weeklyfoo #145 is here: your weekly digest of all webdev news you need to know! This time you’ll find 39 valuable links in 5 categories! Enjoy!
🚀 Read it!
- Announcing TypeScript 7.0: TypeScript 7.0’s native Go port delivers up to 10x faster compilation, tested across large-scale real-world codebases by Microsoft / typescript, performance / 26 min read
📰 Good to know
- State of CLI Coding Agents, Mid-2026: A survey of 35 actively maintained terminal-based coding agents, with Claude Code, Codex CLI, and Omp leading on memory, editing precision, and orchestration by Oleg Luganskiy / ai, agents, tooling / 1 min read
- Rebuilding Cognition’s Agentic MapReduce: How Cognition scales agent tasks by sharding codebases, verifying vulnerabilities in parallel, and using Git itself for inter-agent communication and fault tolerance by Matt Rickard / ai, agents, engineering / 5 min read
- PostgreSQL and the OOM Killer: Why We Use Strict Memory Overcommit: Why strict memory overcommit prevents catastrophic OOM kills in PostgreSQL, and what a kernel bug in production revealed about getting that configuration right by Burak Yucesoy / postgres, engineering / 18 min read
- Hunting a 16-Year-Old SQLite Bug With TLA+: Modeling SQLite’s Write-Ahead Log behavior in TLA+ to check whether dqlite was exposed to a long-standing corruption bug — it wasn’t, thanks to stricter locking by Alberto Carretero / sqlite, engineering / 31 min read
- How We Taught a Small LLM to Throw Away 68% of Our RAG Context: A small, cheap LLM learned to prune 68% of retrieved RAG context chunks while keeping 96% recall, cutting cost without sacrificing accuracy by Kapa AI / ai, engineering / 11 min read
- Some New Agentic Patterns: Letting an agent work directly with the engineer building its runloop and tooling produces higher-quality results than routing every change through a human intermediary by Jesse Vincent / ai, agents, engineering / 10 min read
- What’s New in ECMAScript 2026: The newly approved 876-page ECMAScript 2026 spec adds Array.fromAsync, native Uint8Array Base64/Hex conversion, and more — most already usable today in browsers and runtimes by Pawel Grzybek / javascript, ecmascript / 7 min read
- React Router v8: A deliberately boring major release with incremental changes, a new yearly release cadence, and updated baselines for Node, React, and Vite by Remix / react, javascript / 8 min read
- Where Do Your LLM API Keys Actually Live?: Whether a provider API key sits inside your app process or behind a gateway determines the blast radius when a dependency gets compromised by Hadil / ai, security / 38 min read
- Why We Built Yet Another Postgres Connection Pooler: PgDog is a new Postgres connection pooler with a built-in SQL parser to properly manage session state, SET commands, and LISTEN/NOTIFY, built on Rust’s Tokio by Lev Kokotov / postgres, engineering / 6 min read
- Get Ready for the CSS border-shape Property: On the heels of shape() and corner-shape, the new border-shape property unlocks fancy decorations, neat animations, and more — Chromium-only for now by Temani Afif / css, frontend / 13 min read
- Google’s Toolkit to Make Your Website Agent-Ready: A new Lighthouse toolkit that audits how agent-friendly your site is, checking accessibility tree quality, layout stability, and WebMCP integration by Google / ai, agents, web / 9 min read
- Rewriting Bun in Rust: Facing recurring use-after-free and double-free bugs from Zig’s manual memory management, Bun’s team used Anthropic’s models to rewrite the runtime in Rust, ending up faster, smaller, and safer by Bun / rust, engineering, bun / 53 min read
- An Off Switch for Dual-Use Knowledge in AI Models: Anthropic’s GRAM (Gradient-Routed Auxiliary Modules) isolates dual-use knowledge like cyber offense/defense into dedicated model compartments, resisting attempts to recover removed knowledge by Anthropic / ai, safety / 8 min read
- GitLost: How We Tricked GitHub’s AI Agent Into Leaking Private Repos: An indirect prompt injection through public GitHub issues let attackers exploit GitHub’s Agentic Workflows to extract data from private repositories by Noma Security / security, ai, agents / 8 min read
- npm v12 Ships With Install Scripts Off by Default: npm 12 is now GA with lifecycle scripts and implicit node-gyp builds no longer running by default, closing off a major supply-chain attack vector by GitHub Blog / npm, security, nodejs / 5 min read
🧰 Tools
- Otari: An open-source, OpenAI-compatible LLM gateway for managing API keys, enforcing budgets, and tracking usage across 40+ providers from one endpoint by Mozilla AI / ai, llm, gateway
- Vite+ Beta: The Vite team’s unified toolchain brings Vite, Vitest, Oxlint, and more together under a single vp command — originally planned as commercial, now open sourced under MIT by VoidZero / vite, tooling, javascript
- WordGard: A modular, collaborative-editing-ready rich text editor library from the creator of ProseMirror and Eloquent JavaScript by Marijn Haverbeke / javascript, editor, library
- vinext: Cloudflare’s Vite plugin reimplementing Next.js’s API surface by Cloudflare / vite, nextjs, cloudflare
- Herdr: A terminal-based multiplexer for running multiple coding agents in persistent sessions that survive disconnects and can be reached remotely over SSH by Herdr / ai, agents, cli
- Apify MCP Server: Lets AI agents discover and run Apify Store Actors, access storages and results, and pull Apify docs directly into a coding assistant by Apify / ai, mcp, agents
- OSV.dev: An open, distributed vulnerability database that aggregates open-source security advisories for scanning dependencies via API, CLI, or GitHub integration by OSV / security, opensource
- OverflowGuard: A React component and custom element that adapts layouts around content instead of breakpoints, media queries, or magic numbers by Artur Marczyk / react, css, frontend
- Postgres Is Enough: A directory of 89 extensions and tools that let Postgres stand in for Redis, Elasticsearch, Kafka, and other systems by Goodway / postgres, database
- Tinbase: A Supabase-compatible backend in a single binary using PGlite and pg-mem, for a local Supabase-like dev experience without Docker by Sanket Sahu / postgres, supabase, database
- Level Up Your Accessibility Game: 128 questions to practice WCAG 2.2, ARIA, semantic HTML, keyboard, and contrast, with plain-English answers by a11y.quest / accessibility, tools
- GeoSQL: A geospatial analytics tool with a map-based validation loop to improve accuracy of spatial queries on PostGIS, BigQuery, and Snowflake by Dekart / postgres, geospatial, tools
- Upyo 0.5: A Cross-Runtime Email Sending Library: A unified, type-safe API for sending emails over SMTP and HTTP-based providers like SendGrid or Amazon SES, working across Node, Deno, Bun, and edge runtimes by Hong Minhee / email, nodejs, library
- node-calls-python: Calls Python directly from Node, in-process, without spawning a subprocess by hmenyus / nodejs, python, interop
- Traycer: An open-source AI orchestration app that connects existing agent subscriptions for parallel operation with shared memory, model switching, and cross-device sync by Traycer / ai, agents, orchestration
- react-easy-crop: A React component for interactive image and video cropping with dragging, zooming, and rotation, supporting any image format by Valentin Hervieu / react, image, library
- native: A toolkit from Vercel Labs for building native desktop apps with web technologies by Vercel Labs / desktop, toolkit
🤪 Fun
- Engineering a Brainrot Art Installation on an Orange Pi Zero: An infinite-scroll BrainRot TV art piece with procedural audio and a decay meter, squeezed onto a $15 Orange Pi Zero by Google AI / hardware, art / 11 min read
- GTA2 Web: The top-down classic GTA 2 ported to run natively in the browser, with WebRTC peer-to-peer multiplayer added on top by Erik Markus Kannike / games, webrtc / 1 min read
📺 Videos
- I Read Every Major CS Paper From the Last 100 Years: A tour through the major CS papers behind today’s LLMs, tracing how decades of research led to modern AI by Fireship / ai, cs
- Frontend Minimalism in Action: Do More With Less JavaScript: Peter Kröner explores building maintainable, resilient frontends by relying on web standards and minimalist engineering over hype-driven dependencies by Peter Kröner / frontend, talk
- How Kubernetes Networking Really Works: A Packet’s Journey: Tracing a real packet across a live cluster to show how traffic moves between Pods using network namespaces, veth pairs, bridges, and routing tables by Ashwin Sriram / kubernetes, networking, talk