A phishing attack targeted developers using a typosquatted npm domain (npnjs.com) to steal credentials via fake login pages - watch out for similar scams.

Knip hits 500 releases with v5.62.0, refining TypeScript config detection and updating plugins as monthly npm downloads approach 12M.

A versal letters is a typographic flourish found in illuminated manuscripts and traditional book design, where it adds visual interest and helps guide a reader’s eye to where they should begin.Getting Creative With Versal Letters originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Ensuring your product communicates clearly to a global audience is not just about localisation. Even for products that have a proper localisation process, English often remains the default language for UI and communications. This article focuses on how you can make English content clear and inclusive for non-native users. Oleksii offers a practical guide based on his own experience as a non-native English-speaking content designer, defining the user experience for international companies.

はじめに こんにちは、FANTECH本部 Fanbase事業部でモバイルアプリエンジニアをしている成 ...

Highlights from Launch Week 15

Build an Open Source Project over 10 days. 5 prize categories.

Upload files up to 500 GB with significant egress cost reductions.

Mount S3-compatible buckets as persistent file storage in Edge Functions with up to 97% faster cold start times.

こんにちは、STORES 技術推進本部のid:atponsです。普段はSTORESの技術的な課題の解決や改善、パブリッククラウドの運用などを担当しています。 今回は、開発者体験を損なっていたプライベートパッケージレジストリのトークンの運用を見直し、セキュアで簡単な認証の仕組みをリバースプロキシの自作で実現した話を紹介します。

こんにちは、フロントエンドエンジニアのやなぎ（ @apple_yagi ）です。 PR TIMESのフロントエンドでは、これまで状態管理にRecoilを利用してきました。しかし、Recoilは現在アー […]

エンジニアリンググループ ゼネラルマネージャーの横本(@yokomotod)です。 このブログはSREチームブログリレー4日目の記事です。 昨日は山本さんによるSRE作業もGemini CLIで効率化する記事でした。 www.m3tech.blog 続けて今日もAIコーディング関連、Claude CodeのSDKが気になって触ってみた知見を紹介します。 言わずもがなClaude Codeは強力なツールで、最近はHooksなども登場し、拡張性もどんどん強化されています。 しかし、まだまだもっと自由に機能強化して「オレの最強のClaude Code」を作ってみたいですよね。 というわけで、Clau…

July 18, 2025 ​A little late, but it's time for another community showcase! 🎉So many good things have happened over the last quarter in the community and around the ecosystem, and there's so much more to come 🚀Prettier CLI ​The Prettier team has been collaborating with the e18e community for some time now on a new, faster CLI for Prettier. In June, this was released behind a flag for all to try out! 🎉This has been a great collaboration, driven mostly by the work of @fabiospampinato and plenty...

Read June 2025 Security Releases

Pikku 0.8 introduces RPCs, queue workers, MCP server integration, and bundle-level service shaking — setting a new baseline for what a modern typed backend framework should offer.

💡 このドキュメントは、2025年7月の時点でPreview FeatureであるGo ...

The EU Cyber Resilience Act is prompting compliance requests that open source maintainers may not be obligated or equipped to handle.

Learn how Conformance with Nx Cloud eliminates manual compliance tracking and enforces coding standards across your entire organization. See how to solve real problems like inconsistent code review processes with technology-agnostic rules.

Mux Video gets 20% cheaper with reduced encoding, storage, and delivery pricing. The biggest cost reduction in company history.

As we continue in our mission to democratize video for every developer, we're making Mux Video more affordable by lowering prices 17-23%.

記事は ics.media へアクセスしてご覧ください。

A non-React developer built a trade lifecycle simulation using three AI assistants as his coding team, discovering that managing AI agents is rather like conducting an orchestra where each musician excels at different parts of the piece but occasionally abandons the score for a spot of impromptu improvisation. The project demonstrated that whilst AI collaboration can be very useful, someone still needs to wave the baton when your string section decides to have a go at bebop when they should be p

Gathered notes on Liquid Glass, Apple’s new design language that was introduced at WWDC 2025. These links are a choice selection of posts and resources that I've found helpful for understanding the context of Liquid Glass, as well as techniques for recreating it in code.Getting Clarity on Apple’s Liquid Glass originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

!この記事は、CYBOZU SUMMER BLOG FES '25の記事です。 自力で計算なんてしたくはないけども皆さんは自力で UTC と特定のタイムゾーンの間の時差の計算をしたことはありますか？そもそも、システムのタイムゾーンと UTC の時差を計算するだけなら Date オブジェクトを利用すれば簡単に計算できますから、自力で計算する必要はありませんね。const date = new Date();const utcOffset = date.getTimezoneOffset(); // 分単位で取得console.log(`UTCとの時差: ${utcOffs...

This is part two of a story about how we overcame the challenges of making a complex system more scalable.

now supports the , enabling AI apps to query a million public GitHub repositories using a standard interface. Whether you're building in Cursor, using Claude, or integrating your own agent, Grep can now serve as a searchable code index over HTTP.GrepModel Context Protocol (MCP)Read more

We've got this pattern on the Set Studio website. It's three summaries with headings that render in a three column grid which as the viewport reduces in space, automatically stack.The three column grid part is pretty straightforward, we're first using this little layout composition..grid { display: grid; grid-template-columns: repeat( var(--grid-placement, auto-fill), minmax(var(--grid-min-item-size, 16rem), 1fr) ); gap: var(--gutter, var(--space-l));}Then we're hinting the browser to make it a

Discover what’s new: Line Height, Server-side Editor API, EU Region support, upgraded Markdown, and major breaking changes.

生成AIによって直接的にサーバ運用・調査をアシストする試み

Bring lightning-fast search to your Supabase apps, with no code required.

New unified logging, advanced reports, and AI debugging capabilities.

こんにちは。ruby-devチームの遠藤（@mametter）です。 次期バージョンのRubyでは、pathnameがRuby本体組み込みとなり、require "pathname"なしで利用可能になる予定です。 Rubyで書き捨てスクリプトを書いてる自分のような人は地味にうれしいかもしれません。 Feature #17473: Make Pathname to embedded class of Ruby - Ruby - Ruby Issue Tracking System さて、pathnameの組み込みがマージされた直後、非常に興味深いバグが発生しました。 今回はそのデバッグの経緯を技…

Astro 5.12 ships TOML support for content loaders, experimental raw environment values, and improved Netlify adapter development experience!

Learn how SSO and automated user provisioning help B2B SaaS companies meet compliance standards like SOC 2, ISO 27001, HIPAA, and GDPR, and how WorkOS can get you enterprise-ready fast.

Checkly is now available in the AWS Marketplace. See what this means if you're an AWS user.

はじめに 株式会社 AJA でバックエンドエンジニアをしている片山です。 「GitHub Actio ...

How we cut Storybook’s bundle size in half

In June, we experienced three incidents that resulted in degraded performance across GitHub services.The post GitHub Availability Report: June 2025 appeared first on The GitHub Blog.

Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.

Join Nx CEO, Jeff Cross, and CTO, Victor Savkin, for an essential security briefing on protecting your build infrastructure from emerging threats. With the recent publication of CVE-2025-36852 – CREEP (Cache Race-condition Exploit Enables Poisoning, severity 9.4), it's more critical than ever to understand the security implications of your build and CI/CD choices.

Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.The post How to catch GitHub Actions workflow injections before attackers do appeared first on The GitHub Blog.

That idea you've been sitting on? The domain you bought at 2AM? A silly or serious side project? This summer, we invite you to build it — for the joy, for the vibes, For the Love of Code 🧡The post For the Love of Code: a summer hackathon for joyful, ridiculous, and wildly creative projects appeared first on The GitHub Blog.

Learn why flip phones still matter in 2025, and how you can build and launch web apps for these tiny devices.

A single button, but it has two different behaviors in JavaScript depending on how far you’ve scrolled in an element (as determined by CSS!)

We’ve partnered with marimo to bring their best-in-class Python notebook experience to your Cloudflare data.

State of Devs 2025 survey results are out! Sunkanmi Fafowora highlights a few key results about diversity, health, and salaries.What I Took From the State of Dev 2025 Survey originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Access to a new central security page and launch of additional controls.

Create, review and merge Supabase branches all within the dashboard.

Customize icons, attributes, and page slugs with the latest Starlight release.

SaaS sprawl and shadow IT create significant security vulnerabilities, exposing organizations to unmanaged apps, unauthorized access, and compliance risks. It’s simply not enough to secure access to the applications you’re actively managing. You also need to secure everything else. That’s one of the reasons we acquired Trelica earlier this year.Organizations must be capable of identifying and managing applications that are used outside of IT and security’s purview. We’ve also seen some organizat

AI agents are rapidly transforming how software is accessed, operated, and integrated, such as automating workflows, calling APIs, and interacting with tools and SaaS platforms on behalf of users. This paradigm unlocks powerful new capabilities, but it also raises urgent questions about how sensitive data, especially credentials and secrets, should be managed.At 1Password, we’re building for this future with security at the center. As we explore protocols like the Model Context Protocol (MCP), w

Scott Logic created the Technology Carbon Standard Schema, an open-source tool that helps companies measure and share their digital carbon emissions data. With the ICT sector consuming 4% of global electricity, most organisations lack standardised ways to track their technology-related carbon footprint. The schema provides a structured format for measuring and exchanging this data between companies.

Let's examine Express' default error handling behavior and learn how to customize it for different scenarios.

We'll explore two advanced JIT compilers for Ruby: TruffleRuby and JRuby.

React Router's RSC support is more than just a new feature. It's a major architectural shift that makes it a much more powerful library while also making Framework Mode less coupled to any particular bundler.

A comprehensive guide to the OAuth 2.0 Authorization Code Grant, including how the flow works, how to implement it with PKCE, and what’s new in OAuth 2.1.

Learn how to add Multi-Factor Authentication (MFA) to your homegrown authentication system using WorkOS, with detailed code examples for TOTP and SMS-based flows.

A look at what happens when you add a whole list of transforms to an element, and how that interacts with `animation-composition`.

はじめに こんにちは、株式会社LegalOn Technologiesでソフトウェアエンジニアをしている藤田です。LegalOn Technologiesでは、日本の法務分野における自然言語処理（NLP）のための包括的なベンチマークデータセット、LegalRikaiを作成しています。LegalRikaiは日本法に特化したさまざまなタスクを含むベンチマークデータセットで、法務NLPベンチマークデータセットの現状における重要なギャップを埋めることを目的としています。 この記事は、前回公開した以下の続編になります。 tech.legalforce.co.jp 今回の記事では、当時まだ公開されていなか…

Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.

Explore how you can set Copilot coding agent up for success with custom instruction and Copilot setup steps.The post From chaos to clarity: Using GitHub Copilot agents to improve developer workflows appeared first on The GitHub Blog.

July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, causing downtime for 62 minutes for customers using the 1.1.1.1 public DNS Resolver.

Gartner has recognized Cloudflare as a Visionary in the 2025 Gartner® Magic Quadrant™ for SASE Platforms report.

Explore how real-world vulnerabilities look in the Kotlin code of Android apps and see how SonarQube helps detect them.

June was the busiest month for DDoS attacks in 2025 Q2, accounting for nearly 38% of all observed activity.

Secure your MCP servers with OAuth using version of the , which now includes official support for the . This release introduces:1.0.0MCP AdapterMCP Authorization specHere’s an example of how to integrate auth in your MCP server:Additionally, use the to expose resource server metadata for compliant clients. Learn more in the .protectedResourceHandlerMCP Auth documentationDeploy an example MCP server by , or explore starter integrations from our auth partners:cloning our Next.js MCP templateRead m

You can now access , a new mixture-of-experts (MoE) language model from , using Vercel's with no other provider accounts required.Kimi K2Moonshot AIAI GatewayAI Gateway lets you call the model with a consistent unified API and just a single string update, track usage and cost, and configure performance optimizations, retries, and failover for higher than provider-average uptime.To use it with the , start by installing the package:AI SDK v5Then set the model to :moonshotai/kimi-k2Includes built-i

Kiro は AWS が開発した IDE 内蔵型の AI コーディングエージェントです。Kiro の特徴は単なるバイブコーディングにとどまらず、スペックを使用して仕様駆動開発でアプリケーションを開発できることです。この記事では Kiro を使ったアプリケーション開発の流れを紹介します。

I'll start by saying I am very much an AI-sceptic — at points, seething at the whole landscape. What I do appreciate though is that the genie is already out of the bottle and it's too big to fit back in. AI is going nowhere, although the current tech hype cycle increasingly looks fragile.It's the exploitation that makes me mad, especially. I run this publication and AI has stolen everything. Not just this publication either because it's even stolen premium content, such as Every Layout.To combat

Nuxt 4.0 is here! A thoughtful evolution focused on developer experience, with better project organization, smarter data fetching, and improved type safety.

Sara Vieira talks JavaScript, hardware hacking, and speaking at conferences—plus restoring Game Boys and building emulators.The post Sara Vieira on Game Boys, JavaScript, and Community appeared first on Semaphore.

Sync Stripe webhook data directly to Postgres using standalone TypeScript library.

Analytics buckets optimized for large-scale data analysis with Apache Iceberg support.

Build functional web apps with Supabase backend directly in Figma Make, with no backend expertise required.

社内ドキュメントの内容をAIに食べさせたいじゃないですか こんにちは。Feature2 Unitのうなすけです。一番よく使っているAIサービスはClaudeです。 Reproでは社内ドキュメントにesaを使用しています。他にも、Kibela、DocBase、Notion、Confluenceなど、様々な社内ドキュメント用サービスがありますよね。その中でもNotionにはNotion AIが、ConfluenceにはAtlassian Intelligenceがあり、AIと連携した便利な機能がある……と聞いています。僕はどちらも使ったことはありませんが。 僕の周りでは特にNotion AIを使っ…

こんにちは。SREチームのチームリーダーをしている後藤です。 このブログはSREチームブログリレーの2日目の記事になります。 私がSREチームのチームリーダーに就任してからもうすぐ3年になります。 その間に様々な課題に取り組んできたのですが、中でもチームの属人性について考える機会は多くありました。 本記事ではSREチームが属人性の解消に向けてどう向き合ってきたか振り返りまとめていきたいと思います。 属人性についてディスカッションする動物たち generated by Gemini

Rolling out 1Password across your company should be fast, simple, and secure. But if you’re an IT admin deploying to thousands of employees, it can quickly become tedious.That changes today.We’re excited to launch two powerful improvements to help enterprise teams roll out 1Password faster, more securely, and with more control:Customizable onboarding emailsPaginated views for faster performance at scaleLet’s take a closer look.Customize your onboarding emails to build trust from the startWhen yo

Having just completed the Graduate Training at Scott Logic, I wanted to reflect on the last three months and offer some advice to those who may be taking part in the future.

A technical dive into man-in-the-middle (MITM) attacks—how they work, real-world tactics used by attackers, and best-practice defenses to protect software systems, APIs, and network traffic.

North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.

When it comes to merging code, developers will always make the final decision. But we’re rethinking how tools like GitHub Copilot can help. The post Code review in the age of AI: Why developers will always own the merge button appeared first on The GitHub Blog.

Designing a new AI feature? Where do you even begin? From first steps to design flows and interactions, here’s a simple, systematic approach to building AI experiences that stick.

A little reminder from Matt Smith that getting the last item in an Array is easier now:

You can now use to search public repository on GitHub, no longer limited to the 1M+ pre-indexed repos.GrepanyTo search a specific repo, use .grep.app/[owner]/[repo]For example: visit and start typing a search query (try ).grep.app/vercel/aistreamTextGet quick, full-text and regular expression search across the repo without any setup.Read more

is now available as an on the Vercel Marketplace. Clerkauthentication providerBuilt for modern frameworks like Next.js, simplifies authentication while giving teams full control over UI, sessions, and user roles, all tightly integrated with Vercel’s deployment model.ClerkWith the integration, you get access to:Get started with on the Vercel Marketplace.ClerkRead moreInstant provisioning of Clerk apps from your Vercel dashboardComplete user management with hosted dashboards, sessions, and rolesBu

safeguards preview and production URLs so that users can't access the domains that you don't want them to. Starting today, the option has been updated for new projects to protect all automatically generated domains, including the production branch git domain (for example ). Existing projects can update to this new behavior in the Project settings page in the Vercel dashboard.Deployment ProtectionStandard Deployment Protectionproject-git-main.vercel.appRead more

The many ways to juggle line length when working with text... including two proposed properties that could make it easier in the future.Setting Line Length in CSS (and Fitting Text to a Container) originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

今回は、AI Agentが自身で解決できない問題に直面した際に、Slackを通じて人間に助言を求める ...

こんにちは！ エムスリーエンジニアリンググループ、SREチームの平岡(@uhtter)です。 このブログはSREチームブログリレーの1日目の記事になります。 今年もこの季節がやってまいりました。 2025年7月11日と12日の2日間で開催された、 SRE NEXT 2025 に行ってきました。 今回の記事はその参加レポートです。 イベント公式マスコットの信頼けろぺん君。信頼性は高く、そしてかわいい。

A new JWT signing keys system based on public key cryptography to improve your project's security and performance.

We are launching new components in the Supabase UI Library that makes it incredibly easy to build platforms on top of Supabase.

I wrote a script that lets me run ocr image.png to extract text from images. This is useful for pulling text from screenshots, photos, and more.It only works on macOS because it uses Apple’s proprietary text recognition API. (I’ve used Frog for OCR on Linux, which I believe uses Tesseract under the hood.)Let’s say I want to extract text from this picture:I run this command…ocr /path/to/photo.jpg…to get this output:The author's reflections on his situation- Isdeceived by a promise of being delive

A beginner-friendly introduction to AI agents, exploring what they are, how they work, the different types, and why they matter in today’s AI-driven world.

Learn how MCP Roots define resource boundaries in distributed systems, enabling clients to scope server behavior with clear, URI-based context declarations.

Can AI replace Playwright CodeGen for test automation? Explore the new Playwright MCP server that lets AI control real browsers to generate end-to-end tests with proper context and code examples.

The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.

AI コーディングエージェントは便利ですが、任意の Bash コマンドを実行できるため、ユーザーのシステムに影響を与える可能性があります。Container Use は MCP サーバーとして動作し、AI コーディングエージェントにサンドボックス環境を提供します。この記事では Container Use の利用方法について紹介します。

Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.

The last part of this series is taking our site that we've got in GitHub and addng an Astro build process to it, then mapping a domain we own to the Netlify-hosted site.

v0 は Vercel が開発した AI ベースの Web アプリケーション・UI 生成ツールです。v0 のプラットフォーム API を使用すると、v0 の機能を自身のコードから利用できます。この記事では v0 TypeScript SDK を使用して、v0 のプラットフォーム API を試してみます。