Welcome, Developers! 👋
This week: hardening npm security after recent attacks, why estimates become deadlines, and building impactful systems through long-term focus. Also, see how designing for users in crisis is different, and why AGI isn't coming any soon. Plus more articles and recalling last newsletter's top links as usual. | | |
| |
|
| The Platform Powering Auth, Identity, and Security for AI Products Enterprise customers expect more than a login screen. They demand SSO, directory sync, granular roles and permissions, and detailed audit logs, all built to strict compliance standards.
WorkOS gives growing teams these enterprise foundations without slowing development:
- Modular APIs for authentication and access control
- A hosted Admin Portal that simplifies customer onboarding
- Built-in security and compliance features like SOC 2, GDPR, and HIPAA
Trusted by OpenAI, Cursor, Vercel, and 1000+ more companies, WorkOS powers auth, identity, and security for AI products. Your first million MAUs are free. |
| Start building today | | | |
🔖 The Reading Room
Articles we have hand-picked for you: | | |
Locking Down npm Publish Workflows
Following recent high-profile attacks on popular npm packages, Zach did a security audit and shares a checklist for developers wanting to secure their packages: enable 2FA everywhere, eliminate tokens, switch to Trusted Publishers with OIDC, and pin GitHub Actions to full SHAs.
By Zach Leatherman → | |
Estimates – a necessary evil?
Erik explores why product people rely on estimates to balance risk and reward when prioritizing backlogs, while developers resent how their tentative approximations become rigid deadlines. The solution lies in better communication, psychological safety, and treating estimates as evolving guides rather than contractual commitments.
By Erik Thorsell → | |
Why I Ignore The Spotlight as a Staff Engineer
Instead of chasing high-visibility projects and quarterly product launches, Lalit advocates for long-term stewardship of infrastructure systems. His approach enabled him to build Bigtrace, a distributed query engine processing 2 billion traces monthly, by staying with his team long enough to understand deep patterns and earn the trust to say "no" to trendy but misaligned initiatives.
By Lalit Maganti → | |
Designing For Stress And Emergency
We cannot predict users' emotional states, and those visiting hospital or debt management websites are likely already stressed. Overwhelming interfaces only add to cognitive load, making annual stress-testing critical. Run content testing and conduct tests in real, noisy, busy environments where users actually work at peak times to ensure fallbacks function properly and your UX genuinely helps people manage exceptional situations.
By Vitaly Friedman → | |
It's Hard to Feel the AGI
Top researchers argue that large language models fundamentally cannot achieve human-level intelligence due to missing world models and continual learning abilities. Yann LeCun argues that that language is low-bandwidth compared to visual perception, while Rich Sutton notes LLMs only mimic language through imitation without actual goals. Current systems remain below the cognitive abilities of young children or even household pets.
By Taro Langner → | | |
| |
| |
🔗 The Link Lounge Unordered finds from around the web: Find something cool? You can send us links to feature here via email. |
| | | | |
🧰 The Toolbox
Tools and products we're excited about today: | | | |
Tinybench
Tinybench is a simple, lightweight 2KB (minified and gzipped) benchmarking library for JavaScript runtimes. Automatically detects async functions and works across Node.js, Bun, and Deno. Learn more → | |
TanStack AI
TanStack AI is the latest addition to TanStack family and provides an open-source AI SDK with a unified interface across multiple providers. Features multi-provider support (OpenAI, Anthropic, Ollama, Gemini) with runtime switching, unified API across all providers, and automatic tool/function calling with type safety. Learn more → |
| AWS FinOps Dashboard
AWS FinOps Dashboard is a Python CLI tool for AWS cost monitoring and resource management across multiple accounts. Provides multi-account cost summaries by time period, service, and tags; budget tracking; EC2 instance status; six-month cost trends; and FinOps audit reports for untagged/idle resources
Learn more → | |
Documentation.AI
Documentation.AI builds and maintains product documentation effortlessly using AI agents and automation. Supports content creation, updates via Git commits, editing workflows, and AI-ready structure for ChatGPT/Claude/MCP integration. Learn more → |
| | |
The Platform Powering Auth, Identity, and Security for AI Products
Enterprise customers expect more than a login screen. They demand SSO, directory sync, granular roles and permissions, and detailed audit logs, all built to strict compliance standards.
WorkOS gives growing teams these enterprise foundations without slowing development:
- Modular APIs for authentication and access control
- A hosted Admin Portal that simplifies customer onboarding
- Built-in security and compliance features like SOC 2, GDPR, and HIPAA
Trusted by OpenAI, Cursor, Vercel, and 1000+ more companies, WorkOS powers auth, identity, and security for AI products. Your first million MAUs are free.
Start building today → | | |
| 🎤 Your Voice Your feedback shapes what comes next! We read every email, so simply hit reply and tell us what's on your mind. |
| | | | |
|
