Kyler Johnson

Generate #typescript interfaces, HTTP request code, and even mock data from your Open API document using Orval! With support for Fetch, Axios, React Query, Angular, and more, it probably supports your HTTP client. kylerjohnson.dev/blog/orval

Crazy how the web is still the only platform that doesn’t suck to develop for.

Because it sounds peaceful and requires doing the opposite of what they currently do: work with something that is real/tangible. They’ve romanticized it in their minds. Of all those who make this claim, I bet fewer than 1% would actually do it or stick with it. It’s hard, risky, and exhausting work. You can work from sunrise to sundown every day for an entire season and one bad storm, flood, or bug swarm can take it all away.

Be honest, Why is every software engineer’s backup plan always farming?

@wesbos It will not completely replace UI development the way many (especially backend engineers) seem to think. There will still be plenty of need for a standard, pre-defined UI.

Give me your hottest takes on generative UI, MCP apps, agents returning widgets, and chat as the final interface Working on a talk for JS Nation and I want to spotlight some differing opinions

Omni. Everything at your fingertips. Omarchy + Quickshell Overdid it this time, didn't I.

Oof

I strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out. I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really). It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely. The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture. We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying. I worry.

@Candid_Apples @ayesha_fatiima Create whatever strawman you like. It doesn’t change the fact that you are not forced to use snaps. No one is forcing you. If you don’t like the default, that’s valid. Talk about that instead. That makes sense.

Dude, when I install a package from Mint, I can very clearly choose either the deb package or the flatpak. And when I choose the deb, it ACTUALLY INSTALLS THE DEB. It doesn't sneakily install the flatpak after I specifically chose the deb. And to answer your question of why I care, there are some conditions that simply will not work with apps installed via snap or flatpak and require the native version. An example is the KeePass ds browser extension. This defense of corporate absurdity over the needs of users is ridiculous.

Since Canonical keeps making anti-Linux decisions, it's getting ridiculous. They are forcing Snaps on everything (even Firefox via apt), spam terminal with Ubuntu Pro ads, and the Snap Store keeps letting malware through. This isn't the Ubuntu we loved anymore. It's turning corporate. Time to switch. I am planning to go with fedora or something else

@c_pdpls @ayesha_fatiima Did read the comment to which you replied? It’s a default. If you don’t like it, change the default behavior. It’s not forcing you to install the snap anymore than any distro “forces” you to use its default browser, DE, etc. Once again, your argument is absolutely absurd.

@KylerJohnsonDev @ayesha_fatiima Explain to me how it’s not forcing when I run “apt install Firefox” and it pulls the snap version ? I then have to force the packet manager to pull the actual Firefox binary instead of the snap one. They managed to inject snap straight into the aptitude packet manager

So Canonical builds a universal package format and provides first class support for it and you call it “forced” or “tricked”? If you’ve ever maintained a Linux package format multiple package managers across distros, you know how big of a problem that is. Universal package formats like Snaps and Flatpaks are trying to solve that issue, bringing more software to Linux. Why do you care whether it’s a snap or a deb package? Do you care in Fedora whether something comes from the Fedora repositories or the fusion repositories? What about custom repositories? Do you care when distros like Mint installs deb packages from Mint’s custom repositories instead of from Ubuntu or Debian (on which it’s based)? What about when distros like Mint conditionally installs flatpaks instead of deb packages? For instance, certain hardware-sensitive or fast-evolving media players or software store backend utilities are deployed as Flatpaks natively if the native Debian/Ubuntu ecosystem lags behind. Do you accuse Linux Mint of the same thing? That’s actually closer to “forcing” you to use something than what canonical is doing with Snaps. The accusation and anti-canonical rhetoric is absurd.

@KylerJohnsonDev @ayesha_fatiima I mean, fine. You don't like the word "forced"? Is tricked note accurate?

@Candid_Apples @ayesha_fatiima No, it isn’t. It is a default that you can change in 2 seconds in your apt preference file. You people keep using the word “forced” and I don’t think you know what it means. If you were actually “forced” you wouldn’t be able to change it.

@KylerJohnsonDev @ayesha_fatiima When you apt install and the snap is what actually gets installed, that's forcing snaps.

Next.js just got its worst vulnerability ever, CVSS 8.6. → affects versions 13.4.13+, 14.x, 15.x, and 16.0.0–16.2.4 → attackers can access your internal services, cloud credentials, API keys, and admin panels → no authentication needed → one crafted request is all it takes → roughly 79,000 instances are exploitable right now → vercel-hosted apps are safe, self-hosted are not upgrade to 15.5.16 or 16.2.5 immediately.

VS Code was already used by millions of developers for agentic coding. However, the editor layout has traditionally been optimized for single-task and single-workspace workflows. Today, we're introducing a new window to enable our users (and ourselves!) to work with multiple agents across multiple projects: Agents. Now available in VS Code stable!

@themishra4402 Neither. I’d recommend Zorin OS.

Linux users… 👀 Which distro would you recommend to a complete beginner?

In #Angular if you need a “base component” to provide a standard set of properties, please do not ever use a “component” decorated class for the base. Instead, use a directive for the base class so that Angular doesn’t have to reconcile the template of the base component. A component is really just a directive with a template associated with it anyway and you don’t need the template for a base class. So use a directive instead and skip the weirdness that happens when Angular has to reconcile a template on a base class.

🚨 How the TanStack npm attack actually happened: 1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo. 2. GitHub automatically ran CI tests on that PR. 3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run. 4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays. 5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

@Theanticloud1 @themishra4402 @SakshiSugandhi @ZorinOS is even better for beginners, especially those coming from Windows. Zorin’s recent v18 release had over 3.3 million downloads in the first 6 months of its release.

@themishra4402 @SakshiSugandhi Linux mint is the crust to cherry pie and the linux kernel is the filling. Windows 11 is stuffed crust pizza with the windows nt 10 kernel being the cheese.

Linux users: What’s the one reason you stay on Linux over Windows?

@DanielGlejzner Yes. Because AI can’t do much non-trivial without the solid context and direction of experienced devs. Even then, it’s not effective making updates to gnarly legacy code bases without tech expertise required to take it from what it is to what it should be.

Are you still reading technical articles when it comes to software development?

The content in this video is spot on youtu.be/24-6yY4hW_w?si…