This week feels like a full-stack reality check: Gergely Orosz reports that AI is amplifying team culture (good and bad), while Cloudflare shows frontier models already chaining exploits and reviewing attacks better with multi-agent setups.
The ecosystem drama continues: SafeDep tracks 314 compromised npm packages, npm responds with staged publishing, and Andrew Nesbitt explains how open-source projects quietly become zombie dependencies.
On the practical side, Julia Evans makes a strong case for semantic HTML + native CSS, uxdesign.cc reminds AI teams that vague spinners are not UX strategy, and the database/tooling corner is unusually strong: pgsqlite, TypeORM 1.0, and Kanel 4.0 all make modern TS+SQL workflows less painful.
Bonus watch: Martin Fowler and Kent Beck reflecting on 30 years of Agile is a nice antidote to pure AI hype cycles. Also worth noting: Claw Patrol pushes agent-level security controls in the runtime itself, which is exactly where this should be heading.
Enjoy!
Signup here for the newsletter to get the weekly digest right into your inbox.
Find the 12 highlighted links of weeklyfoo #138:
AI's Impact on Software Engineers in 2026: Part 2
by Gergely Orosz
Survey of 900+ engineers — AI amplifies existing culture, codebase quality is dropping while management focuses on output, and junior devs are struggling most
🚀 Read it!, ai, engineering
by Julia Evans
Adopting semantic HTML and native CSS — component files, CSS nesting, and grid layouts without the framework dependency
📰 Good to know, css, frontend
314 npm Packages Compromised in New Supply-Chain Wave
by SafeDep Team
The mini Shai-Hulud class of supply-chain attacks returns — 314 packages including the antv family and timeago.js targeted in the latest wave
📰 Good to know, security, npm, javascript
What Claude Mythos Showed Cloudflare
by Cloudflare
Cloudflare CSO reports on Project Glasswing findings — exploit chain construction, proof generation, and adversarial multi-agent review that outperforms single-agent verification
📰 Good to know, ai, security
Dumb Ways for an Open Source Project to Die
by Andrew Nesbitt
Maintainer burnout, funding gaps, and broken tech turn still-used packages into zombies — listed everywhere, quietly dangerous for all downstream dependents
📰 Good to know, open-source, engineering
The Waiting Problem in AI Products
by uxdesign.cc
AI products ignore decades of research on wait time — users need progress indicators, ETAs, and detailed logs instead of vague spinners that force people to invent their own coping behaviors
📰 Good to know, ai, design, ux
Staged Publishing for npm Packages
by npm
npm's new staged publishing model gives packages a review period before going live — part of the npm 11.15.0 release
📰 Good to know, npm, javascript
by Eran Sandler
Postgres wire-protocol adapter for SQLite — use psql, pgAdmin, and standard Postgres drivers against an SQLite database
🧰 Tools, sqlite, postgres, tools
by TypeORM Team
TypeScript-first ORM reaches 1.0 after years on 0.3.x — INSERT INTO SELECT support, cross-driver transaction isolation levels, and smoother PostgreSQL enum migrations
🧰 Tools, typescript, database, tools
by Kristian Dupont
Inspects your Postgres database and generates TypeScript types for use with Knex, Zod, or Kysely
🧰 Tools, typescript, postgres, tools
by Deno Team
Security firewall for Deno agents — restricts network access and subprocess execution to prevent agent overreach
🧰 Tools, security, ai, tools
Tech Truth: Agile Evolution & the Future of SW Engineering
by Martin Fowler, Kent Beck
Martin Fowler and Kent Beck reflect on 30 years — AI as a patient tutor, what Extreme Programming got right, and why people skills still matter more than tools
📺 Videos, engineering, agile
Want to read more? Check out the full article here.
To sign up for the weekly newsletter, visit weeklyfoo.com.
Top comments (1)
Agent firewalls plus zombie-OSS-in-the-supply-chain is exactly the threat surface people are sleepwalking into: an autonomous agent that can install packages, call tools, and run code inherits every weakness of the supply chain underneath it, except now there's no human reading the diff before it runs. A zombie dependency (unmaintained, transitively pulled, quietly compromised) is bad enough in a normal build; hand it to an agent with shell access and you've automated the blast radius. The agent-firewall framing is right because the only durable control is at the boundary where the agent acts, not in the prompt: enforce what it can install, fetch, and execute as structural policy at the tool layer, so a malicious or hallucinated action is refused by the system rather than politely declined by a model that can be talked out of it. Probabilistic guardrails in the prompt are bypassable; a hard allowlist at the execution boundary is not. Constrain what the agent CAN do, don't just ask it nicely. That enforce-at-the-tool-boundary instinct is core to how I think about agent safety in Moonshift. For the firewall, are you gating at the package/install layer, the network-egress layer, or both?