Front-End Fire | Słuchaj podkast online za darmo

Dostępne odcinki

5 z 114

npm’s Biggest Supply Chain Attack (and What We Learned)
Just 5 months ago we covered how Storybook 9 was in beta, and already Storybook 10 is in beta. The biggest change is that Storybook is going all in on ESM and dropping CJS support, which is making for some big performance gains and smaller bundle sizes.This past week, npm suffered the largest supply chain attack in its history when a prolific OSS maintainer got phished. Luckily, the attack was noticed and reported within the hour and it looks like the hackers got next to nothing for their efforts, but it serves as another reminder to be extra careful before clicking links in emails.In the same security vein, browser company Brave uncovered a security vulnerability in AI-browser Comet where malicious instructions on a web page could cause the agent to “go rogue” while it was being asked to summarize a page’s contents. Perplexity has since added more guardrails to try and mitigate this sort of thing, but be cognizant of the data and site access you’re giving to AI agents.Timestamps:1:12 - Storybook 107:53 - npm’s supply chain attack17:24 - Brave discloses a security vulnerability in Comet26:38 - You’re absolutely right!35:26 - What’s making us happyLinks:Paige - Storybook 10 beta and Storybook 9 featuresJack - npm just suffered the largest supply chain attack in its historyTJ - Brave discloses a security vulnerability in CometSomeone made a customizable website to count how many times Claude Code says “You’re absolutely right!” in a dayPaige - Silicon Valley TV showJack - Shokz OpenComm2 bone conduction headphonesTJ - macOS text message forwardingThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast
--------
50:13
--------
50:13
Warp Code and the Future of Agent-Driven Dev
The Google vs. the US anti-trust lawsuit has finally drawn to a close, and (spoiler alert) Google doesn’t have to sell Chrome (or Android, for that matter). Going forward it will have to share certain search data with its rivals, and that’s about it, so this is definitely a big win for Google any way you look at it.The popular terminal company Warp just unveiled Warp Code - a suite of features for shipping agent-generated code “all the way from prompt to production” via the Warp terminal. Warp Code offers an agent-driven terminal-first approach, with visual code review of agent changes, and a native file editor for minor edits in an attempt to eliminate the context switching devs have to do nowadays between their AI agents, IDEs, and GitHub. In a twist no one saw coming, SaaS behemoth Atlassian has bought AI-browser Dia (and its maker The Browser Company) for $610 million. Atlassian wants to position Dia as the AI-browser for users at work and time will tell if that bet pays off.Timestamps:02:34 - Google doesn't have to sell Chrome10:17 - Warp Code22:56 - Atlassian buys The Browser Company31:48 - Anthropic raises $13 billion34:54 - OpenAI is building an AI-powered hiring platform39:42 - What’s making us happy Links:Paige - Atlassian buys The Browser Company for $610 millionJack - Warp terminal unveils Warp CodeTJ - Google doesn’t have to sell Chrome after allTJ - Addy Osmani’s blog post on the history of ChromeAnthropic raises $13 billion Series FOpenAI is building an AI-powered hiring platformPaige - BenQ RD280U programming monitorJack - Alien: Earth TV seriesTJ - Severance TV seriesThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast
--------
51:57
--------
51:57
Bun v1.2: SQL, YAML & Security Scans
Last episode, we lamented Claude’s lack of checkpoints to roll back code when it goes off the rails. Other devs feel the same, and this week Checkpoints for Claude Code debuted. It’s an MCP server that follows Claude Code, creating checkpoints when tasks are completed, allowing for easy reverts when needed.The Bun team quietly pushed some nice new features in Bun v1.2. Highlights include: a unified SQL client with zero dependencies, native YAML file support, OS native credential storage for secrets, and a security scanner API that scans packages for vulnerabilities before installation.And MCP-UI, a toolkit of interactive UI components for MCP has new features to support resources beyond text like embedded iframes and even raw HTML. Not all agents with MCP support can handle these new resources, but if they can, users can see product photos, data visualizations, and other mini sites right in their AI chat.In the Lightning News section for this week, the folks at Deno leading the charge to get Oracle to relinquish its trademark for JavaScript need our help. Those legal bills aren’t going to pay themselves and Deno’s pockets aren’t nearly as deep as Oracle’s, so if you care about making JavaScript public domain (which it absolutely should be), please consider donating so they can keep fighting the good fight to free JS. Every little bit helps.Timestamps:00:48 - Claude Code thinking modes & checkpoints10:33 - Bun v1.217:04 - MCP-UI updates23:06 - Claude for Chrome28:12 - Donate to help Deno fight Oracle30:24 - What’s making us happyLinks:Paige - Bun v1.2Jack - MCP-UI updatesTJ - Claude Code Thinking Modes & Claude Code CheckpointsClaude for ChromeDonate to help Deno keep fighting Oracle in courtPaige - Zima Dental PodJack - Foundation TV seriesTJ - Babe Ruth commits fraudThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast
--------
41:36
--------
41:36
Alchemy: IaC Without Terraform
The latest craze for MCP this week? Instead of multiple MCP servers with different tools, use an MCP server that accepts programming code as tool inputs - a single “ubertool” if you will. AI agents like Claude Code are pretty good at writing code, but letting the agent write and execute code to invoke API functions instead of using a defined MCP server doesn’t seem like the most efficient use of LLM tokens, but it's another approach to consider.In infrastructure news, there’s a library called Alchemy that lets devs write their Infrastructure as Code in pure TypeScript. No Terraform files, no dependencies, just async functions, stored in plain JSON files, that runs anywhere JS can run. For web devs, the future of IaC has arrived.Next.js has made their last big release before v16 in the form of 15.5. Highlights of this minor release include: production turbopack builds, stable support for the Node.js runtime in middleware, fully typed routes, and deprecation warnings in preparation for Next.js 16.Timestamps:00:57 - Dangers of the “ubertool”09:54 - Alchemy Infrastructure as Code (IaC)15:27 - Next.js 15.524:57 - How CodeRabbit AI got hacked27:48 - <script type=”text/llms.txt”>32:37 - Claudia41:31 - hidden=until-found45:26 - What’s making us happyLinks:Paige - Alchemy Infrastructure as Code (IaC)Jack - Dangers of the “ubertool”TJ - Next.js 15.5How CodeRabbit AI got hackedClaudia<script type="text/llms.txt">hidden=until-foundPaige - The Art Thief bookJack - Alien: Earth TV seriesTJ - Pips NYT gameThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast
--------
54:37
--------
54:37
TanStack Devtools: One Panel to Rule Them All
You just can’t keep TanStack out of the news for more than a few weeks before a new product appears. This week, it’s TanStack Devtools, which provides a centralized devtools panel of all the Tanstack libraries for streamlined DX and custom devtools support.The State of CSS 2025 survey results are in, and highlights include: devs love the new `:has()` feature, Tailwind CSS continues to be the most popular CSS framework, and over 60% of respondents are still using Sass or SCSS in their web apps.Continuing the CSS topics, Panda CSS, a CSS-in-JS library that debuted in 2023, just hit v1. Panda gained traction by being a CSS-in-JS library built for the server-first era (meaning RSC support), and it adds new features like static analysis, type safety, and support for modern CSS like cascade layers, JSX style props, and a `createStyleContext` API for cross-framework design systems.Timestamps:0:56 - TanStack Devtools6:28 - State of CSS 2025 survey results15:23 - Panda CSS v123:19 - Perplexity wants to buy Chrome from Google25:52 - Google Gemini is having a mental breakdown30:50 - Bolt.new unveils Bolt Cloud35:14 - The dialog element’s closedby attribute39:20 - What’s making us happyLinks:Paige - Panda CSS v1 Jack - TanStack DevtoolsTJ - State of CSS 2025 survey resultsPerplexity wants to buy Chrome from GoogleGoogle Gemini’s having a mental breakdownBolt.new unveils Bolt CloudThe dialog element’s `closedby` attributePaige - Express VPNJack - A Psalm for the Wild Built bookTJ - The Retrievals podcast and The Savannah Bananas baseball teamThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast
--------
50:34
--------
50:34