Hi, check out whats been happening this week

Been a packed couple of weeks. New article on a real supply chain attack, a podcast episode I'm really happy with, some big releases from both Anthropic and Astro, and a great article from Joan León on AI-powered performance audits.

Plus the usual conferences and security course updates.

New article: How to steal npm publish tokens by opening GitHub issues

Someone published a malicious version of the Cline CLI to npm using a stolen publish token.

The intresting is how they got the publish token.

It started with a prompt injection. Cline had an AI-powered issue triage bot running on GitHub Actions, and the issue title went directly into the prompt with full Bash and Write tool permissions. A security researcher named Adnan Khan found this, called it "Clinejection," and demonstrated that you could get arbitrary command execution on the CI runner just by opening an issue with the right title.

But the triage workflow didn't have publish secrets. So the attacker used GitHub Actions cache poisoning to jump from the low-privilege triage runner to the high-privilege nightly release workflow.

I wrote the full breakdown with what you can do to protect your own projects.

Read the full article here

Podcast: Aurora Scharff on React Server Components, Next.js, and certifications

New episode of Señors @ Scale is out, and this one's a good one. Aurora Scharff went from studying Robotics and Intelligent Systems at the University of Oslo to becoming one of the most active voices in the React community. She's now DX Engineer at Vercel.

We went deep on React Server Components — what they actually change about how you build apps, why the mental model shift trips up even experienced developers, and how the App Router fits into all of it. She also shared stories from rebuilding legacy systems for the Norwegian government, her honest take on deploying Next.js on Vercel vs Azure, and why she thinks certifications matter more than ever when AI is writing half the code.

Watch the full episode here

Two big Claude announcements

Code Review for Claude Code

Anthropic shipped Code Review on March 9th. When a PR opens, Claude dispatches a team of agents to hunt for bugs. They work in parallel, verify findings against each other to filter false positives, and rank issues by severity. Internally at Anthropic, substantive review coverage went from 16% of PRs to 54% after rolling it out. The system adapts to PR complexity — small changes get a light pass, big refactors get deeper scrutiny.

Reviews average about 20 minutes and cost $15–25 depending on size. Available now in research preview for Team and Enterprise customers.

The Complete Guide to Building Skills for Claude

Anthropic published a 32-page guide on building Agent Skills — the folder-based system that teaches Claude reusable workflows. A skill is just a SKILL.md file (plus optional scripts and reference docs) that Claude loads when it detects the task is relevant. The guide covers planning, structure, testing, and distribution, with real patterns from early adopters.

Read the Skills guide (PDF)

Astro 6 is here

Astro 6 dropped on March 10th and the headline feature is a completely redesigned dev server. By leveraging Vite's new Environment API, astro dev now runs your actual production runtime during development. If you're deploying to Cloudflare Workers, the dev server runs workerd — not a Node.js simulation. Same for Bun and Deno.

Beyond that: a built-in Fonts API that handles downloading, caching, self-hosting, and fallback generation for you. Live Content Collections for externally-hosted content through the Astro content layer.

npx @astrojs/upgrade

Read the full Astro 6 announcement

Joan León on WebPerf Snippets as Agent Skills

Joan León wrote a really smart article about turning his WebPerf Snippets project into Agent Skills for Claude Code. If you put JavaScript snippets inline in a SKILL.md, the LLM might "optimize" or reinterpret the code instead of running it exactly.

For performance measurement, that's the last thing you want.

His approach keeps the scripts as separate .js files that the agent reads and executes verbatim via Chrome DevTools MCP. The SKILL.md is just an index with thresholds and decision trees. If TTFB exceeds 600ms, the agent automatically runs the sub-parts breakdown to identify whether it's DNS, connection, or server time. 47 snippets across 6 skills, with 8 workflows and 16 decision trees. The agent loads only the tokens it needs for the current measurement.

Read Joan's article

Conferences

React Paris — March 26-27, 2026

I'm speaking at React Paris this year and I'm really excited about it. It's a two-day single-track conference at Pullman Paris Montparnasse, which means you see everything — no scheduling conflicts.

Also speaking: Kent C. Dodds, Tejas Kumar, and Aurora Scharff among others.

Tickets are up now. Use code rp26_rbcn at checkout for 10% off.

Get tickets to react.paris

CityJS London — April 15-17, 2026

Three days at Kensington Town Hall in London. Two days of workshops and meetups, one full-day conference. The format is great because by the time you hit the main day you've already met half the room.

I'll be there speaking alongside Rich Harris, Liran Tal, Jason Lengstorf, and others.

Get tickets with 20% discount here

Security Course — Module 1 is out

Module 1 of my web security course is live. It starts where most security content doesn't: package.json. You'll learn how package resolution actually works, what the lock file is really doing, and why two projects with the same package.json can end up with completely different dependency trees. Then you build your own dependency scanner from scratch — one that parses your dependency tree, checks versions against known vulnerability databases, and flags transitive dependencies.

If the Cline attack article above made you uncomfortable about your own supply chain, this is the course to fix that.

Check it out here

That's it for this one. See some of you in Paris.