1004: TanHacked

1004: TanHacked

Scott and Wes break down the “Mini Shai-Hulud” supply chain attack that compromised TanStack and other popular npm packages through a clever GitHub Actions cache poisoning exploit; a self-propagating worm that stole credentials and persisted through Claude Code hooks and VS Code tasks. They also cover how developers can protect themselves using pnpm’s security defaults, dev containers, and other practical defenses. SHOW NOTES * 00:00 Welcome to Syntax! * 00:25 Understanding the Shai-Hulud Worm [https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack] * Post Mortem of Shai Hulud Attack [https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem] * 02:47 Mechanics of the Attack: GitHub Actions and Cache * How the attack happened [https://x.com/sebastienlorber/status/2054108973352038618?s=20] * Who Was Involved in the Attack [https://x.com/hetmehtaa/status/2054158511073116266] * Several npm latest releases are compromised [https://github.com/TanStack/router/issues/7383#issuecomment-4424629798] * Socket.dev [https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack] * Step Security [https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem] * 05:44 Brought to you by Sentry.io [https://sentry.io/syntax] * 06:09 Propagation and Impact of the Worm * 09:30 Preventative Measures for Developers * Dead Man’s Switch [https://x.com/dabit3/status/2053956743621648789] * 12:33 The Role of Package Managers in Security * Block Exotic Subdeps [https://pnpm.io/settings#blockexoticsubdeps] * 18:39 Using Dev Containers * Why You Should Use Dev Containers [https://www.youtube.com/watch?v=kPMA9cnpScU] * Scott Tolinski’s Security Review [https://github.com/stolinski/s-stack/tree/main/skills/security-review] * 20:57 Conclusion and Final Thoughts * Sentry has Skills! [https://github.com/getsentry/skills] HIT US UP ON SOCIALS! Syntax: X [https://twitter.com/syntaxfm] Instagram [https://www.instagram.com/syntax_fm/] Tiktok [https://www.tiktok.com/@syntaxfm] LinkedIn [https://www.linkedin.com/company/96077407/admin/feed/posts/] Threads [https://www.threads.net/@syntax_fm] Wes: X [https://twitter.com/wesbos] Instagram [https://www.instagram.com/wesbos/] Tiktok [https://www.tiktok.com/@wesbos] LinkedIn [https://www.linkedin.com/in/wesbos/] Threads [https://www.threads.net/@wesbos] Scott: X [https://twitter.com/stolinski] Instagram [https://www.instagram.com/stolinski/] Tiktok [https://www.tiktok.com/@stolinski] LinkedIn [https://www.linkedin.com/in/stolinski/] Threads [https://www.threads.net/@stolinski] Randy: X [https://twitter.com/randyrektor] Instagram [https://www.instagram.com/randyrektor/] YouTube [https://www.youtube.com/@randyrektor] Threads [https://www.threads.net/@randyrektor]

1003: Skills Skills Skills

Scott and Wes chat all things agent skills for web developers, sharing their favorites for everything from CSS animations and HTML generation to logo extraction, marketing copy, and video creation. Whether you’re just getting started with AI-powered development or looking to level up your workflow, this episode is packed with practical skills you can put to use today. SHOW NOTES * 00:00 Welcome to Syntax! * 01:33 Hot Tip Skill [https://wesbos.com/tips] * 05:55 CSS Motion Systems [https://github.com/stolinski/s-stack/tree/main/skills/css-motion-systems] * 08:17 Agent Browser Skill [https://agent-browser.dev/skills] * 09:30 HTML Skill [https://github.com/stolinski/s-stack/blob/main/skills/html/SKILL.md] * 12:01 Extract Logos Skill * 13:34 Dex Task Skill [https://github.com/stolinski/s-stack/tree/main/skills/dex] * 14:50 Remotion and Hyper Frames Skills * Syntax Episode 550 with Remotion [https://syntax.fm/show/550/supper-club-remotion-react-video-with-jonny-burger] * 16:22 Discussion on AI and Design Skills * 18:50 Marketing Skills [https://github.com/coreyhaines31/marketingskills] and Copywriting [https://github.com/stolinski/s-stack/blob/main/skills/copywriting/SKILL.md] * 23:01 Final Thoughts and Resources * 24:10 Brought to you by Sentry.io [https://sentry.io/syntax] * Sentry Skills [https://github.com/getsentry/skills] HIT US UP ON SOCIALS! Syntax: X [https://twitter.com/syntaxfm] Instagram [https://www.instagram.com/syntax_fm/] Tiktok [https://www.tiktok.com/@syntaxfm] LinkedIn [https://www.linkedin.com/company/96077407/admin/feed/posts/] Threads [https://www.threads.net/@syntax_fm] Wes: X [https://twitter.com/wesbos] Instagram [https://www.instagram.com/wesbos/] Tiktok [https://www.tiktok.com/@wesbos] LinkedIn [https://www.linkedin.com/in/wesbos/] Threads [https://www.threads.net/@wesbos] Scott: X [https://twitter.com/stolinski] Instagram [https://www.instagram.com/stolinski/] Tiktok [https://www.tiktok.com/@stolinski] LinkedIn [https://www.linkedin.com/in/stolinski/] Threads [https://www.threads.net/@stolinski] Randy: X [https://twitter.com/randyrektor] Instagram [https://www.instagram.com/randyrektor/] YouTube [https://www.youtube.com/@randyrektor] Threads [https://www.threads.net/@randyrektor]

1002: The Real Pricing of LLMs

In this potluck episode of Syntax, Wes and Scott answer your questions about LLM usage-based pricing, security risks from malicious code in interviews, staying current in a fast-moving dev landscape, a new CSS linter, managing Node environments and tooling without losing your mind, and more! SHOW NOTES * 00:00 Welcome to Syntax! * 01:17 Copilot’s new usage-based pricing and the end of cheap AI * Model multipliers for annual Copilot Pro and Copilot Pro+ subscribers [https://docs.github.com/en/copilot/reference/copilot-billing/models-and-pricing?utm_campaign=FY26APR-WW-LCM-BLA-ProPP-IND-Dev-TX-USGCHGMTH&utm_medium=email&utm_source=github#model-multipliers-for-annual-copilot-pro-and-copilot-pro-subscribers] * 08:53 Why Syntax dropped clever ad transitions * 10:33 Debugging issues on the Syntax website with Sentry * 12:51 Brought to you by Sentry.io [https://sentry.io/syntax/] * 13:01 Getting hacked through a fake recruiter and malicious repos * Adib Hanna’s hacking story [https://x.com/adibhanna/status/2046988777789555191] * scammer.md [https://gist.github.com/adibhanna/6c66552b94577951bc4cce877fcf7729] * DeskPad [https://github.com/Stengo/DeskPad] * 17:57 How to catch up after stepping away from dev * 25:10 React components vs native browser APIs * 32:41 New CSS linting tools and Project Wallace updates * csskit [https://csskit.rs/] * 36:06 How to interview developers in the age of AI * 41:21 Managing Node, package managers, and dev environments * 46:59 Sick picks + shameless plugs SICK PICKS * Scott: * ZEISS Lens Care [https://amzn.to/4eOF5No] * KeyboardCleanTool [https://folivora.ai/keyboardcleantool] * Wes: Amaran Halo 100x [https://amzn.to/41X69Tb] SHAMELESS PLUGS * Syntax YouTube Channel [https://www.youtube.com/@syntaxfm] HIT US UP ON SOCIALS! Syntax: X [https://twitter.com/syntaxfm] Instagram [https://www.instagram.com/syntax_fm/] Tiktok [https://www.tiktok.com/@syntaxfm] LinkedIn [https://www.linkedin.com/company/96077407/admin/feed/posts/] Threads [https://www.threads.net/@syntax_fm] Wes: X [https://twitter.com/wesbos] Instagram [https://www.instagram.com/wesbos/] Tiktok [https://www.tiktok.com/@wesbos] LinkedIn [https://www.linkedin.com/in/wesbos/] Threads [https://www.threads.net/@wesbos] Scott: X [https://twitter.com/stolinski] Instagram [https://www.instagram.com/stolinski/] Tiktok [https://www.tiktok.com/@stolinski] LinkedIn [https://www.linkedin.com/in/stolinski/] Threads [https://www.threads.net/@stolinski] Randy: X [https://twitter.com/randyrektor] Instagram [https://www.instagram.com/randyrektor/] YouTube [https://www.youtube.com/@randyrektor] Threads [https://www.threads.net/@randyrektor]

1001: Managing Deadlines + Stress

Scott and Wes tackle the all-too-real stress of crunch time as a web developer—how to handle looming deadlines, avoid sloppy shortcuts, and stay methodical when everything feels like it’s falling apart. They share practical tips on planning, communicating, cutting scope, asking for help, and preventing the chaos from happening again next time. SHOW NOTES * 00:00 Welcome to Syntax! * 02:53 The Importance of Planning and Organization. * 05:16 Slow Down, Take a Step Back. * 06:05 Identifying and Managing Tasks. * 08:35 The Role of Communication in Project Management. * 11:24 Cutting Features and Managing Expectations. * 14:52 The Balance Between Perfectionism and Productivity. * 16:42 Getting To Work. * 19:31 Updating Tools and Issues As You Go. * 22:34 Asking for Help. * 25:29 Prevention. * 30:22 Communicate Clearly. * 32:57 Brought to you by Sentry.io [https://sentry.io/syntax]. HIT US UP ON SOCIALS! Syntax: X [https://twitter.com/syntaxfm] Instagram [https://www.instagram.com/syntax_fm/] Tiktok [https://www.tiktok.com/@syntaxfm] LinkedIn [https://www.linkedin.com/company/96077407/admin/feed/posts/] Threads [https://www.threads.net/@syntax_fm] Wes: X [https://twitter.com/wesbos] Instagram [https://www.instagram.com/wesbos/] Tiktok [https://www.tiktok.com/@wesbos] LinkedIn [https://www.linkedin.com/in/wesbos/] Threads [https://www.threads.net/@wesbos] Scott: X [https://twitter.com/stolinski] Instagram [https://www.instagram.com/stolinski/] Tiktok [https://www.tiktok.com/@stolinski] LinkedIn [https://www.linkedin.com/in/stolinski/] Threads [https://www.threads.net/@stolinski] Randy: X [https://twitter.com/randyrektor] Instagram [https://www.instagram.com/randyrektor/] YouTube [https://www.youtube.com/@randyrektor] Threads [https://www.threads.net/@randyrektor]

1000: Syntax Episode 1,000!

Wes and Scott celebrate 1000 episodes of Syntax, reflecting on how the podcast started, the team behind it, memorable moments, listener stats, inside jokes, and how the show has evolved over time—from early recordings and sponsors to supercuts, spooky episodes, and what’s next. SHOW NOTES * 00:00 Welcome to Syntax! * 02:01 Intro to Kaitlin * 03:08 Intro to Randy * 06:16 Intro to CJ * 09:01 Intro to Niki * 10:08 Who “yaps” more, Wes or Scott? * 10:28 Brought to you by Sentry.io [https://sentry.io/syntax/] * 18:37 Wes’ supercuts app * 24:04 How Syntax got started * 28:04 Joining Sentry * 29:47 The 6-7 compilation * 30:42 The original Syntax doc * 38:44 Dead Nuts supercut * 38:58 Kaitlin’s journey from Level Up to Syntax * 45:30 Where new listeners should start * 46:41 The Wordle episode and viral moments * 48:24 Most popular Syntax episodes * 48:40 The Halloween episodes and spooky stories tradition * 50:57 Listener stats by country * 55:22 First sponsors and early monetization * 57:30 Who edited the early Syntax episodes? * 59:25 Will there be a Syntax conference? * 01:01:33 How many guests have been on Syntax? * 01:02:58 Evolution of Syntax intros * 01:07:54 More Syntax supercuts HIT US UP ON SOCIALS! Syntax: X [https://twitter.com/syntaxfm] Instagram [https://www.instagram.com/syntax_fm/] Tiktok [https://www.tiktok.com/@syntaxfm] LinkedIn [https://www.linkedin.com/company/96077407/admin/feed/posts/] Threads [https://www.threads.net/@syntax_fm] Wes: X [https://twitter.com/wesbos] Instagram [https://www.instagram.com/wesbos/] Tiktok [https://www.tiktok.com/@wesbos] LinkedIn [https://www.linkedin.com/in/wesbos/] Threads [https://www.threads.net/@wesbos] Scott: X [https://twitter.com/stolinski] Instagram [https://www.instagram.com/stolinski/] Tiktok [https://www.tiktok.com/@stolinski] LinkedIn [https://www.linkedin.com/in/stolinski/] Threads [https://www.threads.net/@stolinski] Randy: X [https://twitter.com/randyrektor] Instagram [https://www.instagram.com/randyrektor/] YouTube [https://www.youtube.com/@randyrektor] Threads [https://www.threads.net/@randyrektor]