@pnpm.io 11 packs a lot of new stuff:
- New defaults aimed at reducing supply chain risks
- New commands & aliases
- Complete publish flow
- Performance improvements
pnpm@11.0.0-rc.2
github.com/pnpm/pnpm/bl...
<MGMT>
🎵
</MGMT>
I’ve seen @mickaelalvs.dev wield this setup live, it was so smooth. Thanks for writing up how it works!
Nerd sniping + theatrics is the best way to make your talk memorable.
📚 Colocation matters. Cognitive load matters. Boundaries matter. High cohesion matters. Yes, even in the age of AI (maybe even more so).
Enter the vertical codebase:
Congratulations ! 🙌
Yes, but it’s less popular (so less likely to be targeted), and would only act as a temporary fix while migrating to a vendored, native fetch based, thin interface for your application code.
Indeed, that’s a nice target too.
The cool part about redaxios is you can add it as a custom alias in @pnpm.io and it should be transparent, no code rewrite necessary at all:
pnpm add axios@npm:redaxios
🚨 Active supply chain attack on axios@1.14.1. The latest version pulls in plain-crypto-js@4.2.1 -- a brand-new package that didn't exist before today.
We're still investigating. If you use axios, pin your version and audit your lockfile. socket.dev/blog/axios-n...
An axios-API-compatible light wrapper over `fetch`, by @developit.dev:
github.com/developit/re...
Can act as a stopgap replacement while migrating away from axios.
Ramona on stage, slide reads: The cake is a lie, and so is your login’s accessibility
Ramona on stage, slide shows a hand drawn Portal (the game) logo
Ramona on stage, slide reads « use color-feature in DevTools », portal gun hand drawing « TanStack DevTools ❤️ »
That was such a lovely talk!
Dominik on stage, slide reads « Dead code shouldn’t exist. How we removed 28k lines of code, one knit at a time »
Knip Comprehensive, fast, zero config, plugins, monorepo, auto fix
@tkdodo.eu presenting knip.dev by @webpro.nl at #ReactParis ✂️
I spent 2 months learning about quantization and am extremely proud of the post I've written about it. I think these are some of the nicest visuals I've ever made, and I love how this compression technique invented in 1898 is being used on the bleeding edge in 2026.
ngrok.com/blog/quantiz...
Kawtar on stage, title slide: “React anti-patterns in AI generated code”
Kawtar on stage, slide showing the Elmo cocaine meme, preferring useEffect to Zustand + TanStack Query
Kawtar Choubari exposes the bad habits of our agents when generating React code:
- useEffect state sync
- key={index}
- fetching in useEffect (“ @tanstack.com mentioned” counter: 2)
I’ll reply for the other humans out there:
Popovers, custom selects (@una.im had a demo where she shoots elements with a CSS gun to select them, Duck Hunt style 🤯), custom functions with return/if/else (is CSS a programming language now?), scroll based selectors, sooo many cool things.
Gabriel on stage with Venn diagrams: - Problems redux solves vs Problems you want to solve: no overlap - Problems TanStack Query solves vs problems you want to solve: ~40% overlap
Next, Gabriel Pichot is showing us how good tools help us reduce cognitive load (and it matters even more at the age of AI).
Also TIL about Germane load
Una on stage, slide reads: Key UX principles 1. reduce noise 2. Guide users 3. Personalize
Una on stage showing how interestfor can make hover cards show a user profile when hovering/focusing traditional <a> links
Una on stage showing the styleable parts of <select>
@una.im starts with showing how amazing modern CSS is.
interestfor is super interesting to add hover cards on links, without any JS.
Sarah and Tejas on stage with all the speakers on a slide
Let’s go, @tej.as & @sarahdayan.com kicking off #ReactParis 2026
The lineup is amazing 🤩
See you there!
📚 Continuing my series about design-systems, today I wrote about why I believe data-testid is a bad practice and and how role-based selectors actually help ensure your app is accessible.
TypeScript 6.0 is out 🎉
🔶 Temporal
🔶 Map#getOrInsert
🔶 RegExp.escape
🔶 #/ prefix for Package Imports
New defaults!
🔶 --target=ES2025
🔶 "use strict"
🔷 --strict
Deprecations!
🗑️ baseUrl, outFile
🗑️ import assertions
🗑️ `module` namespaces
🗑️ module: amd
🗑️ moduleResolution: node
🗑️ target: ES5
Download stats for nuqs, showing zero-download days among regular numbers.
Download stats counts have been down for 3 days last week and one day the week before.
A sloppy web UI looking like an alert (red everywhere, but classic tell-tale of AI-generation)
A sloppy UI for a fake alert (emoji, coloured shadows)
Spammers have discovered vibe-coded UI slop. 🫠
Alternatively, I just found out about chezmoi ("at my house" in french) to go beyond dotfiles sync, looks interesting:
www.chezmoi.io
stow would require an intermediate step:
~/.claude/skills
→ ~/dev/dotfiles/dot-claude/skills
→ ~/dev/dotfiles/skills
This gives you:
- A centralised skill library
- Control over which agent get which skill
GNU `stow` is nice for unifying AI agent skills with symlinks:
❌ ~/.claude/skills → ~/.agents/skills (the `npx skills` way)
✅ ~/.claude/skills → ~/dev/dotfiles/skills
✅ ~/.agents/skills → ~/dev/dotfiles/skills
Clone the dotfiles repo on each machine, symlink once.
Those bang queries are great, but even faster is adding npmx search to the address bar in Firefox (via right click once) with a keyword (e.g. "@n").
Firefox also supports type ahead and search suggestions from npmx.dev this way.
Other browsers will likely offer similar mechanisms (not tested).
new post on my personal blog.
i think these three areas often go unexplained, so hopefully this explains why some of these packages exist. these are fine to exist but the majority of developers shouldn't have to pay the cost for them.
PR on GitHub, with the badge "Open" at the top, but a "Pull request successfully merged and closed" status at the bottom.
Shrödinger's PR: both open & merged at the same time. 🐈
🟣 I'm live on Twitch!
We're chatting about how (not) to use AI for OSS contributions, come say hi! 👋
twitch.tv/francoisbest
Beans is quite nice to use.