Hosmel Quintana

You guys remember the people saying it was a problem of the Javascript ecosystem only? Wonder where are they now. 🤭

@aarondfrancis Are there any plans to enable open terminals without projects? I still need to do a lot of terminal work, and currently have to open it.

Codex was trying to install something that needed sudo and since it's running in Solo it just spawned a new terminal, sent it the install commands, and waited for me to type my password. Pretty cool flow!

🚨 Supply chain attack on the Laravel Lang organization: 700+ historical versions across multiple community-maintained Laravel Lang packages were compromised with an RCE backdoor, including: laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes Laravel-Lang/actions The payload targets cloud creds, CI/CD secrets, Kubernetes tokens, Vault, browser data, password managers, SSH keys, and more.

Y dicen que en PHP/Laravel no pasa.

@mikker @sindresorhus I'm a big fan of @sindresorhus's packages and apps, and now I'm also a big fan of Tuna! 😊

@sindresorhus In the meantime try my Tuna! It uses both your KeyboardShortcuts and Defaults packages, fully native 😊 Would love to hear what you think!

So basically Raycast spent a lot of time to rewrite it to be worse because of Windows 🤷‍♂️ raycast.com/blog/a-technic…

Say what you want: this is impressive. github.com/oven-sh/bun/pu…

🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading. Newly confirmed compromised artifacts: @​opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads) mistralai: 2.4.6 on PyPI guardrails-ai: 0.10.1 on PyPI additional @​squawk/* packages on npm guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.​pyz, writes it to /tmp/transformers.​pyz, and runs it with python3 without integrity verification. The git-tanstack.​com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds Regardless I just came to say hello :^)” The page also linked to a YouTube video and you can probably guess which one.

GENERICS 👀

El CEO de Coinbase dice que ahora todos los equipos, aún los no técnicos, publican código en producción y crean agentes para automatizar todo. Esto lo estoy viendo en muchas empresas con CEOs IA-bros, la peor parte es que cuando hablás con esos equipos sin presencia de los jefes están con miedo, estrés, hacen como que entienden pero no entienden qué están haciendo. Todos con el miedo de "si no hago esto y no hago como que se de IA, me rajan". Me cuentan que abren la terminal que no saben usar, instalan skills y cosas que no reconocen, copian y pegan keys que no saben muy bien qué son, le van preguntando a la misma IA qué hacer y así van iterando hasta que hicieron algo que creen (sin conocimiento técnico para validarlo) que está bien. Cuando veas que todo deja de funcionar en una empresa y todos los procesos están rotos, ya sabés por qué es.

@devhammed You can use serversideup/php image. serversideup.net/open-source/do…

I just published the exact Dockerfile and configurations I used for this. Someone might find it useful or see something to improve.... gist.github.com/devhammed/425f…

@aarondfrancis I use the new features a lot across different projects and occasionally need to continue work on another machine, for example, with @getpolyscope. It would be great if everything could be synchronized.

@hosmelq hmmm not yet, but it's not off the table! can you say more?

Give your agents a place to store all of their tasks! It saves context, allows multi-agent coordination, and keeps everyone on track.

@RhysSullivan Looks great. Is there a way to pass the —port argument to more applications like Laravel? I tried manually passing it, but it gets removed.

made a PR to portless to enable multiple apps to all work on localhost:3000 at the same time feels magical, solves the issue i have with auth all being on different redirect urls

@ericlbarnes You should try tunaformac.com by @mikker

Remember when Apple Spotlight could actually open apps. 👀

A common dynamic I observe with AI: it feels most impressive when you don’t know much about the subject, don’t care or don’t have a clear idea of what the you want. This applies across design, code, legal, and more. If I don’t know code very well, every piece of code it writes feels very impressive. Once you know what something should feel or look like, it becomes almost impossible to guide AI there. And you definitely can’t one-shot it.

Happy to announce TSRX. Think it as the spiritual successor to JSX. We extracted it from Ripple, and made it framework agnostic. It can compile to React, Ripple and Solid, other frameworks to come soon. It's a TypeScript superset language, with a parser, compiler and a selection of plugins for editors + Prettier + ESlint, etc It's early alpha but we thought people might be interested in it. 🧵

I think every team using AWS is going to LOVE the all new @Flightcontrolhq we’ve been working on for 10 months. We’ve designed the most powerful and simple system I’ve ever seen. Devops define IaC that’s turned into a Vercel style interface for developers and agents. Engineered to deploy fast and understand every change. For both your existing infra and new. This product is going to make waves. It’s too much fun. Launching soon!

HeroUI v3.0.3 🚀 ⚡ React Aria Components 1.17 — 90% fewer dependencies, faster installs and builds 🌳 Expandable Table rows for tree-style data 🎨 New useTheme hook for Vite & CRA apps 🧩 DOM polymorphic render-prop API

Huge React Aria release! 🏝️ Expandable table rows 📉 90% fewer dependencies 🔥 Sub-path imports – improved tree shaking, faster builds, and easier discoverability 🪟 Virtualizer window scrolling ➡️ GridList horizontal orientation 💾 NumberField and RangeCalendar commit behavior