Maxime Richard

We’re introducing the Cursor SDK so you can build agents with the same runtime, harness, and models that power Cursor. Run agents from CI/CD pipelines, create automations for end-to-end workflows, or embed agents directly inside your products.

🚀 React Hook Form v7.74.0 is out 🪇 New: setValues for flexible updates 🐞 Fixes: • preserve value when useController name changes • handle null parent on nested unregister • treat NaN as empty with valueAsNumber Small release, solid improvements 👌 github.com/react-hook-for…

A completely local agent that lives right inside your browser. Powered by Gemma 4 E2B and WebGPU, it uses native tool calling to: 🔍 Search browsing history 📄 Read and summarize pages 🔗 Manage tabs 100% local. No servers needed!

Bitwarden identified and contained a malicious package briefly distributed through the npm delivery path for the Bitwarden CLI in connection with the broader Checkmarx supply chain incident. No user vault data or production systems were compromised or at-risk. Additional details and updates are available here: community.bitwarden.com/t/bitwarden-st…

The planet can spell your name – literally. 🔤🌍 This Earth Day, see your name written in landscapes captured by Landsat: go.nasa.gov/4ak4Cdu

Heads up! Bitwarden CLI v2026.4.0 was compromised in the ongoing Checkmarx supply chain campaign. Attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline to ship malicious code. We'll update this post as more details are confirmed. socket.dev/blog/bitwarden…

Today, we’re open-sourcing the draft specification for DESIGN.md, so it can be used across any tool or platform. We’re also adding new capabilities. DESIGN.md lets you easily export and import your design rules from project to project. Instead of guessing intent, agents know exactly what a color is for and can even validate their choices against WCAG accessibility rules. Watch David East break down this shared visual language in action👇. New capabilities and links in 🧵

Git 2.54 is here with features like config-based hooks, new ways to rewrite history, and much more. ✨ Check out the highlights from this release. 👇 github.blog/open-source/gi…

Claude Opus 4.7 is now available in Cursor. We've found it to be impressively autonomous and more creative in its reasoning. We're launching it with 50% off for a limited time. Enjoy!

The full story of the extension @davebcn87 & @tobi open-sourced is on our Eng Blog: shopify.engineering/autoresearch

Introducing Claude Opus 4.7, our most capable Opus model yet. It handles long-running tasks with more rigor, follows instructions more precisely, and verifies its own outputs before reporting back. You can hand off your hardest work with less supervision.

Finally, @Tan_Stack Start now supports React Server Components! Start's RSCs are a truly fetchable, cacheable and composable primitive that work with your favorite tools instead of dictating your entire architecture. Oh, and one more thing... "Composite Components" 😉 🔗⬇️🧵

Build your own HTTP client with fetch-extras Take only what you need. Tree-shakeable. Built on Fetch. Works in the browser, Node.js, etc. github.com/sindresorhus/f…

HEADS UP. Popular JSON formatter extension has started injecting geolocation tracking and donation UI into websites Reddit thread seems to think they are also swapping tracking IDs for affiliates (a-la honey) Uninstall and switch to another one

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

npm security on the case, both malicious axios versions have been unpublished!

Next.js 16.2 introduces a stable Adapter API, built with Netlify, Cloudflare, OpenNext, AWS, and Google Cloud. But the API is only part of the story. Next.js is used by millions of developers across every major cloud, and making it work well everywhere is on us. Here are our commitments. nextjs.org/nextjs-across-…

TypeScript 6.0 is now available! This release brings better type-checking for methods, new standard library features, new module features for Node.js, and more! But most important, this release brings us one step closer to the upcoming native-speed 7.0! devblogs.microsoft.com/typescript/ann…

COBE v2 is here: markers, arcs, attach any HTML elements, Infinite ideas. cobe.vercel.app

Composer 2 is now available in Cursor.