Most accessibility tests stop at the a11y tree.
But users don’t hear the tree.
They hear NVDA or VoiceOver or …
Guidepup lets you write assertions against what a screen reader actually announces.
A11y testing should strive to verify the user experience, not just the markup.
Most accessibility tests stop at the a11y tree.
But users don’t hear the tree.
They hear NVDA or VoiceOver or …
Guidepup lets you write assertions against what a screen reader actually announces.
A11y testing should strive to verify the user experience, not just the markup.
sakana is interesting:
- founders are former japan diplomat + transformer coauthor
- japan is a highly regulated business env, buyers prefer japanese co's. Sakana becomes defacto sovereign AI
- an inevitable $1T co (japan $4.5T GDP)
“You know him. Long ponytail. Oval glasses. Has been at the company longer than the version control. You show him fifty lines; he looks at them, says nothing, and replaces them with one.”
🤣🤣
📣 Prop For That
An a-la-carte #JS library for #CSS that writes meaningful realtime CSS variables to an element:
- value of an input
- pointer position
- size of scrollbar(s)
- colors in an image/video
- element's visibility
- tons more…
now there's a prop for that 🙂
https://t.co/Fxx2kMV1oW
🚨 BREAKING: 84 TanStack npm packages were compromised in an ongoing Mini Shai-Hulud supply chain attack, adding suspected CI credential-stealing malware.
Socket flagged every malicious version within six minutes of publication. This is a developing story.
Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised.
We recommend that Google Workspace Administrators check for usage of this app immediately. https://t.co/MNxfGOcch9
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin:
https://t.co/0S939n3qHC
North Korea is targeting npm maintainers -- not for crypto, but for write access to packages downloaded trillions of times a year.
Several Socket engineers were targeted in this campaign -- myself, @ljharb, @jdalton, and others. None of us fell for the bait. Unfortunately, the axios maintainer did. No shame in that -- these aren't phishing emails. They're weeks-long ops with fake companies, fake Slack workspaces, and spoofed meeting platforms built with realistic Zoom/Teams interfaces using the official SDKs for realism.
Other confirmed targets: @matteocollina (Fastify, Pino, Undici, Node.js TSC Chair), @wesleytodd (Express TC), @voxpelli (mocha, neostandard).
The common thread? High-trust maintainers with publish access to packages that sit deep in everyone's dependency tree.
The attack chain: build rapport over weeks, schedule a video call, fake an audio error, prompt the target to install a "fix." That fix is a RAT. Once it's on your machine, they have your .npmrc tokens, browser sessions, AWS creds, keychain. 2FA doesn't matter. OIDC publishing doesn't matter. Game over.
Security researcher @tayvano_ linked this to UNC1069, a DPRK-nexus group Mandiant has tracked since 2018. Why social engineer one rich person when you can compromise one maintainer and reach millions of machines?
This is the threat model now. If you maintain popular packages, act accordingly. If you use open source (and you certainly do), act accordingly.
Full writeup: https://t.co/bNKdrLmwMn
contrast-color() is landing in Chrome 147, making it Baseline Newly Available in all modern browsers.
This feature takes any color value and returns either black or white—whichever provides the highest contrast against the input color.
i.e. color: contrast-color(purple) returns white ⬇️
In graph theory, there are algorithms that find the shortest path between two nodes. I made one with pure CSS (including the graph drawing).
Drag the nodes, and the shortest path will update in real-time!
https://t.co/glUAF5PJti
A demo powered by all the modern CSS features🤩
We're experimenting with ways to keep AI agents in sync with the exact framework versions in your projects. Skills, 𝙲𝙻𝙰𝚄𝙳𝙴.𝚖𝚍, and more.
But one approach scored 100% on our Next.js evals:
https://t.co/8ACw9BgudB
We appreciate your patience and understanding as we work to deliver a secure and reliable release.
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
https://t.co/dP3gJ8P5fx
Chrome DevTools now supports *individual* network request throttling!
Folks have been asking for this for years! DevTools now allows developers to simulate slow network conditions for specific requests rather than the entire page.
This helps in testing how a web application performs and handles issues when specific resources (like images, scripts, or API calls) are slow to load.