Hi there,
This will be a quick one from me this week. Life got a bit busy, but the internet did not slow down. So you get a tiny intro and a big pile of hand picked goodness instead, from supply chain worms and AI slop to beautiful colors and Bloom filters. Sorry for the speed run intro, I promise I spent the time I saved finding links that are actually worth your fullstack brain power.
Make it simple and solid!
— Luciano
Shai Hulud 2.0 is a self replicating npm worm that jumps between packages, steals tokens and credentials, and, as a special treat, can wipe your home directory as a goodbye gift. If you publish or consume npm packages for a living (yes, if you are a web dev, this is you!), that should feel uncomfortably scary. The authors of this article break down how the worm spreads using Bun, GitHub runners, and npm tokens, what data it goes after, and which indicators of compromise you can actually check in your own repos and pipelines. This is not just a spooky security story. It is a practical walkthrough you can use to see whether your projects were in the blast radius and to tighten up your supply chain before the next one shows up. And if you prefer to learn from video content, here's a link to a very nice explainer from another author that pairs surprisingly well with this deep dive.
Articles
A giant community curated list of tools, plugins, color generators, UI kits, templates, IDE helpers, and weird little gems you did not know you needed, all living in the Tailwind CSS ecosystem. If you love Tailwind this is simply a wonderful resource to keep around. Check Repo
I watched this one last week and it really stuck with me. This video while it seems like an informal chat, digs really well into the concept of AI slop: all the low quality auto generated content that is starting to flood the web. It is a bit scary, because it shows a pretty plausible future where most of the web is totally AI generated and models are mostly trained on their own synthetic output, search results get worse, and the web slowly turns into a grey mush of half correct text and recycled images. It is not pure doom though. It is a very clear, very grounded explanation of what could go wrong if we are not careful about how we generate and curate content. Funnily enough, it also made me think that there is more than ever real value in honest, hand made curation, and I hope you feel at least a bit of that value in this very newsletter.
This is a color palette tool, yes, but the first thing that hits you is the design. It honestly has some of the best and most original visual styling I have ever seen in a palette generator, and if you have been reading this newsletter for a while you know I have seen a lot of them. It feels playful and classy at the same time, and that makes it weirdly fun to just sit there and explore combinations, tweak sliders, and get a feel for different vibes. If you enjoy tools that care about both utility and aesthetics, this one is absolutely worth a click, and maybe you will use it for your next web design project. Check tool
A neat little library of CSS custom functions that leans into the new native @function rule. Instead of reaching for Sass or writing the same calc gymnastics again and again, you drop in css-extras and suddenly have helpers for math, colors, spacing, layout, typography, even theme aware values, right in pure CSS. If you enjoy modern CSS tricks and like the idea of shipping fewer build tools without giving up expressiveness, this one is very fun to explore. Check Repo
In case you missed it, the Cloudflare incident was the featured story in last week’s newsletter. This short essay picks up that thread and argues that the big outage might actually have been a good thing, because it shakes us out of the illusion that the internet is always on and reminds us how fragile our very centralized infrastructure has become. I really like how the author grounds it in real life annoyances, then zooms out to ask what happens when so much of society runs through a tiny number of providers, and why events like this should push us to build more redundancy and fallbacks.
Real story. I once failed an interview with Facebook, back when the whole company was still called that. They asked how I would efficiently implement the famous Like button. I thought I had given a perfectly reasonable answer, but they were clearly fishing for extreme performance at scale, and only months later I realised the trick they wanted to hear was bloom filters. If you ever wondered why people keep bringing up bloom filters in system design interviews, this post is a really nice, concrete explanation. The authors use a very practical incident style problem to walk through what bloom filters are, why they are useful, and how they help when you need to answer simple questions at ridiculous scale without melting your database. If you want to avoid my mistake and actually understand when and how to use them in real products, this article is a great read.
