasoning, tool context, and file handling.Most frontier models support configurable reasoning, but every provider API exposes it di

Standard.site provides a set of lexicons for publishing long-form content on the internet using the same protocol used under the hood by Bluesky.If you are wondering what 'lexicons' and 'the Atmosphere' are, don't fret. This article will explain what they mean, why you should care about Standard.site, and walk you through exactly how you can implement Standard.site using some simple JavaScript or a plugin for your favourite content management system.What Standard.site is and why you should careI

`deno desktop` for building native desktop apps from web tech, first-class migration from npm/pnpm/yarn/Bun, CSS module imports, snapshot and parameterized testing, smaller `deno compile --bundle` binaries, and Node.js 26 compatibility.

On June 24, 2026, an attacker published malicious versions of 20 npm packages belonging to the Leo Platform ecosystem in a coordinated burst spanning less than three seconds. All 20 packages carry an identical CI/CD attack toolkit that steals secrets from GitHub Actions runners, cloud credential stores, package registries, and password managers, then exfiltrates them via the victim's own GitHub token. Together these packages receive approximately 13,600 downloads per week.

Discover CKBox 2.12 and 2.13 with a refreshed UI, file versioning, asset overwrite, and PDF thumbnails for faster, more reliable asset management.

Coding agents can produce working UI fast, but what's harder is a different shape. They can copy your product's style, match its patterns, and try to follow its conventions. What they cannot do is understand why those patterns exist. Code shows agents what shipped, not why one component, phrase, or interaction became your standard. That reasoning lives in design reviews, PR comments, Slack threads, and with the people who were in the room. For an agent, context that isn't in the codebase doesn't

AI SDK 7 is a major release for building production agents in TypeScript. The SDK has grown from model calls and chat primitives into a broader agent platform for developing, running, integrating, and observing agents across text, audio, realtime, image, and video. Every major provider is supported out of the box.AI SDK 7 introduces two breaking requirements:Run the v7 codemods to automate most import and rename changes before manually reviewing semantic migration items. See the .full v7 migrati

On June 24, 2026, an attacker compromised the simonecorsi/mawesome GitHub repository. They force-pushed malicious commits and repointed several version tags to that commit. As a result, any workflow running against those tags after that time executed the attacker's code inside its GitHub Actions runner.

On June 24, 2026, an attacker compromised the codfish/semantic-release-action GitHub repository. At 15:39:06 UTC they force-pushed a malicious commit and repointed several version tags to that commit. As a result, any workflow running against those tags after that time executed the attacker's code inside its GitHub Actions runner.

With AI, everyone's a developer now, and a lot of code gets shipped without a careful review from trained eyes. Category: News

LINEヤフーの技術カンファレンス「Tech-Verse 2026」の公式記事です。AIでのコーディングで難しいのは、もはやコードを出すこと自体ではありません。課題はその周辺にあります。意図を正確な仕...

LINEヤフーの技術カンファレンス「Tech-Verse 2026」の公式記事です。エージェントがコードを書く時代にコーディングエージェントを使い始めると、最初に気づくのはその速さです。その試行錯誤の...

Webpack 5.108

The lets you run established coding-agent runtimes through one unified interface, so you can switch runtimes without changing your application code. Today we're adding two new adapters, Deep Agents and OpenCode, both running inside a Vercel Sandbox.AI SDK Harness adapts LangChain's runtime, with built-in file and shell tools, skills, host tools, multi-turn sessions, attach and resume, and built-in tool approvals.@ai-sdk/harness-deepagentsdeepagentsRead the to get started.Deep Agents harness docu

An analysis of European Post Office websites to see which websites perform best across the Core Web Vitals.

<p><strong><a href="https://github.com/simonw/browser-compat-db">simonw/browser-compat-db</a></strong></p>Inspired by Mozilla's <a href="https://developer.mozilla.org/en-US/blog/introducing-mdn-mcp-server/">new MDN MCP service</a> - <a href="https://github.com/mdn/mcp">source code here</a> - I decided to try converting their comprehensive <a href="https://github.com/mdn/browser-compat-data">mdn/browser-compat-data</a> repos...

Explicit Resource Management (using/await using declarations, SuppressedError, DisposableStack, AsyncDisposableStack) has been merged into the ECMAScript specification.

New projects using Vercel Flags no longer need to configure SDK Keys or the environment variable when evaluating flags inside a Vercel deployment. At runtime, the Vercel adapter automatically receives a short-lived OIDC token, so authentication is handled for you with zero configuration.FLAGSFor local development, link your project with and pull credentials with . That's it.vercel linkvercel env pullExisting projects and all SDK Keys are unaffected. This change only applies to new projects, and

codfish/semantic-release-action was compromised on June 24, 2026. Attackers repointed v2–v5 tags to a Miasma credential-stealing payload targeting CI/CD secrets. Here's what happened and how to check if you're affected.Category: Vulnerabilities & Threats

The `rule` (and friends) CSS property allows us to draw markers (like borders) in the gaps between columns and rows (and flex items!)

<blockquote cite="https://macwright.com/2026/06/24/accidental-anonymity.html"><p>In the last few months, I've started to see [job applications] that were clearly cowritten by an LLM, link to an LLM-generated portfolio site, which then links to LLM-generated GitHub projects, with purely LLM-generated commit messages. [...]</p><p>My other reaction is that <em>I don't know anything about these people</em>.</p><p>They haven't put themselves out there....

今日のアプリケーション開発において、Feature Flags（機能フラグ）は欠かせないツールとなっています。Vercel Flags を使用することで、Vercel 上でホストされているアプリケーションに Feature Flags を簡単に導入することができます。この記事では、Vercel Flags を使用して Vercel 上でホストされているアプリケーションに Feature Flags を導入する方法を試してみます。

Self-Managed OAuth is now available to all developers on Cloudflare. Here's how we executed a zero-downtime migration of our core OAuth engine to make it happen.

The Fable shutdown shows how quickly model access can become a business continuity risk for AI-dependent engineering teams.

LINEヤフーの技術カンファレンス「Tech-Verse 2026」の公式記事です。大規模言語モデル（LLM）が入力トークンの物理的しきい値を百万規模へと拡張するにつれ、ソフトウェア工学の現場は「シリ...

LINEヤフーの技術カンファレンス「Tech-Verse 2026」の公式記事です。はじめにこんにちは。LINEヤフー株式会社のDBaaS DevOpsチームで働いている朴政武（パク・ジョンム）です。...

Evil Martians benchmarked five WebSocket servers for Node.js: Socket.io, uWebSockets.js, and AnyCable (OSS and Pro). How we caught our own load generator lying, and how to make WebSocket benchmark numbers honest.

Graceful task shutdown, deferred input hashing, composable `--affected` and `--filter`, local cache eviction.

Pro teams can run up to 500 concurrent builds, up from 12. Teams with large repos can ship faster without waiting on queued builds. On-demand concurrent builds are enabled by default for Pro and Enterprise, and you're billed only for the build minutes you use. Learn more about . on-demand concurrent buildsRead more

GLM 5.2 Fast via Wafer is now available on .AI GatewayBased on our own benchmarking across small-context, large-context, and tool-call scenarios, Wafer delivers a 2x higher throughput than other providers serving GLM-5.2 on serverless, leading on decode and end-to-end speed for sustained generation in the small- and large-context cases.In our testing, GLM 5.2 Fast on Wafer measured:To use GLM 5.2 Fast, set to in the :modelzai/glm-5.2-fastAI SDKAI Gateway provides a unified API for calling models

CSS is getting a random() function that lets you set properties with a random value, letting you make interesting and creative new designs…

カミナシでソフトウェアエンジニアをしている furuya です。今回は開催直前！ AWS Summit Japan 2026 の楽しみ方をご紹介します！これを見て、「行ってみようかな」と思っていただけた方がひとりでも増えれば幸いです。 ※2026/06/24 現在公開されている情報や、AWS Summit Japan 2025 のときの情報をもとにしています。最新の情報は AWS Summit Japan 2026 公式サイトでご確認ください。 aws.amazon.com AWS Summit Japan 2026とは 6月25日（木）、26日（金）に幕張メッセで行われる、日本で一番大きな …

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a35">datasette 1.0a35</a></p> <p>I'll write more about this one soon, but it's a big release. Three highlights from the release notes:</p><blockquote><ul><li>New "Create table" interface in the database actions menu, backed by the <code>/<database>/-/create</code> <a href="https://docs.datasette.io/en/latest/json...

Adam knows better than anyone, CSS knows about the user, device, variables, layout and more. But there is a little bit of information that CSS doesn’t have. Like what’s the current value of a range input exactly? What are the exact coordinates of the mouse? It’s not hard to pass over that information to CSS […]

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/opfs-pyodide">OPFS + Pyodide test harness</a></p> <p>I've been pondering if <a href="https://lite.datasette.io/">Datasette Lite</a> - the Python Datasette application run entirely in the browser using Pyodide and WebAssembly - might be able to edit persistent SQLite files stored on the user's computer.</p><p>That's what <a href="https://developer.mozilla.org/en...

The new executive order sets a 2030 migration deadline and establishes a powerful foundation for post-quantum resilience. We look at what it gets right, where it can go further, and our migration playbook for government and industry.

Explore how my day as a senior leader looks now that I use 40 automations to help, and learn more about some of my favorites.The post I automated my job (and it made me a better leader) appeared first on The GitHub Blog.

We’re calling for targeted amendments to resolve conflicts with open source licensing and align with international transparency frameworks while preserving regulatory intent.The post GitHub joins coalition advocating for fixes to California AI Transparency Act to protect open source appeared first on The GitHub Blog.

AI agents are pulling packages into environments no scanner is watching, creating exposure before security teams can see it.

This is the technical companion to our update on Distilled, “Keeping the web open and private in the bot era.” Here we take a deeper look at the problem space, the design we’re proposing, and the problems still left to solve. Bots (and privacy-preserving browsers) not welcome Browse a news site in a private window. Shop […]The post PACT: Anonymous Credentials for the Web appeared first on Mozilla Hacks - the Web developer blog.

記事は ics.media へアクセスしてご覧ください。

2026年6月23日に、GMO Flatt Security主催の「OSS開発者は今何をするべきか？ソフトウェアサプライチェーン侵害対策を考える」で「Hardening npm Publishing」というタイトルで、npmパッケージの公開フローをどう守るかについて話しました。スライド: Hardening npm Publishingローカルのトークン管理やnpm Trusted Publishingについては、以前の記事で書きました。1Passwordを使って、ローカルにファイル(~/.configや.env)として置かれてる生のパスワードなどを削除した | Web Scratchパスワード管理/MFA管理の戦略 | Web Scratchnpm Trusted PublishingでOIDCを使ってトークンレスでCIからnpmパッケージを公開するこの記事ではそれらを前提に、GitHub Environmentsとnpm staged publishingをどこに入れるかの話をスライドベースでかいています。サプライチェーン攻撃をすべての侵害を防ぐのは難しいです。それでも、ローカル、

Aikido partners with Drydock to bring pre-publish package review to npm and PyPI. See exactly what's inside a release before it ships, malware caught before download number one.Category: Product & Company Updates