More Syntax - Tasty Web Development Treats episodes
Published 6 Apr 2026
Duration: 00:38:21
Security vulnerabilities in AI and software infrastructure include exposed source maps, malicious npm packages, permission flaws, caching issues, and debates over AI model exposure, alongside recommendations for secure practices and performance optimization.
Scott and Wes break down a chaotic week in dev news the Claude Code source leak, a nasty Axios npm supply chain hack, and Railways private cache expos...
The podcast discusses several security and technical vulnerabilities, including a 60 MB source map leak exposing unminified code for Claude, revealing internal logic, API structures, and potential security risks like hardcoded sensitive content. Technical details highlight the exposure of infrastructure code, regex filters for flagging content, and debates over whether core AI models were compromised. It also touches on the Axios hack, where a malicious npm package containing a remote access Trojan (RAT) was distributed, raising concerns about dependency risks and the need for careful version checks. Additional topics include cache invalidation bugs in billing systems, AI model infrastructure strain due to high demand, and broader security challenges like proxy exploitation and the difficulty of securing open-source ecosystems.
The discussion extends to design and web development tools, such as a new text measurement library (Pretext) that uses canvas-based rendering for efficient text layout and a Figma competitor leveraging web technologies. Critiques of CSSs unreliable text wrapping capabilities and industry debates over the overhyping of web-native design tools are also covered. Caching vulnerabilities are addressed, including a CDN incident where private data was publicly cached, with recommendations for headers like Cache-Control: private and Vary to prevent user-specific data leaks. Other technical topics include USB-C charging setups, kid-friendly devices like the Kindle, and Bluetooth headphones for children, reflecting practical considerations in hardware and user behavior.
8 Apr 2026 994: AI Sucks At CSS
AI in web development faces challenges like generating inefficient CSS, struggling with modern design systems, and producing homogenized or aesthetically poor outputs, requiring human oversight for nuanced creativity, debugging, and balancing AI tools with technical expertise to address performance, security, and design quality gaps.
1 Apr 2026 992: Migrating Legacy Code Just Got Easier
Migrating a monolithic course platform from Express.js to a modern framework involves overcoming challenges like maintaining feature parity, rewriting routes, and replacing legacy components with JSX/TSX, while employing strategies such as incremental changes, async storage, custom middleware, and rigorous testing, alongside exploring AI tools and discussing related topics like Java Spring migrations and display management.
30 Mar 2026 991: Vites bet on Cloudflare (VOID Framework)
Void is a full-stack JavaScript framework integrated with Cloudflare, offering databases, authentication, and frontend flexibility with React/Svelte/Solid, but faces vendor lock-in concerns, database portability challenges, and trade-offs between Cloudflare ecosystem convenience and platform flexibility.
25 Mar 2026 990: Vite Is Taking Over (Vite+)
Vite+ is an open-source JavaScript toolchain unifying bundlers, linters, and task runners through streamlined configuration, Rust-based Oxlint/Oxformat, and efficiency-focused features like caching and simplified CLI commands, aiming to reduce workflow fragmentation and developer overhead.
23 Mar 2026 989: State of JS 2025
Recommended: Notes from the wisdom of the crowd of JavaScript developers.
Recent JavaScript/web dev trends highlight AI integration over new language features, shifting library preferences (React/Angular decline vs. Solid/Playwright rise), performance-focused tools like Vitest and Node.js, and growing emphasis on simplicity, observability, and hybrid development approaches.