Stuart Brameld

Cloudflare: We've built a TypeScript-based serverless alternative to WordPress with sandboxed plugins and mcp/cli agent tooling. WordPress: We're rethinking the left navigation.

@Henryearleahern see if you can spot the one where someone has given some thought to the mcp tools 🦔

Posthog's implementation of AI is one of the few genuinely good ones in SaaS. For me, it's drastically increased the value and use of the product.

"The Flux composer component already has built-in support for exactly what you want." of course it does! @calebporzio magic ✨

@ryanwebdev @aarondfrancis @samhuckaby it’s real, Cloudflare have made big product announcements on April 1st for years

@aarondfrancis @samhuckaby Will it work though? This is far from the first "WordPress Alternative". Also, checks calendar, I'm not even sure if this is real.

This actually sounds incredible - sorry PHP friends, though I know Wordpress isn’t really good PHP…

@ericlbarnes Great video as always, wrote up some details here too in case helpful notesonlaravel.com/axios-supply-c…

The Axios Supply Chain Attack: What Every Laravel Developer Needs to Know

@aarondfrancis @samhuckaby I'd actually placed my bets on Laravel being the ones to dethrone WordPress (had assumed it was part of the Series A investment thesis)

@samhuckaby The more we can disassociate Wordpress and PHP the better. Godspeed to EmDash

@arvidkahl super smart, although I was kind of hoping Laravel would be more involved in dethroning WordPress

"And for this April 1st, we'll dethrone WordPress" — Cloudflare, em-dashing

@kentcdodds smart

Unbelievable. This is not an April Fool's joke

@charlieholtz @conductor_build @ilyasu @nabeel @ycombinator cc @aarondfrancis

Big news for @conductor_build! We've raised a $22m Series A from Spark and Matrix. We raised this round from @ilyasu at Matrix, who also led our seed round and is joining our board, @nabeel at Spark, @ycombinator, and founders of Notion and Linear. We're grateful to be working with investors we trust and admire. Here’s how we got here and where we’re going:

@marcelpociot @christophrumpel @getpolyscope I need to use the slow clap gif more often 🫡

@christophrumpel @getpolyscope I was just waiting for the first person to comment this

I built 2 features from my phone using @getpolyscope on a Linux VPS while I was in the dentist's waiting room. What's your excuse for not shipping?

@jclermont @pushpak1300 @SocketSecurity thanks for all your Laravel tips emails, they’re brilliant 🙏

@stuartbrameld @pushpak1300 @SocketSecurity Thanks for the write up!

Wrote up everything I learned about the Axios supply chain attack and how I've hardened our Laravel app. Thanks to @pushpak1300 for the scan prompt, @jclermont for the CVE documentation nudge, and @SocketSecurity for catching it in 6 minutes. notesonlaravel.com/axios-supply-c…

@JHTScherck I’m no expert here but if you can easily implement something that has the potential to make crawling your content easier than crawling someone else’s, why wouldn’t you?

How come in all the discourse around llms.txt not being worth it — no one mentions that Claude Code hits it before accessing API documentation?

@aarondfrancis still come back to this post regularly 🙏

My personal Twitter guidelines (absolutely not a 🧵): • Encourage other people - if you like the work someone is doing, tell them! • Be positive - a feed full of negativity is zero fun to follow. • Share what you're working on - people are drawn to other people in motion.

@pushpak1300 Thanks for this Pushpak, I added a check for plain-crypto-js and included it here notesonlaravel.com/axios-supply-c…

Just asked claude to scan my all lock files in computer to see if anywhere was using pwned axios. It scanned perfectly and figured it out. If you have run npm install/Installed any extension or anything before you can run this prompt to check if all the folders in your computer are safe. ----------- There's an active supply chain attack on axios. The compromised versions are axios@1.14.1, plain-crypto-js@4.2.1 and axios@0.30.4. DO NOT upgrade or install any dependencies. Scan my entire machine for lock files and check if any project has these compromised versions resolved. Step 1: Find all lock files find ~ -maxdepth 6 \( -name "package-lock.json" -o -name "yarn.lock" -o -name "pnpm-lock.yaml" -o -name "bun.lock" \) 2>/dev/null | grep -v node_modules | grep -v .cache | grep -v .Trash | grep -v Library Step 2: Search those lock files for the compromised versions xargs grep -l "axios.*1\.14\.1\|axios.*0\.30\.4" on the results Step 3: Also check all package.json files for axios dependency declarations using ^ ranges that could resolve to the compromised versions on next install (e.g. ^1.14.0, ^1.13.x, ^1.x). List these as "at risk" projects. Report: - AFFECTED: projects with compromised versions already in lock files - AT RISK: projects with caret ranges that could resolve to 1.14.1 on next npm/bun/pnpm install - CLEAN: if nothing found Do not install, update, or modify anything. Read-only scan only. -----------

@lkr likewise

@stuartbrameld thanks for the heads up, looks like mine was not impacted but learning what I need to do for prevention in the future

This is a huuuuuge unlock for any founder. If you aren't using claude code yet, start by using it for this

MCP servers bundle more than just API calls: Tool descriptions — Rich descriptions telling the AI when and why to use each tool, what the parameters mean, and what to expect back Parameter schemas — JSON Schema with validation, enums, defaults, and descriptions Error handling context — Structured error responses the AI can reason about Prompt engineering baked in — The tool descriptions are often tuned so the AI uses them correctly The real value of MCP servers isn't the API call , it's the AI-ready interface.