Typescript

Hono is a ~14KB TypeScript web framework that runs on every modern JavaScript runtime with the same API. Write your routes once and ship to Bun , Deno , Cloudflare Workers , Node.js , AWS Lambda , Vercel Edge, Fastly Compute, or Netlify. No code changes needed. Hono builds on Web Standard APIs (Request, Response, fetch), which makes it small, fast, and far lighter than Express . It ships with middleware, validation, RPC, and streaming. The current stable release is v4.12.

The Language Server Protocol (LSP) lets you write language smarts once and use them in every editor. You build one server that handles autocomplete, diagnostics, hover docs, and go-to-definition. Then you plug it into VS Code, Neovim, Helix, Emacs, or anything else that speaks LSP. This walkthrough shows how to build an LSP server in TypeScript for a custom .config file format, from setup through multi-editor support.

What the Language Server Protocol Actually Is

Before LSP, editor support for a language meant writing a separate plugin for every editor. Want Python support? Write a VS Code extension, an Emacs mode, a Vim plugin, a Sublime plugin. Each one redoes parsing, diagnostics, and completion from scratch. With N editors and M languages, that’s N*M plugins to maintain.

Passkeys swap passwords for a public/private keypair kept in the device keychain and unlocked by Face ID, Touch ID, or Windows Hello. The WebAuthn API does the crypto work, while @simplewebauthn/server version 13.3.0 covers Node, Bun, and Deno backends. Sign-up, autofill login, and account recovery all fit in one evening of work.

What Passkeys Actually Are and Why 2026 Is the Year to Ship Them

A passkey is a public/private keypair made on the user’s device. The private key never leaves the secure enclave (Secure Enclave on Apple hardware, StrongBox on Android, TPM on Windows). Only a signed challenge travels over the wire. Your server stores no shared secret to steal and no hash to crack offline. The signature is bound to your domain, so it can’t be phished. If a user visits examp1e.com instead of example.com, the browser refuses to sign. Credential phishing ends at the protocol layer.

One missing line in a build config caused the worst source leak in AI tooling history. On March 31, 2026, Anthropic shipped version 2.1.88 of its @anthropic-ai/claude-code package with a 59.8 MB JavaScript source map inside. That map held the full client agent harness for Claude Code : 512,000 lines of readable TypeScript in 1,906 files. Mirrors of the code spread thousands of times in hours. A clean-room Python/Rust rewrite then became the fastest-growing repo in GitHub history. Anthropic’s legal response hit the wrong targets. The day got worse: a supply-chain attack hit the axios npm package, piling on for devs who rely on these tools.