Clarkio
LightNews LightNews
banner
clarkio.com
Clarkio
@clarkio.com
1K followers 190 following 220 posts
Web dev and app sec things. Here for community, fun and learning. Not here to accrue numbers or influence you.
Posts Replies Media Videos
clarkio.com
Can your AI code gen model/tools of choice generate a proper Content Security Policy that allows everything to still work properly?
November 6, 2025 at 3:47 PM
clarkio.com
AI is transforming how we build, deploy & secure software.

Learn how to empower innovation without compromising security at #DevSecCon, the Global Community Summit on AI Security.

Details:
💻 Virtual
🗓️ Oct 22, 2025
🔗 snyk.io/events/devseccon
The DevSecCon 2025 logo above large white text on a purple gradient background that reads “Securing the Shift to AI Native.” Below, smaller white text says “October 22, 2025 - Virtual.”
October 15, 2025 at 5:03 PM
clarkio.com
If you’re using Windsurf and not adding MCP servers you’re missing out on serious power.

I’ll show you how to add them from the store and manually (including Snyk!)

Full video 👇
youtu.be/exGudnPb9Bo
A smiling clarkio wearing a backward black Snyk cap and a black shirt with the Snyk logo, pointing to text on the right that says 'Manage MCP servers' with a visible 'snyk Configure' button. Large bold text at the top reads 'MCP SERVERS IN WINDSURF' in blue and purple gradient. On the left, there’s the Windsurf logo with teal curved lines on a dark background, all set against a bright purple and blue gradient backdrop.
October 13, 2025 at 5:38 PM
clarkio.com
I asked Claude Sonnet 4.5 to build a secure Node.js note taking app from scratch. The results surprised me!

Watch here 👇
youtu.be/YBl0BR3fgjA
Clarkio wearing a backward black Snyk cap looking surprised, set against a bright purple and blue background. To his right is an editor window titled 'SECURITY_REPORT.md' displaying a Markdown document describing a 'production-ready, security-hardened Node.js notes application.' Above him is the orange starburst logo for Anthropic, and bold gradient text at the bottom reads 'BEST IN THE WORLD?!' in blue and purple letters.
October 7, 2025 at 3:33 PM
clarkio.com
Stop using .env files for your API keys. They’re not safe anymore.

Here’s why and what to do instead 👇
youtu.be/pcbRwwaCPUg
Clarkio with a thoughtful face wearing a backwards Snyk cap, resting his chin on his hand. At the top is a code editor showing .env, package.json, and index.js tabs, with code that logs API_KEY from process.env. To the right is a tweet screenshot that says 'Cursor steals your dev creds,' with a red arrow pointing at it. At the bottom, bold red text reads '.ENV IS BAD' against a purple background.
September 29, 2025 at 8:52 PM
clarkio.com
Spec-driven development + AI = the future? 🤔

I explored Amazon’s new Kiro IDE paired with Claude Sonnet 4 to find out.

Watch and tell me if you’d code like this 👇
🎥 youtu.be/YpB1QS58KZE
Bright thumbnail image featuring a surprised clarkio on the left side, with wide eyes and open mouth. The background is a vibrant mix of purple and pink hues with binary code pattern. Bold text at the top reads 'SPEC DRIVEN DEVELOPMENT' in blue and white. On the right, a UI screenshot shows two options: 'Vibe' and 'Spec,' with the 'Spec' option highlighted, which says 'Plan first, then build. Create requirements and design before coding starts.' A red arrow points to the highlighted option.
September 22, 2025 at 4:53 PM
clarkio.com
We’re in the wave of spec-driven development now.
September 19, 2025 at 1:16 AM
clarkio.com
I put Replit to the test and was honestly shocked by the outcome. If you care about what AI coding tools can (and can’t) do, you’ll want to see this.

📹👉 youtu.be/gHGB3kptH_s
On the right-hand side is text in bold letters "This is crazy!" overlayed on the Replit logo. Above that is a screen shot of the application that was built in the video. On the left-hand side is an image of clarkio smiling. The background is a gradient from purple to blue with circuit lines and 1's and 0's
September 15, 2025 at 3:48 PM
clarkio.com
This has been a fun loop🤪

Agent: Everything is done let me run the app
Terminal: App running
Agent: Perfect! Let me test it with curl
*kills app for curl*
Agent: Let me start the server again and test it
Terminal: App running
Agent: Perfect! Let me test it with curl
August 27, 2025 at 1:46 AM
clarkio.com
When it comes to AI/LLMs I aim to have a balanced perspective on it. There are times I'm delighted by what they do and other times I'm unimpressed. Today I felt a bit unimpressed...
August 14, 2025 at 2:38 PM
clarkio.com
Giving Claude Opus 4.1 a go at writing a secure app ↙️

youtu.be/ELSl0RmFxLg?...
Clarkio in the forefront thinking with a screen shot image of JSON showing project dependencies and bold text of "Claude Opus 4.1"
August 12, 2025 at 8:23 PM
Reposted by Clarkio
brianvermeer.nl
How to Add MCP Servers to VS Code by @clarkio.com youtu.be/50tkvZhOVqM?...
How to Add MCP Servers to VS Code (with GitHub Copilot)
In this tutorial, I’ll walk you through the step-by-step process of adding MCP servers to Visual Studio Code using GitHub Copilot. Whether you’re setting up your first MCP server or integrating…
youtu.be
August 6, 2025 at 8:28 AM
Reposted by Clarkio
lirantal.com
y'all are sleeping on npq ✨

Step 1:
$ npm install -g npq
$ alias npm="npq-hero"
Step 2:
*no more malicious packages hurting you ;-)

*well, much lower risk based, nothing is absolute
August 3, 2025 at 9:13 AM
clarkio.com
Reading code is becoming even more valuable than writing it.
April 19, 2025 at 2:28 PM
Reposted by Clarkio
vscode.dev
VS Code Live: Agent Mode Day is tomorrow, April 16th!

And we've got a special guest joining us - @wesbos.com will be closing out the stream with a live coding session! You won't want to miss this.

Stream starts at 9 AM PT: youtube.com/live/HNly8eN...
A thumbnail with a dark background and a picture of Wes Bos in the top right. The thumbnail reads "Agent Mode Day with Wes Bos" and says "VS Code Live" in the bottom left
April 15, 2025 at 10:00 PM
Reposted by Clarkio
vscode.dev
Agent mode is rolling out to all users!

🔁 Autonomous code editing
🔍 Full codebase awareness
💬 Built in tools for codebase search, terminal, fetching website content and more

All extensible via MCP & VS Code Extensions. All available today.

Learn more:
Agent mode: available to all users and supports MCP
Agent mode is now available to all users and supports MCP.
code.visualstudio.com
April 7, 2025 at 3:02 PM
Reposted by Clarkio
lirantal.com
haha Brian is just hilarious 😂
checkout the new video about Claude 3.7 and whether it's actually better for generating secure code: www.youtube.com/watch?v=zM8c...
March 4, 2025 at 7:00 AM
Reposted by Clarkio
httparchive.org
We've just published the 19th and final chapter of the 2024 Web Almanac on JavaScript by Abdul Haddi Amjad and Nishu Goel.

almanac.httparchive.org/en/2024/java...
JavaScript | 2024 | The Web Almanac by HTTP Archive
JavaScript chapter of the 2024 Web Almanac covering the usage of JavaScript on the web, libraries and frameworks, compression, web components, and source maps.
almanac.httparchive.org
March 3, 2025 at 8:37 PM
Reposted by Clarkio
vscode.dev
Agent mode (preview) is here for GitHub Copilot in VS Code!

In agent mode in Copilot Edits, Copilot can now iterate on its own output, execute terminal commands, and even self-heal from runtime errors.

Try it in VS Code Insiders: https://code.visualstudio.com/updates/v1_97#_agent-mode-experimental
A thumbnail with a purple background, a 3d version of the GitHub Copilot logo in the foreground, and the words "GitHub Copilot agent mode"
February 8, 2025 at 9:59 PM
Reposted by Clarkio
deno.land
@jsr.io is now openly governed — meet its board members and check out its governance charter 👇

deno.com/blog/jsr-ope...
Introducing the JSR open governance board
JSR, a modern open source JavaScript registry, is meant for the greater JavaScript and TypeScript community. We're thrilled to announce its own independent governing body.
deno.com
February 3, 2025 at 6:18 PM
clarkio.com
Folks making videos, don't tell your audience to leave a comment/question where you'll reply with your answer and then don't reply to any of them.

Of course, there are some exceptions to this like trolls or hate comments...
January 27, 2025 at 6:47 PM
clarkio.com
Does anyone here enjoy the game "Words on Stream" and tune in to streamers playing that or channels that run it 24/7?

Link to the game for those not familiar with it: wos.gg
WOS - Words On Stream
Words On Stream, the free game that will boost your live streams on Twitch or YouTube
wos.gg
January 20, 2025 at 5:24 PM
clarkio.com
I was walking and talking on a call and my back just randomly goes out. Short quick sharp shot in the back. Boom! Ow! What the heck?!
January 8, 2025 at 4:02 PM
clarkio.com
Today has been a good "catch up from the break" day while also sticking to my routine. Feeling good 💪
January 6, 2025 at 9:51 PM
Reposted by Clarkio
brianvermeer.nl
Securing your GitHub repo is critical! Here are 10 tips:
• Enable 2FA 🔒
• Limit access 👥
• No secrets in code ❌🔑
• Scan w/ Snyk 🛠️
• Audit logs 🔍
• Automate updates ⏩
• Protect branches ✅
• Rotate tokens 🔄
• Enforce signed commits ✍️
• Train your team 🌱

More tips:
10 GitHub Security Best Practices | Snyk
Learn more about 10 GitHub Security Best Practices to be more secure as a GitHub user or contributor.
buff.ly
January 6, 2025 at 3:04 PM