Robert Isaac

@brandontroberts @storybookjs @angular @vite_js I was thinking about that when Angular 22 came out with deprecating webpack Can we start using angular-vite now?

📕🅰️⚡️ Step 1, but we did it! @storybookjs 🤝 @angular 🤝 @vite_js github.com/storybookjs/st…

@SimonBitwise Someone must have sent you a video about how to reproduce a bug 😆

Teams app uses 1.13GB's of space WTFreakingF are they doing? Its a text app?

Next time a native app developer tells you web apps are crap and will never be any good, understand this: Apple deliberately sabotages web apps on iOS because they are a direct threat to their App Store business model. They realize web apps have the potential to eat native apps, just like the web has completely eaten desktop software. It’s not about technical capabilities. It’s about the fact that web apps can be freely distributed on the open internet. And if people can install your app straight from the web, why put it in the App Store and pay Apple 30% of all the money you make from it? Web apps are not bad. Apple criples web apps technically and makes it commercially not viable to create only a web app, so not enough good ones are built. We, as web developers, are also to blame here because we should still demonstrate what web apps are capable of, but this is the commercial reality of it. This is why we need web apps, to make sure Apple and Google don’t get to decide which apps are available and which are not.

Angular v22 is now available 🥳 Here is a quick look at what's landing today: ✅ Signal Forms, Angular Aria & resource are officially STABLE ✅ OnPush change detection is now the default ✅ Template updates and more Read the full breakdown on the blog: 📰 goo.gle/angular-v22-bl… Which of these updates is your favorite?

@angular What is the session title? Because I don't see any Angular topic in the schedule

Want the inside scoop on Angular’s next big steps? 👣 Catch the Angular team’s session at Google I/O on May 20th @ 2PM Pacific at Shoreline. Add it to your I/O schedule here: io.google/2026/ 🛠️

Just published skillgrade v0.1.5! 🚀 • Added support for the OpenCode • Configurable grader provider support • Improved overall error handling & stability • Fixes for the local provider npm i -g skillgrade github.com/mgechev/skillg…

@sebastienlorber Too lste, migrated already to vitest

Jest will finally support require(esm) 🎉

@Jean__Meche Wait, what 😲, they were not stable 🤣🤣 Is there any breaking changes? 😅 Because we refactor almost everything to resources when we're moving to zoneless

Merged ✅

@tompischulski @dannymoerkerke @jb But why would you let tracking/ads be stored offline?

@dannymoerkerke @jb Every script you embed in your PWA (analytics/tracking, advertising, ...) can read from local storage etc too

It sucks that it's so difficult to install a PWA on iOS. It sucks that support for PWAs on iOS is limited. But we can't wait for Apple to improve this before we start building great web apps. When users perceive web apps as not as good as native apps, it's not always about the limitations that are imposed upon them. It's also about web apps not using the features that are available to them. Most web apps don't even work offline. How are they supposed to compete with native apps like that? Build a freaking great web app that uses any available feature that makes it better. Geolocation. Wake Lock. Offline support. Biometric authentication. Background Sync. Speech recognition. File system access. Push notifications. Persistent storage. Educate your users that your app can be installed. Add an install button, even if it's difficult on iOS. We can't afford to wait for Apple until we make web apps a success.

@SantoshYadavDev Recently they acknowledged their mistake and promised to focus on fixing things and improve quality

Microsoft used to be my dream company to work for, sad to see it takes a person with big followers count to complain for them to fix things.

@Jean__Meche Now this makes sense 😁

@DevRobertIsaac fakeAsync uses zonejs You shouldn’t use it in a zoneless app.

Angular's Vitest support will finaly support `fakeAsync`` in v22. github.com/angular/angula…

Had an interview with a “crypto” recruiter. We talked for about 40 minutes, and then they asked me to look at some code. Their first instruction was to clone the repo. I didn’t. They seemed surprised, so I told them I wanted a moment to check whether it was safe first. I ran a quick analysis with Claude. Turns out the code had a backdoor. It would copy my environment variables and send them to a remote server. The recruiter went speechless and ended the call pretty quickly. Be careful who you talk to. Scammers are real.

@rauchg I find it vague about what exactly happened with the sensitive environment variables, were they accessed but in encrypted form, or not accessed at all?

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

@angular I find AI struggle with Angular testbed, so it's a common effort between it writing the tests and me managing the before each

We want to hear from you - in 2026, are you using AI to write your unit tests, or do you still prefer the "hand-crafted" approach? 🤖✍️ How has your testing workflow changed this year?

@Jean__Meche @service From what I remember, the Angular team mentioned that they are experimenting with changes that makes AI generate better code, is that one of them or unrelated?

Angular will introduce a new decorator in v22: @Service - Root by default - inject() only It will stream line how we define services and reduce even more the boilerplate. github.com/angular/angula…

@spierala @if @Switch One workaround is to use --create-commits, this will make the control flow migration in its own commit, then interactive rebase and drop the commit But to be clear, I don't recommend not migrating

Does upgrading to Angular 21 enforce the new control-flow syntax (`@if`, `@switch` etc)? (I am using `ng update @angular/core@21 @angular/cli@21`) Can I not opt-out anymore as in previous updates? #angular

@angular To tell if a variable or a class is unused in production code, while IDEs work sometime, usually they don't because a unit test use them

We’re always listening 👂 If you could pick one tiny "quality of life" improvement for the Angular dev experience, what would it be? Small changes can make a big difference - let us know your ideas.

@angular That in the rxResource I should return NEVER if the params aren't ready so it keeps showing loading

Signals continue to transform how we handle reactivity. 🚦 If you’re currently migrating an older project to Signals, what has been your biggest "aha!" moment so far? Tell us about your migration journey below.