Integrated browser "edit mode": use inline text edits as a signal for Copilot edits #310710 karlhorky opened 5 hours ago · edited by karlhorky When performing marketing copy edits, it is often faster to just change text copy directly in the integrated browser than to describe the change in chat and wait for Copilot to make the change and the dev server to update the integrated browser (especially true with slower dev servers). In the integrated browser, introduce a mode where DOM elements/nodes containing text are temporarily editable (eg. the behavior of contenteditable attribute). The user can then edit text inline and click on a "Save" button, upon which Copilot should use the diff of the edited text (plus nearby DOM context and innerHTML, as necessary) as a signal to propose source edits in the backing tsx / jsx / html / svelte / vue / etc file. This proposal is NOT about persisting DOM edits deterministically to files. The browser would only be the interaction surface, while Copilot still generates normal source edits for review, based on the diff. This could be extended to other non-text edits in future, such as image paths. Alternatives considered Full WYSIWYG editor, mapping changes to source files deterministically cc @meganrogge @jruales @kycutler

VS Code: I suggested an "edit mode" for the integrated browser, for WYSWYG-style workflows of changing text copy

If you also want this: it is a backlog candidate now, needs 20 👍 reactions to move it to backlog

github.com/microsoft/vs...

React Amsterdam Meetup: React Server Components & more! | Guild Apr 7th 6:30PM: Hey, React Amsterdam Community! We’re excited to kick off our next React meetup on April 7! Join us for an evening of practical insights, great conversations, and community vibes — fr...

Tomorrow: React Amsterdam ⚛️ April edition, at Picnic

- Kirill Voloshin and Masoud Alali: Evolving the Picnic Page Platform with React Server Components
- Leon Liefting: Building Flexible Breadcrumbs in Next.js With the App Router

Hope to see you there!

guild.host/events/react...

Config Dependencies | pnpm Config dependencies allow you to share and centralize configuration files, settings, and hooks across multiple projects. They are installed before all regular dependencies ("dependencies", "devDepende...

To bundle all of your security settings, use "configurational dependencies":

pnpm.io/config-depen...

Also, you can set these globally for defense in depth of unconfigured projects:

pnpm config set minimumReleaseAge 10080 --global

Example pnpm-workspace.yaml config

github.com/upleveled/es...

The axios breach is a good opportunity to review your package manager settings

I recommend pnpm @pnpm.io

Default: postinstall scripts are blocked, protects against axios vector

Also try:
- minimumReleaseAge: 10080 (pkgs must be min 7 days old)
- trustPolicy
- blockExoticSubdeps

React Amsterdam Meetup: The Design System Journey & more! | Guild Feb 5th 6:00PM: Hey, React Amsterdam Community! We’re kicking off 2026 with our first meetup on February 5. Join us to explore how to scale

Feb 5: Come and join our next React Amsterdam meetup 🚀 at Albert Heijn's AH Technology office in Zandaam

Talks:

- Releasing 20 Micro-Frontends in 1 Week With Module Federation by Gonzalo Beviglia
- The Design System Journey by Gabriel Cardoso

guild.host/events/react...

Node.js — Node.js 22.22.0 (LTS) Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

Node.js 22.22.0 (LTS)

nodejs.org/en/blog/rele...

Node.js — Node.js 24.13.0 (LTS) Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

Node.js 24.13.0 (LTS)

nodejs.org/en/blog/rele...

Node.js — Node.js 25.3.0 (Current) Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

Node.js 25.3.0 (Current)

nodejs.org/en/blog/rele...

Post

bsky.app/profile/node...

Security releases available Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address: - 3 high severity issues. - 4 medium severity issues. - 1 low severity issue. This security release includes the following dependency updates to address public vulnerabilities: - c-ares (1.34.6) on 20.x, 22.x, 24.x, 25.x - undici (6.23.0, 7.18.0) on 20.x, 22.x, 24.x, 25.x

🔒Node.js v22.22.0, v24.13.0, v25.3.0 fix 3 high, 4 med, 1 low severity security vulnerabilities (+ dependencies)

Upgrade now:

Windows:
choco upgrade nodejs # or nodejs-lts

macOS:
brew upgrade node # or node@24

Ubuntu:
sudo apt-get --only-upgrade install nodejs

pnpm 10.21 continues to add security features 🛡️

trustPolicy: 'no-downgrade' fails install if trust level of a package decreases with a new version

openPetition Recognition of Work on Open-Source as Volunteering in Germany Henning Lammert Petition is addressed to German Bundestag, Petition Committee 3,256 Signatures 3,134 from 30,000 for quorum in Germany

Petition in Germany recognizing open source as volunteering for the common good 🤩

Seems like a good step towards recognition and a healthier open source ecosystem

www.openpetition.de/petition/onl...

ahh I've actually thought about this a lot - if government and laws and taxes (and also everything else like business rules) could be open source and anyone could make proposals 😍

I guess not happening anytime soon though

instead, we have 1000s of required ways to do things

ha, missed that part!

was just so surprised at finally fixing the GDPR end-user UX, would be soo amazing

Europe is scaling back its landmark privacy and AI laws The EU folds under Big Tech’s pressure.

Wow, no more cookie banners in EU? 🤯🚀 Yes please!

> some “non-risk” cookies won’t trigger pop-ups at all
> central browser controls that apply to websites broadly [for other cookies]

www.theverge.com/news/823750/...

Ohh, interesting opportunity to be the Head of the Sovereign Tech Fund in Berlin 👀

Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers | Brave AI browsers remain vulnerable to prompt injection attacks via screenshots and hidden content, allowing attackers to exploit users' authenticated sessions.

Security: Do not install OpenAI Atlas, Perplexity Comet, etc

At least until the security implications are more fully understood

Multiple security research firms have found vulnerabilities in AI browser architecture, not restricted to only one specific browser

brave.com/blog/unseeab...

alias npx-safe='function _npx_safe() { local node_opts="--permission --allow-fs-read=$(npm prefix -g) --allow-fs-read=$(npm config get cache)" local package="" local package_args=() while [[ $# -gt 0 ]]; do if [[ "$1" == --* ]]; then # Anything starting with `--` goes into node_opts node_opts+=" $1" else # The first non-`--` argument is the package; the rest are package args if [[ -z "$package" ]]; then package="$1" else package_args+=("$1") fi fi shift done echo "=============================" echo " npx-safe Log " echo "=============================" echo "Node.js options:" echo " $node_opts" echo echo "Package:" echo " $package" echo if [[ ${#package_args[@]} -gt 0 ]]; then echo "Arguments:" for arg in "${package_args[@]}"; do echo " $arg" done echo fi echo "=============================" npx --node-options="$node_opts" "$package" "${package_args[@]}" }; _npx_safe'

npx-safe by @rafaelgss.dev :

Use the Node.js permissions model to make running npx on untrusted packages safer 🔥

github.com/RafaelGSS/do...

Node.js Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

Node.js 25 is here! We have upgraded V8 to 14.1, bringing major JSON.stringify
performance improvements and JIT pipeline optimizations.

This release introduces the permission
model --allow-net, Web Storage is enabled by default, and more!

nodejs.org/en/blog/rele...

Ahh version control conflicts are a great use case for AI - conflicts can be super hairy, so any tools or context that can help with this is 🔥🔥

Email coming from npmjs.org, looking like an account maintenance notification, prompting the user to log in.

The link to login looks identical to the NPM login, but hosted on npnjs.com

A phishing attack is going on against maintainers on @npmjs.bsky.social, be aware!

- email is spoofed from npmjs.org (which doesn’t use DMARC but redirects to npmjs.com)
- login link points to npnjs(dot)com (clear giveaway)

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball #1 Error: Dependabot doesn't support the 'updating transitive dependencies' feature for pnpm package_manager Dependabot attempted to update your dependencies but encountered an unsupported feature: 'updating transitive dependencies' for pnpm package_manager. Currently, this feature is not supported by Dependabot.

Why?

Dependabot security alert appears and update generated -> fails because the update is for a pnpm transitive dependency with the error:

Dependabot doesn't support the 'updating transitive dependencies' feature for pnpm package_manager

pnpm transitive dependency updates support #13177 Dependabot doesn't support transitive dependency updates for pnpm, a very popular package manager (31M downloads / week as of writing).

My request for Dependabot: Full support for @pnpm.io

(updates to transitive deps fail currently)

Voice support in the issue 🙌

github.com/dependabot/d...

WebKit Features in Safari 26.0 We’re happy to share with you what’s arriving in Safari 26.0!

Safari 26 is here!!! Anchor Positioning, Scroll-driven animations, High Dynamic Range images, the new HTML <model> element, the all-new Digital Credentials API, SVG icon support, WebGPU, WebKit in SwiftUI, every site can be a web app on iOS and iPadOS, and much more.

webkit.org/blog/17333/w...

would it be part of the e18e initiative goals to reduce reliance on these micro packages by PRing to large consumer packages driving the 73m/week?

I guess the tradeoff is that the new version of the code should be simple, short and bulletproof, possibly because of new language / runtime features

React Advanced meetup coming Toronto 🇨🇦

Any speakers interested: apply to the CFP at the link below 🙌

Codemods for Node.js 😍

Looking great, thanks to all contributors!

Text for search:

Netlify edge functions are down with the error in the logs:

Error handling request: TypeError: functions is not a function

In the browser, the error is: Internal Server Error

My site https://fincaguarumo.com (hosted by Netlify via fincaguarumo.netlify.app, a next.js app) suddenly returns a 500 error. In the logs, I can see only this: Error handling request: TypeError: functions is not a function at file:///root/src/bootstrap/server.ts:53:45 at mapped (ext:deno_http/00_serve.ts:407:24) at mapped (ext:deno_http/00_serve.ts:513:16) at ext:deno_http/00_serve.ts:729:29 at eventLoopTick (ext:core/01_core.js:178:7) at async netlify:bootstrap-stage1:4:1 I have not changed anything recently, I do not have any custom functions. I have no idea how to debug this error as it seems to stem from Netlify itself and not something on my end. Just to be sure, I triggered a manual deploy without cache, updated the @netlify/plugin-nextjs to 5.12.0, but to no avail. The app uses next.js 15. Is there anything else that can be done on my end?

@netlify.com multiple users reporting Netlify edge functions being down, in case you didn't know yet

Maybe you can update the status page with the outage?

answers.netlify.com/t/the-site-s...