Ray Thurn Void

Ways to mitigate GitHub/npm supply chain attacks: - Use pnpm - Block all postinstall scripts unless necessary - Use minimumReleaseAge - Set up Trusted Publisher on npm/GitHub - Disallow npm tokens - Require 2FA for all org members - Avoid pull_request_target - If repo is public, consider restricting PRs to collaborators only - Pin GitHub actions (peter⁠-⁠evans⁠/⁠create⁠-⁠pull⁠-⁠request⁠@⁠v8 → peter⁠-⁠evans⁠/⁠create⁠-⁠pull⁠-⁠request⁠@⁠5f6978f...)

I don't think the effort tiptap puts in open source is appreciated enough

Does this mean that the price of Opus API is the real cost of AI? So is off reach for anybody that doesn't have millions in VC money?

@brotzky terrific read!

Introducing performance.dev! A new space where I explore how the best apps in the world are built. First piece: How's Linear is so fast? a technical breakdown. performance.dev/how-is-linear-…

@aidenybai which one did you try

kinda crazy there's still not a single UI testing solution that _actually_ works just a bunch of companies that claim it works but end up miserably testing the stuff that doesn't even matter

@amitisinvesting I bought the dip but turns out now we are at the dippidy dip

$MU $818 to $668 who’s buying the dip?

@plainionist care nobody cares about anything anymore, everything is just a stunt to push in production as fast as possible and then someone else will fix the mess

Serious question: What makes a great developer in the age of AI? 🤔

Many people are already at the stage where they look at the slot machine result and cannot even understand if it's good or not It's like you just received a Ferrari and decided to sit in it and doom-scroll in tiktok

AI is not a threat to jobs, this is, some months ago @thdxr pointed this out correctly, you became lazy, you just press the button and hope the slot machine gives you the right result

If the creator of Pi is calling this out, maybe is time to cool the hype a bit?

@AriesTheCoder To me it looks like an over engineered approach for people that do not want to understand the root issue I just manually prompt the agent to maintain skills that i use as docs and templates for tailored workflows If i want the agent to ask questions, i ask it to ask questions

Quick question about skills: Superpowers skills - do you use them in codex? Are they actually useful?

Sometimes str.length is not enough to know the size of a string in bytes To understand why you can watch Plain Text by Dylan Beattie Today i found a nice package called ehmicky/string-byte-length that does this right and in a performant way

@steipete @sveltejs @dummdidumm_ please ride this endorsement and write AI and Agent everywhere on svelte docs 🤩

Been using @sveltejs for a few projects lately, it's quite a nice alternative to React, fewer gotchas and complexity and Codex handles it really well. svelte.dev

Fast forward to today, everybody is obsessed with "harness"

1 and half year ago, when people was freaking after sonnet 3.7, I was like, no is not that impressive how sonnet 3.7 is better than sonnet 3.5. What is impressive is the amount of work Cursor is doing around it to make the model actually useful.

@jsgrrchg unnamedIDE

Suggest a name for my IDE. Im ready to open source it.