Inject web platform expertise, best practices, and modern API patterns directly into your AI coding agents.

Modern Web Guidance is an agent skill (aka SKILL.md) with a CLI that helps coding agents build better web applications using modern, high-performance, accessible, and secure APIs instead of legacy workarounds.

• Modern Web Guidance @ GitHub.

What a good website does.

A platform-agnostic specification of the technical features every decent website should have — from <title> to /.well-known/security.txt, from WCAG contrast to llms.txt. Written for humans and agents.

• The Website Specification @ GitHub.

🛡️ Dependency cooldowns are cool!

• Dependency Cooldowns @ GitHub.

AI agent rules / skills distilled from software engineering books. Inspired by Clean Code, Refactoring, DDD, Clean Architecture and DDIA programming books.

Markdown rule sets for coding agents. Use mini or full as focused skills when a task needs a book's decision pressure, and keep nano for tiny always-on context.

-AI agents Rules / Skills from Programming Books @ GitHub.

How to disable JavaScript in your browser.

Nowadays almost all web pages contain JavaScript, a scripting programming language that runs arbitrary code, through the web browser, on the visitor's computer. It is supposed to make web pages functional for specific purposes but it has proven its potential to cause significant harm to users time and time again:

Collection of npm package manager Security Best Practices.

Shai-Hulud, Nx and other incidents are a growing concern of supply chain security attacks and compromised npm packages. Follow these developer security best practices around npm, package maintenance and secure local development to mitigate security risks.

practice makes claude perfect

A compiled list of links to public failure stories related to Kubernetes. Most recent publications on top.

Related contents:

• Building Kubernetes Infrastructure That Survives Production @ DevOps digest.

Implementing Open Source Security Tooling into your CI/CD Pipeline

Securing your Continuous Integration and Continuous Deployment (CI/CD) pipeline is no longer optional—it’s essential. This guide is your go-to resource for building, implementing, and optimizing secure CI/CD workflows. Whether you’re a developer, DevOps engineer, or security professional, we provide information on the open-source tools and guidance you need to model security at every stage of your pipeline. From securing code and builds to monitoring post-deployment environments, our hub empowers teams to integrate security seamlessly into their workflows without sacrificing speed or agility. Explore, learn, and transform your CI/CD processes into a fortress of innovation and resilience.

• CI/CD Cybersecurity Guide @ GitHub.

Related contents:

• Blueprinting Security in CI/CD: Building Trust Through Open Source @ CD Foundation.

Types are the contract between services, docs are not.

Kubevious (pronounced [kju:bvi:əs]) is a suite of app-centric assurance, validation, and introspection products for Kubernetes. It helps running modern Kubernetes applications without disasters and costly outages by continuously validating application manifests, cluster state, and configuration. Kubevious projects detect and prevent errors(typos, misconfigurations, conflicts, inconsistencies) and violations of best practices. Our secret sauce is based on the ability to validate across multiple manifests and look at the configuration from the application vantage point.

• Kubevious @ GitHub.

pinact is a CLI to edit GitHub Workflow and Composite action files and pin versions of Actions and Reusable Workflows. pinact can also update their versions and verify version annotations.

If you build software, keep a changelog. Don’t let your friends dump git logs into changelogs.

• Keep a Changelog @ GitHub.

Related contents:

• The importance of a good changelog @ WordPress Developer Blog.

A friendly guide to front-end date pickers!

Your language isn’t broken, it’s doing floating point math. Computers can only natively store integers, so they need some way of representing decimal numbers. This representation is not perfectly accurate. This is why, more often than not, 0.1 + 0.2 != 0.3.

Related contents:

• 🧪 Pourquoi 0.1 + 0.2 != 0.3 en PHP ? Et pourquoi BCMath mérite notre attention. @ Julien Blairy's LinkedIn :fr:.

How to stay safe from NPM supply chain attacks.

The NPM ecosystem is no stranger to compromises, supply-chain attacks, malware, spam, phishing, incidents, or even trolls. In this repository, I have consolidated a list of information you might find useful in securing yourself against these incidents.

Sortez couvert·es est un site qui donne des conseils juridiques et des rappels légaux sur l’usage du numérique, dans l’optique de protéger ses utilisateurices dans des situations d’urgence, de stress, comme nous pouvons les vivre au moment de grèves ou de manifestations.

Related contents:

• 3 applis pour le 18 septembre et après @ La Quadrature du Net :fr:.

This document is an attempt to systematically describe best practices using Terraform and provide recommendations for the most frequent problems Terraform users experience.

• Terraform Best Practices @ GitHub.

nix-env was built as a tool for Nix as a way to manage packages in a traditional (imperative) fashion. It tries to bridge the gap between the imperative and declarative world. A replacement for the venerable "just sudo apt install <A nything>". As a result of its design, it often causes unexpected behaviour. This page is dedicated to explaining what its issues are and what to use instead.

A Periodic Table of System Design Principles.

System design is often taught through solutions specific to particular domains, such as databases, operating systems, or computer architecture, each with its own methods and vocabulary. While this diversity is a strength, it can obscure cross-cutting principles that recur across domains. This paper proposes a preliminary taxonomy of system design principles distilled from several domains in computer systems. The goal is a shared, concise vocabulary that helps students, researchers, and practitioners reason about structure and trade-offs, compare designs across domains, and communicate choices more clearly.

A Comprehensive Online Catalog of Code Smells.

• Code Smell Catalog @ GitHub

Principles for building reliable LLM applications.

What are the principles we can use to build LLM-powered software that is actually good enough to put in the hands of production customers?

Patterns and techniques for writing high-performance applications with Go.

This library intends to provide tools for storing and using monetary values in an easy, yet powerful way.

This is a PHP implementation of the Money pattern.

• Money for PHP @ GitHub.

Make your keepass more secure using the not very-well known KeePass enforced configuration file.

Related contents:

• Comment durcir la configuration de KeePass ? @ IT-Connect :fr:.

What matters is the amount of confusion developers feel when going through the code. Confusion costs time and money. Confusion is caused by high cognitive load. It's not some fancy abstract concept, but rather a fundamental human constraint.

Since we spend far more time reading and understanding code than writing it, we should constantly ask ourselves whether we are embedding excessive cognitive load into our code.

Cognitive load is how much a developer needs to think in order to complete a task.

An open-source guide to help you write better command-line programs, taking traditional UNIX principles and updating them for the modern day.

• "Rules" that terminal programs follow @ Julia Evans.

Ce projet rassemble les trucs et astuces, bonnes pratiques et retours d'expérience des organisatrices et organisateurs de conférences. Après plusieurs années d'existence et d'événements enrichissants, nous avons souhaité centraliser ce savoir accumulé.

Momentum (aka. smooth or inertia) scrolling plugins (which in use can be seen on this website), while marketed as enhancements, are a plague upon the internet. They disrupt the natural, efficient, and predictable web browsing experience in countless ways, by often degrading usability, accessibility, and performance. Here are ten reasons why they ruin the web for everyone.

Independent Privacy & Security Resources. The collaborative privacy advocacy community. Protect your data against global mass surveillance programs.

Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. Our mission is to inform the public about the value of digital privacy, and global government initiatives which aim to monitor your online activity. We are a non-profit collective operated entirely by volunteer team members and contributors. Our website is free of advertisements and not affiliated with any of the listed providers.

• Privacy Guides @ GitHub.

A consistent code style guide for SQL to ensure legible and maintainable projects.

• SQL style guide @ GitHub.

Open source software is made by people just like you. Learn how to launch and grow your project.

• Open Source Guides @ GitHub.

Open-source best practices for protecting a secure, sensible cloud platform.

Your Quick Reference to Cloud Best Practices. An open-source collection of cloud infrastructure best practices, for bootstrapping your own cloud platform.

• Cloud Guardrails @ GitHub.
• Reasonable 🔐AppSec #74 - The absence of vulnerability, Five Security Articles and Podcast Corner @ Reasonable Application Security.

A model set of guidelines for RESTful APIs and Events, created by Zalando

• Developing Restful APIs: A Comprehensive Set of Guidelines by Zalando @ GitHub.

The CIS Benchmarks™ are prescriptive configuration recommendations for more than 25+ vendor product families. They represent the consensus-based effort of cybersecurity experts globally to help you protect your systems against threats more confidently.

Unix operating systems and derivatives, including GNU/Linux, are playing an important role in the ecosystem of equipments, systems, networks and telecommunications. They are widely deployed in several equipments. This guide focuses mainly on generic system configuration guidelines and on common sense principles that need to be applied during the deployment of hosted services.

Laravel best practices

240 règles pour améliorer vos sites et mieux prendre en compte vos utilisateurs - Version 4 - 2020-2025

Open Initiative for Process Specifications.

The open source community is collaborating to establish common specifications for secure software development based on open source best practices.

• New Open Initiative for Cybersecurity Standards @ Python Software Foundation's Blogspot.

Efficient and consistent CI/CD with Kubernetes.

A solution for implementing efficient and consistent software delivery to Kubernetes facilitating best practices. werf is a CNCF Sandbox CLI tool to implement full-cycle CI/CD to Kubernetes easily. werf integrates into your CI system and leverages familiar and reliable technologies, such as Git, Dockerfile, Helm, and Buildah.

• werf @ GitHub.

best web technical practices dashboard.

DashLord @ GitHub.

UI/UX animation emphasizes the details to which users should pay attention, helping them navigate the site.

The Node.js best practices list

There’s a lot of outdated information on the Web that leads new PHP users astray, propagating bad practices and insecure code. PHP: The Right Way is an easy-to-read, quick reference for PHP popular coding standards, links to authoritative tutorials around the Web, and what the contributors consider to be best practices at present.

PHP: The Right Way @ GitHub.

Make a README Because no one can read your mind (yet)