Devlin Duldulao

Thanks, @voxxed_thess, for taking this photo. My books are already outdated, but they look good here. And I look like a local rapper from Manila. 😆 😎

@aurorascharff The RSC Queen 👸 will be on tour.

I'm going on tour with the Next.js team in June! Coming to Amsterdam and London to share what's new in Next.js 16.3, hang out with the community, and answer your questions. Come say hi: • June 11: Amsterdam: luma.com/34nqdfc3 • June 18: London: luma.com/lfr946sc If you're in SF, there's one there too on June 9: luma.com/vercel-408x

Do you want to know why you still need to read the code that AI just coded for you? So you can answer Q&As during your meetings with your team members, Questions and Address Concerns, and managers.

@aurorascharff @OpenAIDevs 👀

Someone told me I should have a click highlighter for my live demos. So I vibe coded one in 10 minutes with @OpenAIDevs Codex. Meet ClickLight! Wild that we can just build this stuff now. Grab it below ↓

1/ Daloy cannot automatically enforce branch protection, environment approvals, secret hygiene, runner isolation, egress policy, org settings, or deploy-platform configuration in a user’s private repo.

Wrote a post on component architecture with React Server Components. Covers: • The progression from 𝚞𝚜𝚎𝙴𝚏𝚏𝚎𝚌𝚝 to React Query to route loaders to RSCs • How Suspense shapes the loading experience • Why colocation makes components easier to move and reuse (including for agents) aurorascharff.no/posts/componen…

I built the Community Agent Template a while back, an AI Slack bot with a built-in admin panel. It's up on Vercel templates if you want a reference for building agent apps with Next.js.

Your tools could be confusing your agents and you'd never know. I've been having my agents friction log confusing moments as they build Next.js apps. • Tags every step smooth, friction, or blocked • Shows what the agent fell back on when it got stuck • Turns each friction point into a concrete fix

In this workshop, @devlinduldulao will share the workflow behind building a large-scale React app while writing only a minimal part of the codebase. Explore how strategic tooling with TanStack Query, TanStack Router, HeyAPI, and AI coding agents can unlock a new level of productivity. reactalicante.es

@tan_stack @TansTack We are just here if you need any support @tannerlinsley.

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.

@ReactNorway @leichteckig @auth0 @aurorascharff @nextjs @vercel @Plopix @CrystallizeAPI I am also going 😅. See you all there!

We might be down by a speaker, but we still have @leichteckig from @auth0 @aurorascharff from @nextjs team ▲ @vercel @Plopix CTO at @CrystallizeAPI Dora Makszy, Head of Design at Element Logic …and more. One track. No fluff. 👉 React Norway 2026 / Jun 5th, Rockefeller, Oslo reactnorway.com

I noticed something about AI coding model pricing. It follows the iPhone pattern. New model drops → previous model gets cheaper → that cheaper model is still incredibly capable. You don't need the latest to ship great code. You need the right 1 for the right price. Agree😅?

I'm on vacation and eating here at FiveGuys, but I can't help myself to remind engineers @aurorascharff . 😂

A reminder for every engineer building mission-crit apps: Regional redundancy isn’t optional. A single point of failure will find you eventually. One AWS zone went down. Failures spread. Trading stopped. Design for failure before failure designs your incident report. #coinbase

Outstanding job by the whole @g2i_co crew at @ReactMiamiConf for organizing such an amazing event. I highly recommend it for learning and networking with some of the best React developers in the community. Will definitely be back next year 🫶🏼 Peace out.

We used to debate tabs vs spaces. Bad actors are now using LLMs to scan enterprise apps for vulnerabilities at scale. Maybe it's time we care more about security than code formatting. Prioritize security. Not as an afterthought — as a foundation. ✊

Copilot is moving to usage-based billing, so token usage will matter more. Caveman mode might help a little by making AI replies shorter, but the bigger savings will come from lighter models, fewer attached files, fewer agent retries, etc. Need to stop being so triggerhappy now😂

Speaking at @kc_dc in September! 🎙️ I'll be showing a Microfrontend architecture using @rspack_dev 2.0 with streaming and Suspense. If you're on a big React team and struggling with codebase complexity — this one's for you 🫵 kcdc.info

Excited to run a @tan_stack Query + Hey API workshop @mrlubos at @ReactAlicante on Sept 24 🚀 Codegen, AI prompting, AGENTS.md, SKILL.md — all real-world, production-ready stuff 💪.

@ai_backend_engr @aurorascharff certificates.dev/react

@devlinduldulao @aurorascharff Would you drop the link here for us to join?

Me: Preparing for a virtual React bootcamp for the coming week. Her @aurorascharff: Preparing for an in-person React workshop for the coming week. 🤓

The best time to adopt a technology is before people stop laughing at it.

8 years ago, I asked two frontend developers on another team if they were using TypeScript in their new project. They laughed at me and said they don't have time to use "that garbage." Today, TypeScript is the #1 most-used language on GitHub.