AI 资讯
The Day AI Argued With MDN (And Lost)
AI coding assistants have fundamentally changed the way we write software. Today it's perfectly normal to ask ChatGPT, Claude, Cursor, or Copilot to explain an API, generate a React component, review a pull request, or help debug a problem. For many developers, these tools have become part of the daily workflow. Yet there's one area where they still struggle more than we'd like to admit: understanding the current state of the web platform. Mozilla recently demonstrated this problem in a surprisingly direct way. While evaluating Claude Code on recently released Firefox features, the team discovered that the model confidently claimed Firefox didn't support the Web Serial API and that Mozilla had no plans to implement it. The answer sounded plausible, detailed, and authoritative. There was just one issue. Firefox had already shipped support for the API. That experiment became one of the motivations behind Mozilla's new MDN MCP Server , a tool designed to give AI assistants direct access to MDN documentation and browser compatibility data. More importantly, Mozilla didn't just launch the service—they tested whether it actually improves the quality of AI-generated answers. The results are worth paying attention to. The Real Problem Isn't Hallucination When discussions about AI reliability come up, the conversation usually focuses on hallucinations. But browser compatibility is a slightly different problem. The web platform evolves continuously. Browsers ship new APIs, CSS features, HTML capabilities, and compatibility updates every few weeks. Specifications change, Baseline statuses evolve, and features that were experimental yesterday can become production-ready tomorrow. Large language models, on the other hand, are trained on snapshots of information. Even highly capable models can only know what was available when they were trained. When they're asked about something that appeared later—or something that wasn't widely represented in their training data—they often hav
AI 资讯
Day 32 of Learning MERN Stack
Hello Dev Community! 👋 It is Day 32 of my continuous web development run, and today I jumped into a project that pushed my array manipulation and conditional logic to a whole new level: A complete Snake and Ladder Board Game using HTML5, CSS3, and Vanilla JavaScript! After building Rock Paper Scissors yesterday, I wanted to tackle a game that requires tracking persistent coordinate states across a 100-cell mathematical grid. 🛠️ The Game Architecture & Logic Breakdown Building this wasn't just about random numbers; it was about managing spatial transitions on a dynamic interface. Here is how I structured the core backend mechanics: 1. The 100-Cell Grid Layout Instead of manually hardcoding 100 divs inside my index file, I engineered the grid programmatically. I mapped out a loop running from 100 down to 1, building individual cell elements and using CSS Grid properties to wrap them perfectly into a standard 10x10 layout matrix. 2. Mapping Snakes & Ladders (The Jump Engine) To build the shortcuts and traps, I didn't write massive, messy if-else trees. Instead, I utilized a clean JavaScript Object Map tracking key-value pairs where the key is the trigger tile and the value is the destination tile: javascript const gameModifications = { // Ladders (Climbing up) 4: 14, 9: 31, 21: 42, 28: 84, 51: 67, 72: 91, 80: 99, // Snakes (Sliding down) 17: 7, 54: 34, 62: 19, 64: 60, 87: 36, 93: 73, 95: 75, 98: 79 };
AI 资讯
The exact math that made $40,000,000 out of Polymarket (Full roadmap)
While you're manually checking if YES + NO = 1 , quantitative systems are solving massive constraint satisfaction problems across thousands of correlated markets in milliseconds. The Hidden Reality of Prediction Market Arbitrage You see a market where YES is trading at $0.62 and NO at $0.33. You think: There's $0.05 of arbitrage here . You're right. What you don't see is that by the time you place both orders, professional systems have already: Scanned 17,000+ conditions Detected dozens of correlated mispricings Calculated optimal position sizes (with fees & slippage) Executed everything in parallel Moved on to the next opportunity Between April 2024 and April 2025, quantitative traders extracted $39,688,585 in guaranteed arbitrage profits from Polymarket. The top individual wallet made $2,009,631.76 across 4,049 trades — an average of $496 guaranteed profit per trade . This wasn't gambling. This was mathematics. Why Simple "YES + NO = 1" Checks Fail Most retail traders stop at basic price sum checks. That's not enough. Markets are logically dependent. Example: "Will Trump win Pennsylvania?" → YES: $0.48 "Will Republicans win Pennsylvania by 5+ points?" → YES: $0.32 If the second outcome happens, the first must be true. These dependencies create arbitrage opportunities that simple addition cannot detect. This is known as the marginal polytope problem — projecting prices onto the set of arbitrage-free probability distributions. The Scale of the Computational Challenge For any event with n binary conditions, there are 2ⁿ possible outcome combinations. 2024 U.S. elections: 305 markets → tens of thousands of pairs 2010 NCAA tournament: 63 games → 2⁶³ ≈ 9.2 quintillion combinations Brute force is impossible. Smart systems use constraints instead. Real example : Duke vs Cornell basketball market 7 possible win counts per team → 14 conditions. Instead of checking 16,384 combinations, 3 linear constraints were enough. Research found that 41% of 17,218 conditions showed sing
AI 资讯
Your Next.js API Route Is Leaking Diagnostics in Its 400 Responses
A data export endpoint dumps system diagnostics when it hits an invalid field. Feed it garbage, read the debug output, grab the flag. A data export feature lets you pick which profile fields to download. The UI only offers valid fields through checkboxes, so everything looks locked down. But the API behind it accepts arbitrary field names -- send it one it doesn't recognize, and instead of a clean error, it dumps full system diagnostics including internal feature flags. That's where the flag is. You'll bypass the frontend, hit the endpoint directly, and read what comes back. Lab setup Start the lab: npx create-oss-store@latest Or with Docker (no Node.js required): docker run -p 3000:3000 leogra/oss-oopssec-store The app runs at http://localhost:3000 . What you're targeting The app has a profile page at /profile with a Data Export tab. It lets users download their own data in JSON or CSV by selecting fields through checkboxes ( User ID , Email , Role , Address ID ) and clicking "Export Data". The UI looks safe -- you can only pick from a fixed set of valid fields, so there's no way to submit an invalid one through the browser. But that's just client-side validation. The endpoint behind it is POST /api/user/export , and it accepts a JSON body with two parameters: { "format" : "json" , "fields" : [ "id" , "email" , "role" ] } The fields value is an array of strings. The API checks each field against an allowlist. Valid fields? You get your data back. Invalid fields? The API throws an error -- and that error says way too much. Step-by-step exploitation 1. Log in You need an authenticated session. Use one of the seeded accounts: Email: alice@example.com Password: iloveduck Log in through the UI at /login , or grab a session cookie via curl: curl -c cookies.txt -X POST http://localhost:3000/api/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"alice@example.com","password":"iloveduck"}' 2. Explore the Data Export tab Go to /profile and click the Data Export
AI 资讯
Agent Accounts Quickstart in Node.js
Provisioning a working email mailbox from Node.js takes less code than the average OAuth callback handler. No consent screen, no token refresh job, no provider SDK — one fetch call returns a grant ID, and from there the mailbox sends, receives, and RSVPs to calendar invites. That's the pitch for Nylas Agent Accounts , hosted email-and-calendar identities you control entirely through the API. They're in beta, and the official quickstart promises a working account in under 5 minutes. The docs show it in curl; here's the same flow in JavaScript. What you need Two things: an API key, and a registered domain for the mailbox to live on. For testing, the zero-DNS path is a *.nylas.email trial subdomain registered from the Dashboard — addresses like test@your-application.nylas.email work immediately. For production you'd register your own domain (the Dashboard generates the MX and TXT records to publish, and verification is automatic once they propagate), but the trial domain is fine for this walkthrough. export NYLAS_API_KEY = "nyk_..." Create the mailbox The endpoint is POST /v3/connect/custom — the same Bring Your Own Auth route used for other providers — with "provider": "nylas" . Unlike OAuth providers, there's no refresh token in the body; just the address: const BASE = " https://api.us.nylas.com " ; const headers = { Authorization : `Bearer ${ process . env . NYLAS_API_KEY } ` , " Content-Type " : " application/json " , }; const res = await fetch ( ` ${ BASE } /v3/connect/custom` , { method : " POST " , headers , body : JSON . stringify ({ provider : " nylas " , settings : { email : " test@your-application.nylas.email " }, }), }); const { data } = await res . json (); const grantId = data . id ; // save this — every later call needs it That grantId is the whole handle. The mailbox behind it is live as soon as the response comes back, and it works with every existing endpoint — messages, drafts, folders, calendars, events, webhooks. One optional field deserves a menti
AI 资讯
android doze kills your react native background tasks--here's why and how to fix it
android doze kills your background tasks and nobody explains why properly been building a react native app that schedules stuff to run later. worked fine every time i tested it. shipped it, and it started missing schedules. only when the phone had been sitting idle for a while. never on my desk. took me way too long to figure out what was going on so writing it up here. what happens you schedule something for 1am. check logs next morning: 01:00:00 alarm fired 01:00:02 connected (while back grounded, 2 seconds) 01:18:xx the actual send ran the connection came up fine. in 2 seconds. while the phone was back grounded. but the code that was supposed to do something with that connection ran 18 minutes later when something else woke the phone up. why doze mode freezes javascript timers. setTimeout, setInterval, any polling loop on the js thread-all frozen. but native events (connection callbacks, lifecycle events, native module bridges) keep firing. i had a setInterval checking "are we connected yet" every second. doze froze that loop. the connection came up, nobody noticed for 18 minutes because the thing checking for it was asleep. the phone could do the work. my code just couldn't tell. stuff i tried that didn't fix it foreground service — keeps the process alive but doesn't unfreeze js timers. not the problem. more setTimeout/setInterval variations, literally the thing causing it. spent two days making the problem worse. HeadlessJS dropped in without changes compiled, never ran on newer RN. lost a few hours there. the actual fix move everything off timers. put your work directly in the event handler. instead of polling to check if you're connected: js // this is frozen by doze. don't. setInterval (() => { if ( isReady ()) doWork () }, 1000 ) do this : jsconnection . on ( ' status ' , ( state ) => { if ( state === ' connected ' ) { doWork ( job ) } }) native events survive doze. timers don't. that's the whole thing. for waking up at the right time — native AlarmManager
开发者
UI IP Toolkit - A standalone static visual catalog for CSS/JS components
UI IP Toolkit - A standalone static visual catalog for CSS/JS components I built UI IP Toolkit to solve my own workflow problem: I kept losing useful UI snippets (buttons, loaders, CTA blocks, glassmorphic cards, layout grids) across old projects and directories. Live site: https://ui-ip-toolkit.vercel.app/ GitHub Repository: https://github.com/ikerperez12/UI-IP-Toolkit-v4.0 Design Philosophy Zero dependencies: Raw HTML, CSS, and vanilla JS. No NPM packages, framework configurations, or build steps required. Copy-paste ready: Visual preview cards with one-click copy buttons for immediate use in any stack. Light/Dark mode: Clean design system focusing on micro-interactions, sleek gradients, and responsive layouts. Visual catalog: Catalog of gradients, buttons, fonts, loading states, hover treatments, glass surfaces, layout fragments, and UI patterns. How do you manage your personal code/CSS snippet collections? Hope this is useful to others!
AI 资讯
OTP Verification in Playwright Without Regex
Every developer who has written a Playwright test for OTP verification has written this line: const otp = email . body . match ( / \b\d{6}\b / )?.[ 0 ]; It works. Until it doesn't. The email body changes format. The OTP appears inside an HTML table. The sending service wraps it in a <span> . Your regex matches a phone number instead of the code. The test fails intermittently and you spend an hour debugging something that has nothing to do with the feature you're testing. The regex problem OTP extraction via regex is brittle by nature. You're pattern-matching against a string that your email sending service controls — not you. Any time the template changes, your tests break. Here's what a typical OTP test looks like today: import { test , expect } from ' @playwright/test ' ; import { ZeroDrop } from ' zerodrop-client ' ; const mail = new ZeroDrop (); test ( ' user can verify OTP ' , async ({ page }) => { const inbox = mail . generateInbox (); // 1. Trigger OTP send await page . goto ( ' /login ' ); await page . fill ( ' [data-testid="email"] ' , inbox ); await page . click ( ' [data-testid="submit"] ' ); // 2. Wait for email const email = await mail . waitForLatest ( inbox , { timeout : 15000 }); // 3. Extract OTP — the fragile part const otp = email . body . match ( / \b\d{6}\b / )?.[ 0 ]; if ( ! otp ) throw new Error ( ' OTP not found in email body ' ); // 4. Enter OTP await page . fill ( ' [data-testid="otp"] ' , otp ); await page . click ( ' [data-testid="verify"] ' ); await expect ( page ). toHaveURL ( ' /dashboard ' ); }); The test works — but line 14 is carrying all the risk. Change the email template and the test breaks. Add a phone number to the footer and the regex matches the wrong number. Send a 4-digit OTP instead of 6 and you need to update the pattern. OTP extraction at the edge ZeroDrop extracts OTPs before they reach your test. The Cloudflare Worker that catches incoming emails runs a pattern match on the plain-text body and stores the result alongsi
AI 资讯
ArrowJS Reaches 1.0, Recast as the First UI Framework for the Agentic Era
ArrowJS, developed by Justin Schroeder, is a reactive UI library that has reached its 1.0 release after three years in development. It utilizes core web technologies, avoids JSX and compilers. Notable features include an optional WASM sandbox for executing untrusted code. The framework's minimalism is highlighted by its reliance on three main functions: reactive, html, and component. By Daniel Curtis
开源项目
🔥 gildas-lormeau / SingleFile - Web Extension for saving a faithful copy of a complete web p
GitHub热门项目 | Web Extension for saving a faithful copy of a complete web page in a single HTML file | Stars: 21,579 | 84 stars today | 语言: JavaScript
开源项目
🔥 iptv-org / database - User editable database for TV channels.
GitHub热门项目 | User editable database for TV channels. | Stars: 1,432 | 11 stars today | 语言: JavaScript
开源项目
🔥 sindresorhus / eslint-plugin-unicorn - More than 200 powerful ESLint rules
GitHub热门项目 | More than 200 powerful ESLint rules | Stars: 5,045 | 3 stars today | 语言: JavaScript
开源项目
🔥 NaiboWang / EasySpider - A visual no-code/code-free web crawler/spider易采集:一个可视化浏览器自动化
GitHub热门项目 | A visual no-code/code-free web crawler/spider易采集:一个可视化浏览器自动化测试/数据采集/网页爬虫软件,可以无代码图形化的设计和执行爬虫任务。别名:ServiceWrapper面向Web应用的智能化服务封装系统。 | Stars: 44,072 | 20 stars today | 语言: JavaScript
开源项目
🔥 fmhy / edit - Make changes to FMHY
GitHub热门项目 | Make changes to FMHY | Stars: 10,140 | 44 stars today | 语言: JavaScript
AI 资讯
Day 31 of learning MERN Stack
Hello Dev Community! 👋 It is officially Day 31 — stepping straight into my second month of documented full-stack engineering! Fresh off the 30-day milestone yesterday, I decided to keep the engineering momentum high by building a classic browser game: Rock, Paper, Scissors using HTML5, CSS3, and vanilla JavaScript. After mastering API integration yesterday, today was about refinement—handling dynamic score states, tracking user choices, and creating a clean automated opponent engine. 🛠️ The Core Logic Architecture To make the game interactive and clean, I divided the code structure into distinct logical components: 1. Capturing User Selection I assigned the choices (rock, paper, scissors) to clickable image/div nodes in the layout. Instead of writing repetitive lines, I used a forEach array loop to attach an addEventListener("click", ...) to each choice, pulling the user's explicit selection instantly via DOM attributes. 2. The Computer's Automated AI Brain Since a computer cannot pick words, I mapped out an array of strings: ["rock", "paper", "scissors"] . I then utilized JavaScript's math utility library to generate a randomized index number: javascript const genCompChoice = () => { const options = ["rock", "paper", "scissors"]; const randIdx = Math.floor(Math.random() * 3); return options[randIdx]; };
开发者
Stop Rewriting UI Components for Every Project
Ever started a new project and found yourself rebuilding the same modal, dropdown, toast notification, tabs, and switches for the 20th time? I got tired of that. So I built UltraHTML , a lightweight UI library that gives you modern components with simple HTML and JavaScript, no framework required. Getting Started Include the CSS and JS files: <link rel= "stylesheet" href= "dist/ultra.css" > <script src= "dist/ultra.js" ></script> Initialize UltraHTML: Ultra . init (); Done. Buttons UltraHTML includes two button styles out of the box: ultra-button — a clean, modern button. ultra-button-wave — adds a wave/ripple-style interaction effect. Basic button: <button class= "ultra-button" > Simple Button </button> Wave button: <button class= "ultra-button ultra-button-wave" > Wave Button </button> Buttons use UltraHTML's default green theme, but because they're standard HTML elements, you can easily customize them with CSS. For example, here's a red button that displays a popup message: <button onclick= "Ultra.popupmsg('Hello from UltraHTML!')" class= "ultra-button ultra-button-wave" style= "background-color: red" > Show Popup </button> You can create buttons that match your site's branding without learning a separate theming system: <button class= "ultra-button" style= "background-color: #3b82f6;" > Blue Button </button> <button class= "ultra-button ultra-button-wave" style= "background-color: #f59e0b;" > Orange Button </button> <button class= "ultra-button ultra-button-wave" style= "background-color: #ef4444;" > Red Button </button> UltraHTML handles the styling and interactions while still giving you full control over how your buttons look. Modal Example Need to display important information? <script> window . addEventListener ( " load " , () => { Ultra . init (); Ultra . modal ({ head : " Important " , text : " You need to reset your password " , buttonText : " Reset " , buttonAction : ( modal ) => { console . log ( " Going to reset page... " ); modal . remove (); } }); }
AI 资讯
How to verify Gumroad license keys in an Electron app (and the 3 gotchas nobody warns you about)
If you sell a desktop app on Gumroad, it hands every buyer a license key. But Gumroad stops there — checking that key inside your app is entirely up to you. Here's how to do it properly in Node/Electron, plus the three traps that catch almost everyone. We'll use gumroad-license-lite, a tiny, zero-dependency, MIT-licensed helper (you can npm install it or just copy its ~120 lines). Turn on license keys in Gumroad On your product, enable "Generate a unique license key per sale," then grab your product_id (in the product settings / API). Every buyer now gets a key on their receipt. Verify a key const { verifyGumroadLicense } = require('gumroad-license-lite'); const result = await verifyGumroadLicense({ productId: 'YOUR_PRODUCT_ID', licenseKey, }); if (result.valid) { unlockApp(result.email); } result.valid is true only if the key is real and the sale wasn't refunded, disputed, or a cancelled subscription — not just "does this key exist," which is gotcha #1 below. Gate your app on launch You don't want to call Gumroad on every launch, and you want the app to survive a flaky connection. LicenseGate caches the result and re-checks periodically: const path = require('node:path'); const { LicenseGate } = require('gumroad-license-lite'); const gate = new LicenseGate({ productId: 'YOUR_PRODUCT_ID', storageFile: path.join(app.getPath('userData'), 'license.json'), recheckEveryDays: 3, offlineGraceDays: 14, }); // on your activation screen: await gate.activate(userEnteredKey); // on every launch: const status = await gate.check(); if (!status.licensed) showActivationScreen(); The 3 gotchas "Valid" isn't the same as "exists." A refunded or charged-back sale still has a real, working key. If you only check that the key exists, people can buy, copy the key, refund, and keep your app forever. Always check the refund / dispute / subscription flags (the helper above does this for you). The uses counter is global, not per-device. Gumroad tracks a uses count, but it can't tell you which
AI 资讯
Solstice Cipher: a light-routing puzzle for the June Solstice Game Jam
This is a submission for the June Solstice Game Jam . What I Built Solstice Cipher is a small browser puzzle game about the longest day, code-breaking, and the turning point between signal and shadow. The player rotates mirrors to route a solstice beam through every cipher node before landing on the final beacon. Each level is a tiny circuit of light: if the beam misses a cipher gate, the beacon does not unlock. The game is inspired by a few June themes from the challenge prompt: the June solstice and the long arc of daylight light versus darkness turning points Alan Turing, code-breaking, and computational thinking Demo Demo video: watch in browser / direct MP4 Playable game: https://desciple88.github.io/solstice-cipher-devto-game-jam/ Source code: https://github.com/desciple88/solstice-cipher-devto-game-jam How It Works The game is a dependency-free HTML/CSS/JavaScript canvas app. The board is a 6x6 grid. A sunbeam enters from one side of the board, moves in one of four directions, and reflects when it hits a mirror: / turns east to north, south to west, and so on \ turns east to south, north to west, and so on Cipher nodes record whether the beam visited them. A level is solved only when the beam has touched all required cipher nodes and then reaches the beacon. Controls Click or tap a mirror to rotate it. Use Reset or press R to restart the level. Use Next or arrow keys to switch levels. Use Hint or press H if the path gets stuck. Why the Turing Angle I wanted the Alan Turing category to feel like part of the mechanics, not just a label. The player is effectively debugging a simple signal machine: change one reflector, trace the path, see which gates activated, and iterate until the message resolves. It is not an Enigma simulator, but it borrows the feeling of signal routing, symbolic gates, and systematic code-breaking. What I Used HTML CSS JavaScript Canvas 2D ffmpeg for the demo capture AI assistance was used while preparing the implementation and write-up. I
开源项目
🔥 gorhill / uBlock - uBlock Origin - An efficient blocker for Chromium and Firefo
GitHub热门项目 | uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean. | Stars: 65,471 | 32 stars today | 语言: JavaScript
开源项目
🔥 technomancer702 / nodecast-tv - A self-hosted web application that lets you stream Live TV,
GitHub热门项目 | A self-hosted web application that lets you stream Live TV, Movies, and Series from your Xtream Codes or M3U provider directly in your browser. It's built with performance in mind and handles large libraries smoothly. | Stars: 1,333 | 49 stars today | 语言: JavaScript