Syntax - Tasty Web Development Treats

Scott and Wes break down the “Mini Shai-Hulud” supply chain attack that compromised TanStack and other popular npm packages through a clever GitHub Actions cache poisoning exploit; a self-propagating worm that stole credentials and persisted through Claude Code hooks and VS Code tasks. They also cover how developers can protect themselves using pnpm’s security defaults, dev containers, and other practical defenses. Show Notes 00:00 Welcome to Syntax! 00:25 Understanding the Shai-Hulud Worm Post Mortem of Shai Hulud Attack 02:47 Mechanics of the Attack: GitHub Actions and Cache How the attack happened Who Was Involved in the Attack Several npm la...

Scott and Wes chat all things agent skills for web developers, sharing their favorites for everything from CSS animations and HTML generation to logo extraction, marketing copy, and video creation. Whether you’re just getting started with AI-powered development or looking to level up your workflow, this episode is packed with practical skills you can put to use today. Show Notes 00:00 Welcome to Syntax! 01:33 Hot Tip Skill 05:55 CSS Motion Systems 08:17 Agent Browser Skill 09:30 HTML Skill 12:01 Extract Logos Skill 13:34 Dex Task Skill 14:50 Remotion and Hyper Frames Skills Syntax Episode 550 with Remotion 16:22 Discussion on AI and Design Skills 18:50 Ma...

In this potluck episode of Syntax, Wes and Scott answer your questions about LLM usage-based pricing, security risks from malicious code in interviews, staying current in a fast-moving dev landscape, a new CSS linter, managing Node environments and tooling without losing your mind, and more! Show Notes 00:00 Welcome to Syntax! 01:17 Copilot’s new usage-based pricing and the end of cheap AI Model multipliers for annual Copilot Pro and Copilot Pro+ subscribers 08:53 Why Syntax dropped clever ad transitions 10:33 Debugging issues on the Syntax website with Sentry 12:51 Brought to you by Sentry.io 13:01 Getting hacked through a fake re...

Scott and Wes tackle the all-too-real stress of crunch time as a web developer—how to handle looming deadlines, avoid sloppy shortcuts, and stay methodical when everything feels like it’s falling apart. They share practical tips on planning, communicating, cutting scope, asking for help, and preventing the chaos from happening again next time. Show Notes 00:00 Welcome to Syntax! 02:53 The Importance of Planning and Organization. 05:16 Slow Down, Take a Step Back. 06:05 Identifying and Managing Tasks. 08:35 The Role of Communication in Project Management. 11:24 Cutting Features and Managing Expectations. 14:52 The Balance Between Perfectionism and Productivity. 16:42 Getting To Work. 19:31 Upda...

Wes and Scott celebrate 1000 episodes of Syntax, reflecting on how the podcast started, the team behind it, memorable moments, listener stats, inside jokes, and how the show has evolved over time—from early recordings and sponsors to supercuts, spooky episodes, and what’s next. Show Notes 00:00 Welcome to Syntax! 02:01 Intro to Kaitlin 03:08 Intro to Randy 06:16 Intro to CJ 09:01 Intro to Niki 10:08 Who “yaps” more, Wes or Scott? 10:28 Brought to you by Sentry.io 18:37 Wes’ supercuts app 24:04 How Syntax got started 28:04 Joining Sentry 29:47 The 6-7 compilation 30:42 The original Syntax doc 38:44 Dead Nuts supercut 38:58 Kaitlin’s journey from Level Up to...

Scott and Wes break down what makes CSS truly manageable—from preventing style leaks and embracing fluid layouts to choosing the right methodology, whether that’s utility CSS, component-scoped styles, or CSS modules. They also dive into practical tips like leveraging CSS variables, layers, scoping, and tooling to keep your stylesheets clean and scalable. Show Notes 00:00 Welcome to Syntax! 01:31 Understanding CSS Manageability 01:44 This CSS doesn’t leak to other parts of website. 03:41 This CSS is easy to maintain. 05:54 This CSS is reusable. 06:10 Global Solutions Instead of Local Solutions. 07:12 Flexibility and Adaptability in CSS 09:36 Fluid Typography and Respon...

Wes and Scott talk about making AI coding more reliable using deterministic tools like fallow, knip, ESLint, StyleLint, and Sentry. They cover code quality analysis, linting strategies, headless browsers, task workflows, and how to enforce better patterns so AI stops guessing and starts producing maintainable, predictable code. Show Notes 00:00 Welcome to Syntax! Losing two clients in one week 04:49 Code quality tools jscpd.dev knip.dev fallow.tools wallace 14:11 Finding and using components Storybook AI 17:28 Brought to you by Sentry.io 17:42 Finding bugs Sentry CLI Spotlight 19:55 Formatting and linting Vite+ ESLint StyleLint clint 25:41 Headless browsers agent-browser chrome-devtools-mcp ...

Scott and Wes dig into a huge batch of community-submitted projects, from JSON tools and CSS editors to AI agents, view transitions, and everything in between. It’s a rapid-fire showcase of what developers have been building, including picks like Arrow JS, Sugar High, Drift, and a whole lot more. Show Notes 00:00 Welcome to Syntax! Wes’ Bluesky Post Wes’ X Post 01:20 JSON-Alexander. 02:43 FFF - Fastest File Search. 04:44 View Transitions Toolkit. 08:06 Agentation and Svelte Agentation. 11:21 CSS Studio. 13:12 Peon Ping 14:26 Peekdown. 16:03 Dex. 20:22 Content Copilot. 22:16 Opencode Sentry Monitor. pi-sentry-monitor. 24:56 Arrow JS. 29:20 Comark. 33:19 Silly Software Club. 34:05 Sugar High. 36:04 Drift.

Wes and Scott talk about the latest CSS and browser features, including the Grid Lines API for masonry layouts, HTML in Canvas, name-only container queries, CSS random, search-text styling, and more. Show Notes 00:00 Welcome to Syntax! 00:57 Grid Lines API for masonry-style layouts Introducing CSS Grid Lanes CSS Grid Lanes browser support 03:25 HTML in canvas and next-gen UI effects @jaffathecake @mattrothenberg 11:30 Name-only container queries for scoped styles Name-Only Containers: The Scoping We Needed 14:37 Brought to you by Sentry.io 15:34 Safari removes haptic feedback workaround 17:38 CSS random for dynamic values Rolling the Dice with CSS random() 18:49 Styling find-in-page...

In this episode, Scott and Wes sit down with Tim Neutkens and Jimmi Lai from the Next.js team to dig into the new Adapters API, what it takes to run Next.js across platforms like Cloudflare and Netlify, and how caching and infrastructure choices affect performance. They also go deep on TurboPack’s internals, why Next.js doesn’t run on Vite, and the evolution of bundling in the framework. Show Notes 00:00 Welcome to Syntax! 01:14 Introduction to Next.js and the Adapter Platform Next.js Across Platforms 02:23 The Adapters API: Features and Community Needs 04:46 Building and...

In this potluck episode of Syntax, Wes and Scott answer your questions about AI struggles with CSS and design workflows, learning vs relying on AI, debugging web performance, beginner soldering setups, navigating AI-era job interviews, Figma dev mode, modern API choices, and more. Show Notes 00:00 Welcome to Syntax! 00:55 Why AI struggles with CSS and design workflows 10:50 How much AI should you use when learning to code? 18:41 Debugging performance: tools and team workflows Ep 585: Fundamentals × What Makes a Website Slow? Ep 874: Fast Apps - Easy Perf Wins Ep 897: Making Your App Feel Faster Than It Really Is E...

Scott and Wes break down a chaotic week in dev news — the Claude Code source leak, a nasty Axios npm supply chain hack, and Railway’s private cache exposure — plus how to keep these nightmare scenarios from hitting your own projects. Show Notes 00:00 Welcome to Syntax! 00:55 Claude Code Leaked! Wes’ X Post Apple Source Code Video 05:42 Burning through Claude Code token limits. Reddit Thread 08:57 Axios hacked! Step Security pnpm Supply Chain Security pnpm minimumReleaseAge 16:13 Pretext blew up! Pretext.js Demos Wes’ Demo 27:24 Railway shared private cache. Railway Incident Report 31:54 Sick Picks & Shameless Plugs. Sick Picks Scott...

Wes and Scott talk about migrating large codebases with AI — how to plan framework and language moves, establish patterns, handle templating changes, test thoroughly, safely deploy, and more. Show Notes 00:00 Welcome to Syntax! 01:46 Why migrate to a new language or framework? 05:09 How to approach a large code migration 08:47 Establishing patterns before using AI 10:35 Moving from pug to JSX 12:06 Building a detailed migration plan 15:18 Testing every part of the application 15:51 Brought to you by Sentry.io 16:58 Deploying and catching issues with Sentry 19:12 Converting express requests to web standard requests 19:34 Other codebases that could benefit from AI migrations 21:36 Si...

Vite just launched Void, a fullstack JavaScript framework and cloud platform that bundles together routing, SSR, auth, an ORM, and nearly everything you’d expect from a modern meta-framework — all built on top of Cloudflare’s infrastructure. Scott, Wes, and CJ dig into whether Void is the Rails moment JavaScript has been waiting for, or just shiny Cloudflare lock-in with a bow on it. Show Notes 00:00 Welcome to Syntax! The Announcement 00:27 Laravel or Rails for JavaScript? 01:38 What is this big announcement? 04:36 It’s just Vercel for Cloudflare? 07:09 Database options. 09:37 Brought to you by Sentry.io. 10:01 Type safety. ...

Wes, Scott, and CJ talk about Vite+, a unified JavaScript toolchain that combines linting, formatting, task running, monorepos, and more. They break down its evolution, open-source shift, performance gains, Node version management, and whether it can realistically replace today’s fragmented dev tooling. Show Notes 00:00 Welcome to Syntax! 00:54 What Vite+ is and what’s changed since launch 03:43 Why the ecosystem needs Vite+ 06:41 What Vite+ actually does for your workflow 10:18 Built-in Node version management 12:32 Type-aware linting with tsgolint and oxc 15:27 Brought to you by Sentry.io 16:28 Should config live inside vite.config? 22:56 Monorepos and task running in Vite...

Scott and Wes dig into the latest State of JS survey results, breaking down which JavaScript libraries, frameworks, and tools are rising, falling, or holding steady in the ever-shifting JS ecosystem. From front-end frameworks and meta-framework pain points to JavaScript runtimes, hosting services, and the growing role of AI tools in developer workflows, this one’s packed with takes, tier lists, and plenty of opinions. Show Notes 00:00 Welcome to Syntax! 01:06 JavaScript Features, not overly interesting. 02:15 JavaScript Libraries popularity and usage over time. 07:52 Library Tier List. 10:55 Library Ratios Over Time. 13:09 Other Front-End Frameworks. 15:24 Meta-framework Ratios Over Time. 19:34 Me...

Wes and Scott talk with Steve Faulkner about vinext, a Vite-powered Next.js fork. They dive into AI coding workflows, agent browsers, code quality, and what modern dev tooling looks like in an AI-first world. Show Notes 00:00 Welcome to Syntax! 02:01 Knowing how to use AI 02:31 The idea behind “slop fork” vinext How we rebuilt Next.js with AI in one week 06:27 How to approach a project like this Super Whisper 07:53 Using markdown as a planning and thinking tool 12:35 Steve’s OpenCode setup 14:31 What agent browsers are and how they work agent-browser 15:34 Where agent browsers fall short 19:02 Why ag...

Scott and Wes break down the world of remote coding agents — what they are, why you’d want one, and all the different ways you can run them, from Cursor Cloud and Claude Code to an old laptop sitting on your floor. They cover real-world use cases, environment setup, API key management, and the wild variety of interfaces that let agents work while you sleep. Show Notes 00:00 Welcome to Syntax! 03:14 Introduction to Remote Coding Agents 05:32 Practical Examples of Remote Agents 05:34 Website data grunt work. 07:48 Research assistant 08:57 Travel agent… agent 09:57 Where and When Remote Agents Run 10:43 Brought to you...

In this potluck episode, Wes and Scott answer your questions about popover navigation patterns, the Vibrate API on iOS, whether code quality still matters in the AI era, Wes’s evolving Obsidian second-brain setup, where to start with modern full-stack JavaScript, and more! Show Notes 00:00 Welcome to Syntax! 01:02 Using display none with popover and hamburger navigation 03:37 Vercel on iOS and experimenting with the Vibrate API 05:47 Does code quality still matter in the AI age? 11:08 Wes’ second brain update and Obsidian workflow QMD 19:57 Brought to you by Sentry.io 20:21 Supporting older browsers and missing out on modern web...

Scott and Wes are joined by Phil Miller and Theo Ephraim to talk about Varlock, a new approach to environment variables that adds schemas, validation, and security to the humble .env file. They dig into the risks of traditional env workflows, how schema-driven configs improve DX, and how tools like Varlock help manage secrets safely across frameworks, CI, and AI-powered workflows. Show Notes 00:00 Welcome to Syntax! 03:15 The Risks of .env Files 04:58 Introducing Varlock: A Unified Solution 06:56 Schema-Driven Environment Variables 11:47 Integrating with Various Frameworks 14:08 Brought to you by Sentry.io 14:32 Cross-Language Compatibility 17:50 Best Practices for Environment Variables 21:11...