How long until we need to block Google? Google AI Overviews are causing fewer clicks for some site owners. If this is a fundamental shift in the web's traffic economy, how can site owners control where their content appears?

Historically, the deal was fair:

1. You allow Google to crawl your site.
2. Google shows snippets in search results.
3. You get traffic in return.

Sometimes, algorithm changes hurt, but overall, the traffic upside made it worth it.

The equation may be shifting.

blog.arcjet.com/how-long-unt...

I found a vulnerability in Nuxt MDC: www.nodejs-security.com/blog/nuxt-md...

Are you using the Nuxt MDC library to render LLM generated content in your Nuxt.js apps? You want to read this article to understand how I came to find a XSS vulnerability identified today as CVE-2025-24981

Ultimate Guide to Building Web Components with Svelte, Theodor Steiner — Svelte Summit Spring 2025 YouTube video by Svelte Society

If you want to build Web Components with Svelte this Svelte Summit talk from @theosteiner.de is for you — Ultimate Guide to Building Web Components with Svelte.
www.youtube.com/watch?v=lDWf...

When Vibe Coding, Avoid These 6 Security Risks! YouTube video by ByteGrad

Watching this code walkthrough of 6 vibe coding security risks...can you guess what they are?

www.youtube.com/watch?v=5kWL...

Low latency global routing with AWS Global Accelerator How Arcjet uses AWS Global Accelerator to route API requests via low-latency private networking to meet our end-to-end p50 latency SLA of 20–30ms.

To meet our end-to-end p50 latency SLA of 20–30ms: we deploy globally, use persistent HTTP/2 connections, and rely on anycast to ensure routing to the nearest healthy region.

All via AWS's Global Accelerator...

blog.arcjet.com/low-latency-...

linux_smb_vunlerability_prompt.txt linux_smb_vunlerability_prompt.txt. GitHub Gist: instantly share code, notes, and snippets.

If you read the post about O3 finding a SMB bug in the Linux Kernel, I did a few tests and I what I suspected looks true: Gemini 2.5 PRO can more easily identify the vulnerability. My success rate is so high that running the following prompt a few times is enough: gist.github.com/antirez/8b76...

Nice clear explanation of how GitHub roll out new implementations of features out that get 2,000 queries a second - including dark-shipping to 1% of users where the new implementation is invisibly compared with the production one via a background job

[...] I just need a small favor. Could you please share your latest settings.json, keybindings.json, and your current list of VS Code extensions? I know you had shared a Gist earlier, but it seems a bit outdated and some things aren’t working as expected.

thank you for the kind words! ❤️

I've spent some time updating the gist with settings, extensions + keybindings

👉 you can find it here: gist.github.com/danielroe/5...

hope it helps!

roe.dev/ama

#ama

Ariel Shulman @ NodeTLV '23 | Typescript. Runtime. And In Between. NodeTLV 2023 www.nodetlv.com Israel's Annual Node.js conference Powered by EventHandler and Node.js-IL Typescript. Runtime. And In Between. English | Intermediate Typescript has become a code of conduct in the industry in the last few years, and for a pretty good reason. However, if you want to really cover type validation in runtime- TypeScript alone isn’t enough. In this session we're going to go under TypeScript’s hood and understand the difference between compile-time and runtime. We will see where are the places where can’t trust TypeScript to validate our types. We will explore Zod and see some cool tricks and best practices we can apply to improve runtime type safety to any code base Ariel Shulman Full Stack Developer @ Illumex Full Stack developer for Illumex, in my last position I was doing Full Stack in Sisense. My stack includes Nestjs, Typerscript, React, Neo4j, PostgreSQL, FastAPI.

Wonderful talk by Ariel Shulman about the role TypeScript plays in development and how to avoid type safety mistakes in runtime

It has all these features:
- Auth management by @clerk.com
- payments by Stripe
- database by @prisma.io
- security by @arcjet.com
- emails
- api app
- web app for landing page
- app for the main app
- docs app for documentation
- and so much more!

Rethinking our REST API: Building the Golden API Using Go + Gin to reimplement our backend REST API. How we built the golden API: performance & scalability, comprehensive docs, security, authentication, and testability.

We're still using Rust to compile to Wasm of course because we don't want to bundle the Go runtime with the GC.

Picking the best tool for the job 💪

More details: blog.arcjet.com/rethinking-o...

After a short internal Rust vs Go bake off, we chose Go + Gin to reimplement our REST API.

Our low-latency gRPC API is also implemented in Go, which gets called from our JS SDK.

Building an email address parser in Rust with nom Using Nom to create a safe email validation parser in Rust. How to create combinator parsing that can be compiled to WebAssembly.

Learn more: blog.arcjet.com/building-an-...

Creating an email parser requires combining local part parsing with domain parsing to ensure we validate the syntax against the RFCs...but of course just following the RFC doesn't quite work in the real world!

Its design focuses on zero-copy parsing (memory-efficient data interpretation without allocations), using Rust's streaming capabilities, and bit-level parsing support. This makes it highly efficient and versatile.

Implementing request parsers in Rust allows us to take advantage of its inherent memory safety, correctness, and performance. That's why we used Nom to build our email validation.

Hacking (and securing) GraphQL Exploiting (and protecting against) injection attacks, duplication DOS, and circular query attacks in GraphQL.

Learn more: blog.arcjet.com/hacking-and-...

Mitigating these GraphQL attacks requires multiple levels of defense in depth:

Disable Schema Enumeration Features
Implement a Timeout
Limit Query Complexity

Cross-Site Scripting (XSS), Structured Query Language Injection (SQLi), Server-Side Request Forgery (SSRF), and Command Injection.

This is all due to how GraphQL queries cascade through multiple levels of depth.

And of course as with any other user input, queries and mutations can be vulnerable to injection attacks...

There are various attack techniques that all aim to overload a GraphQL with queries to achieve a Denial of Service (DoS) outage at the application level

Query Batch DoS Attack, alias DoS Attacks, Duplication DoS Attacks, Circular Query DoS Attacks...

Production-grade Turborepo template for Next.js apps A monorepo template designed to have everything you need to build your new SaaS app as quick as possible. Authentication, billing, analytics, SEO, database ORM and more — it's all here.

The ultimate Next.js SaaS template: next-forge.com

ORM, auth, billing, analytics, website, blog, cron jobs, dark mode, email, testing.

Built with @nextjs.org @vercel.com @prisma.io and a great set of amazing tools