A Review of the TanStack npm Package Poisoning via CI Cache
2026年5月12日Elecmonkey
Isolation between different trust levels failed in an unexpected place. Supply-chain security in the frontend ecosystem still has a long way to go.
Some Thoughts on the Axios 202603 Poisoning Incident: CI Best Practices, Supply Chain Security, and Selection Reflections
2026年4月4日Elecmonkey
The second half seems to go off topic... drifting into reflections on choosing network request libraries, from Axios to the Fetch API
Running an Antique Frontend Project on an arm64 Mac, and Ending Up with a Head Full of Thoughts About Technical Debt
2025年5月19日Elecmonkey
Technical debt is not purely a technical problem. It is about CI/CD modernization, organizational governance, and every technologist's open source culture and community participation.
Next.js Zero-Downtime Deployment Notes: From PM2 Cluster to Next Standalone Mode
2025年3月28日Elecmonkey
Notes on a zero-downtime deployment solution for a Next.js project in production.
Pitfalls in Configuring GitHub Actions for a Small Frontend Project
2025年3月26日Elecmonkey
Also known as: a frontend developer misled by large models decides to save their own CI/CD workflow (nope).