I used all four in real projects. One wrecked a monorepo at 3am. Another saved my ass in production. Here's the unfiltered truth about every major package manager in 2025.
Rate limiting isn't an npm dependency — it's an abuse policy. Before copying middleware, you need to define what asset you're protecting, what abuse pattern you expect, and what a false positive costs you. A guide with a decision matrix, real gotchas, and observability for Next.js.
The README on juanchi.dev says "portfolio landing". The code says something else: an editorial system with repo ingestion, quality gate, automatic rewriting, and crons on Railway. The technical story the README doesn't tell.
Running the OWASP LLM Top 10 as a real audit is a completely different experience than reading it as a checklist. I ran it against my TypeScript agent stack with system prompts, MCP tools, and Cline — and the findings were uncomfortable.
pnpm workspaces is the best option for TypeScript monorepos in 2026. But the happy path in the docs hides three traps that only show up in CI with real deployments: phantom dependencies, broken hoisting on Railway, and script filtering that doesn't filter what you think it does.
The Vercel incident wasn't a technical vulnerability — it was a least-privilege failure applied to OAuth. Break down what scope creep is, how to audit it in existing integrations, and what architectural controls prevent a third party from accumulating permissions it doesn't need.
I started wanting to write Haskell in TypeScript and ended up with three helpers and a lesson. An honest breakdown of which functional patterns survive in a real TypeScript codebase and which ones collapse under team friction or the type checker.
Actuator isn't the problem. Enabling it without a clear exposure policy is. A practical guide to using it as an operational tool without turning it into unnecessary public attack surface.
OpenTelemetry in Next.js works, but the default propagator silently breaks the trace at the edge/node boundary. Here's what you need to configure explicitly so context doesn't vanish between Middleware, Server Components, and Server Actions.
32 years in the dev trenches. Here I write what I learned, what I broke, and what nobody tells you in the tutorials.
No spam. Unsubscribe anytime.