My colleague made a nano UI frameworks on top of Nano Stores and Web Components.

It fits perfectly the cases like small widgets on landing pages or third-party widgets.

https://psd-coder.github.io/nanotags/

Starting April 2, you can show an app instead of a physical ID card in Spain.

Unfortunately, it doesn’t apply to immigrants with TIE yet—waiting for citizenship.

Still, it’s cool and shows progress.

Pangrams use every letter of the alphabet:

> The quick brown fox jumps over the lazy dog.

There are also phonetic pangrams, which include every sound:

> The hungry purple dinosaur ate the kind, zingy fox, the jabbering crab, and the mad whale and started vending and quacking.

If anyone thinks supply chain attacks are only an npm or JS problem, here’s an example from the Python and LLM world.

​A single `pip install litellm` and all your access keys are stolen.

​Start thinking about systemic defense against supply chain attacks before it's too late.
​https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/

Wow! Huge thanks to ElevenLabs for the $200/month sponsorship toward my work on open-source projects.

https://github.com/sponsors/ai/

Another GitHub Action hack where old versions were swapped to infect CI.
https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise

It’s another example of why you should pin actions in your workflows by commit SHA, not by version tags.

For JS projects, use actions-up:
https://github.com/azat-io/actions-up

For everything else: pinact.