A smiling Clarkio wearing a backward black Snyk cap against a purple background with binary code. To the right, there’s a screenshot of the OpenAI Codex interface displaying the text 'What should we code next?' with a red arrow pointing to the input box. Above, bold text reads 'TIPS & TRICKS' in purple and pink gradient letters.

Been getting messages asking how I use Codex in my projects. Finally made a video about it!

I break down my entire workflow and share the tips and tricks that make the biggest difference in my daily coding.
Hope it helps 👍

🎥👇
youtu.be/mP-GiOihhM0

It's been validating seeing them struggle to get a CSP just right 😅

Can your AI code gen model/tools of choice generate a proper Content Security Policy that allows everything to still work properly?

The DevSecCon 2025 logo above large white text on a purple gradient background that reads “Securing the Shift to AI Native.” Below, smaller white text says “October 22, 2025 - Virtual.”

AI is transforming how we build, deploy & secure software.

Learn how to empower innovation without compromising security at #DevSecCon, the Global Community Summit on AI Security.

Details:
💻 Virtual
🗓️ Oct 22, 2025
🔗 snyk.io/events/devseccon

A smiling clarkio wearing a backward black Snyk cap and a black shirt with the Snyk logo, pointing to text on the right that says 'Manage MCP servers' with a visible 'snyk Configure' button. Large bold text at the top reads 'MCP SERVERS IN WINDSURF' in blue and purple gradient. On the left, there’s the Windsurf logo with teal curved lines on a dark background, all set against a bright purple and blue gradient backdrop.

If you’re using Windsurf and not adding MCP servers you’re missing out on serious power.

I’ll show you how to add them from the store and manually (including Snyk!)

Full video 👇
youtu.be/exGudnPb9Bo

Clarkio wearing a backward black Snyk cap looking surprised, set against a bright purple and blue background. To his right is an editor window titled 'SECURITY_REPORT.md' displaying a Markdown document describing a 'production-ready, security-hardened Node.js notes application.' Above him is the orange starburst logo for Anthropic, and bold gradient text at the bottom reads 'BEST IN THE WORLD?!' in blue and purple letters.

I asked Claude Sonnet 4.5 to build a secure Node.js note taking app from scratch. The results surprised me!

Watch here 👇
youtu.be/YBl0BR3fgjA

Clarkio with a thoughtful face wearing a backwards Snyk cap, resting his chin on his hand. At the top is a code editor showing .env, package.json, and index.js tabs, with code that logs API_KEY from process.env. To the right is a tweet screenshot that says 'Cursor steals your dev creds,' with a red arrow pointing at it. At the bottom, bold red text reads '.ENV IS BAD' against a purple background.

Stop using .env files for your API keys. They’re not safe anymore.

Here’s why and what to do instead 👇
youtu.be/pcbRwwaCPUg

Bright thumbnail image featuring a surprised clarkio on the left side, with wide eyes and open mouth. The background is a vibrant mix of purple and pink hues with binary code pattern. Bold text at the top reads 'SPEC DRIVEN DEVELOPMENT' in blue and white. On the right, a UI screenshot shows two options: 'Vibe' and 'Spec,' with the 'Spec' option highlighted, which says 'Plan first, then build. Create requirements and design before coding starts.' A red arrow points to the highlighted option.

Spec-driven development + AI = the future? 🤔

I explored Amazon’s new Kiro IDE paired with Claude Sonnet 4 to find out.

Watch and tell me if you’d code like this 👇
🎥 youtu.be/YpB1QS58KZE

We’re in the wave of spec-driven development now.

On the right-hand side is text in bold letters "This is crazy!" overlayed on the Replit logo. Above that is a screen shot of the application that was built in the video. On the left-hand side is an image of clarkio smiling. The background is a gradient from purple to blue with circuit lines and 1's and 0's

I put Replit to the test and was honestly shocked by the outcome. If you care about what AI coding tools can (and can’t) do, you’ll want to see this.

📹👉 youtu.be/gHGB3kptH_s

This has been a fun loop🤪

Agent: Everything is done let me run the app
Terminal: App running
Agent: Perfect! Let me test it with curl
*kills app for curl*
Agent: Let me start the server again and test it
Terminal: App running
Agent: Perfect! Let me test it with curl

What's been your experience? Is it all hype? Or maybe all hate? Or are you finding it's been fairly balanced when using these technologies?

Outside of this instance I've had plenty of delight moments as well. So tbh I don't know for sure when it's worth it or not as the answer is usually "it depends".

Regardless I wanted to put this out there as a practical experience among all the hype and hate.

I did this to tinker and experiment. I imagine in an agentic flow with auto accept conditions on it would eventually get to a fully working solution.

But at what cost? How many tokens/etc.? And was it worth it vs. building it by hand or using an existing template?

It failed to use the latest versions of the dependencies it chose

It failed to use compatible versions of plugin packages for the main web framework dependency

It failed to handle different environmental variations (e.g. file paths on diff OSes)

Just to name a few...

I'm using Claude Code and asked it to spin up a quick Node.js API to support an OAuth flow. While the code looked syntactically correct if you tried to run it things failed.

When it comes to AI/LLMs I aim to have a balanced perspective on it. There are times I'm delighted by what they do and other times I'm unimpressed. Today I felt a bit unimpressed...

Clarkio in the forefront thinking with a screen shot image of JSON showing project dependencies and bold text of "Claude Opus 4.1"

Giving Claude Opus 4.1 a go at writing a secure app ↙️

youtu.be/ELSl0RmFxLg?...

How to Add MCP Servers to VS Code (with GitHub Copilot) In this tutorial, I’ll walk you through the step-by-step process of adding MCP servers to Visual Studio Code using GitHub Copilot. Whether you’re setting up your first MCP server or integrating…

How to Add MCP Servers to VS Code by @clarkio.com youtu.be/50tkvZhOVqM?...

y'all are sleeping on npq ✨

Step 1:
$ npm install -g npq
$ alias npm="npq-hero"
Step 2:
*no more malicious packages hurting you ;-)

*well, much lower risk based, nothing is absolute

Backwards hat Salma?! Hell yea!

I had already felt this as my career progressed but that has accelerated with AI/LLM's

Reading code is becoming even more valuable than writing it.

A thumbnail with a dark background and a picture of Wes Bos in the top right. The thumbnail reads "Agent Mode Day with Wes Bos" and says "VS Code Live" in the bottom left

VS Code Live: Agent Mode Day is tomorrow, April 16th!

And we've got a special guest joining us - @wesbos.com will be closing out the stream with a live coding session! You won't want to miss this.

Stream starts at 9 AM PT: youtube.com/live/HNly8eN...

Agent mode: available to all users and supports MCP Agent mode is now available to all users and supports MCP.

Agent mode is rolling out to all users!

🔁 Autonomous code editing
🔍 Full codebase awareness
💬 Built in tools for codebase search, terminal, fetching website content and more

All extensible via MCP & VS Code Extensions. All available today.

Learn more:

Had a blast today! Thanks for joining!

haha Brian is just hilarious 😂
checkout the new video about Claude 3.7 and whether it's actually better for generating secure code: www.youtube.com/watch?v=zM8c...

JavaScript | 2024 | The Web Almanac by HTTP Archive JavaScript chapter of the 2024 Web Almanac covering the usage of JavaScript on the web, libraries and frameworks, compression, web components, and source maps.

We've just published the 19th and final chapter of the 2024 Web Almanac on JavaScript by Abdul Haddi Amjad and Nishu Goel.

almanac.httparchive.org/en/2024/java...

Last Resort - Papa Roach. Well played 😁👍

Love that HMR is for the API as well.

Does this mean it’s something like ‘bun init react’? Are there plans to support other frontends too then?