Matteo Collina opens this week with a blunt reminder: trusted publishing helps, but social engineering still walks through the front door if maintainers aren’t careful. Then Addy Osmani, Simon Willison, and Drew Breunig pile on with the same message in different flavors — AI can move fast, but your engineering judgment still has to stay in the loop.
Alcides Fonseca makes the case for the terminal comeback tour, Ahmad Shadeed gives CSS range queries the practical guide they deserved, and Smashing Magazine reframes local-first as a full architectural inversion, not just “offline mode with better branding.” Meanwhile, Tanner Linsley shows what happens when React’s API contract gets “projected” into a tiny faster runtime, and The Pragmatic Engineer reminds everyone that AI-era traffic can break even giant platforms in very non-funny ways.
And for teams trying to operationalize all this: Addy’s Agent Skills argues for non-skippable discipline, Graphify turns scattered context into a queryable knowledge graph, Manifest routes prompts across 300+ models without torching your budget, and Warp Terminal going open source adds a little healthy pressure to the AI tool stack.
Enjoy!
Signup here for the newsletter to get the weekly digest right into your inbox.
Find the 13 highlighted links of weeklyfoo #136:
by Addy Osmani
AI coding agents skip the senior-engineering work unless you encode discipline as something they cannot talk themselves out of
🚀 Read it!, ai, engineering
Why Trusted Publishing Can’t Save Us from Social Engineering
by Matteo Collina
Unmasking the risky illusion of npm’s trusted publishing amidst recent cyber attacks.
📰 Good to know, npm, security
by Alcides Fonseca
Native GUI fragmentation and Electron bloat are driving a resurgence of Terminal User Interfaces — fast, automatable, and consistent across platforms
📰 Good to know, terminal, engineering
by Ahmad Shadeed
Interactive guide on why you should use range syntax in media queries instead of min/max — visual demos included
📰 Good to know, css, frontend
by Addy Osmani
When AI output quietly becomes your output — engineers cross from cognitive offloading into cognitive surrender by borrowing AI confidence and treating it as their own
📰 Good to know, ai, engineering, opinion
Vibe Coding and Agentic Engineering Are Getting Closer
by Simon Willison
AI blurs the line between casual and professional engineering as dependable agents lead experts to trust generated output over documentation and tests — human expertise remains essential for production systems
📰 Good to know, ai, engineering, opinion
The Architecture of Local-First Web Development
by Smashing Magazine
A paradigm shift where app data lives on the user's device — modern implementations use SQLite compiled to WebAssembly with sync engines handling conflict resolution
📰 Good to know, engineering, database
by Tanner Linsley
Tanner Linsley spent a day prompting an AI agent to regenerate React's public API as a ~9KB runtime running 2-3x faster than stock React — shipped quietly and available on npm as @tanstack/redact
📰 Good to know, javascript, react, ai
AI Load Breaks GitHub – Why Not Other Vendors?
by The Pragmatic Engineer
Analysis of how AI-driven traffic overwhelmed GitHub infrastructure while other vendors avoided similar outages
📰 Good to know, engineering, ai
by Drew Breunig
Durable practical guidelines for agentic coding with Codex, Claude Code, or any LLM coding agent — distilled from active experience tracking what sticks as models improve
📰 Good to know, ai, engineering
by Safi
AI coding assistant skill (Claude Code, Codex, OpenCode, Cursor, Gemini CLI, and more). Turn any folder of code, SQL schemas, R scripts, shell scripts, docs, papers, images, or videos into a queryable knowledge graph. App code + database schema + infrastructure in one graph.
🧰 Tools, ai, skills
by mnfst
Open-source AI model router that intelligently redirects each query to the most suitable model — 300+ models across 16+ providers, reduces AI costs by up to 70%
🧰 Tools, ai, tools
by Warp
Warp's AI-native terminal, previously closed-source, is now open sourced under Apache 2.0
🧰 Tools, terminal, tools
Want to read more? Check out the full article here.
To sign up for the weekly newsletter, visit weeklyfoo.com.
Top comments (0)