Better Dev Link
Issue 284 - Mar 30, 2026
Hi all,
Trivy is a security scanner to find vulnerabilities, misconfigurations, secrets and very widely used. Imagine, Trivy got under attack itself. Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
Then last week, two versions of the litellm Python package on PyPI were found to contain malicious code.
All of that just mean we need to be extra triple careful when dealing with any external dependenies. Any external dep is a liability. In this issue we had included 2 tools that hopefully will allow us to run those app in sandbox instead.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
Let’s be honest: your test suite is probably lying to you. You’ve got green checkmarks in CI, 80% coverage, and your last deploy still broke the checkout flow on mobile.
The problem isn’t that you’re bad at testing. It’s that test maintenance is a full-time job nobody wants, and the coverage you think you have is mostly happy paths you already tested manually. Meanwhile, your users are the ones discovering the real bugs.
Autonoma takes a different approach. Instead of making you write and maintain test scripts, it runs AI agents that navigate your web and mobile apps like real users: clicking through forms, testing edge cases, handling state transitions, all in parallel across hundreds of browsers and devices.
The best thing? If after 30 days a bug reaches production, we will refund you the money.
An incredible story of someone dived into electronics design with almost zero prior experience. Their goal was ambitious: build an FPGA-based device capable of booting Linux, connecting to a screen and keyboard, and allowing me to write and compile code directly on the machine itself.
Most people who work with PostgreSQL eventually learn two commands for query tuning: EXPLAIN and EXPLAIN ANALYZE. In this post we’ll take a look at a few of those lesser-known options.
When you run PostgreSQL on a high-performance server with a lot of RAM, one of the most overlooked performance tunings is Huge Pages. Understanding and configuring Huge Pages correctly can significantly improve performance, especially for databases with large shared memory requirements.
Anyone who operate Postgres with high write will need to handle and optimize WAL and AutoVacuum. We can defer these job to AI, but it’s better to understand all the knowledge.
Whatever the reason, if you’re a psql command-line user, Ctrl-C is in your muscle memory. So now you’re looking at the words Cancel request sent, followed shortly after by the not-really-an-error message ERROR: cancelling statement due to user request. But what’s going on behind the scenes?
In 2024, the Online Data Stores team at Netflix conducted a comprehensive review of the relational database technologies used across the company, and decide to standardize on Amazon Aurora PostgreSQL as the primary relational database offering for Netflix teams.
Switching from Rust to TypeScript make the code faster. Not because Rust is slow, or TypeScript is fast. But simply the code to serialize/unserialize the object back and forth when passing between both world outweight the performance gain.
Developers have never been shy about disliking certain React APIs. They feel awkward, restrictive, or just plain counterintuitive. But the reality is that the two most complained‑about design choices in React weren’t arbitrary at all — they were early signs of deeper constraints that every UI model eventually runs into
Imagine the ability to inject the JS code, and run it on any webpage whenever you click a bookmark, and it acts on the urrent page? That’s what Bookmarklet is
Code to read
drop-in replacement for Nokogiri. It’s 4.7x faster at parsing HTML and up to 1352x faster at CSS selectors.
RubyTools
Sandbox your local AI agents so they can read/write only what they need
Running Node apps inside a WebAssembly Sandbox
Pure-Go implementation of JSONata 2.x for high-throughput streaming evaluation. And the story of re-impelment it in Go with AI saves the compnay $500k USD per year
Pluggable linting tool to prevent committing credential.
A Postgres TUI client that utilizes your terminal text editor for inserts & updates
SQL static analyzer for performance, security, compliance and cost. 272 rules. Completely offline. Works in CI pipelines.
A PostgreSQL extension that captures per-query execution telemetry and exports it to ClickHouse in real-time. Unlike pg_stat_statements which aggregates statistics in PostgreSQL, pg_stat_ch exports raw events to ClickHouse where aggregation happens via ClickHouse’s powerful analytical engine.
Go LSP helper library support 3.17 of the LSP specification
Self Hosted
Apache Kafka® compatible broker with S3, PostgreSQL, SQLite, Apache Iceberg and Delta Lake
Open-source alternative to Railway, Vercel and Heroku
Open Source Alternative to Vercel, Netlify and Heroku.
A container platform that needs no Kubernetes learning, Build, deploy, assemble, and manage apps on Kubernetes, no K8s expertise needed, all in a graphical platform.
Open-source app that replaces your scattered SaaS tools with a single self-hosted workspace. Mail, boards, docs, chat, and more — all under your control.
The open source AI coding agent.
