CSS Anchor Positioning is a browser-native feature that pins any absolutely-placed element to another element in the document. No JavaScript required. With the anchor() function, position-anchor property, and @position-try rules, you can build tooltips, dropdown menus, and context menus in pure CSS and HTML. It now works in Chrome 125+, Firefox 132+, and Safari 18.2+, which covers about 91% of browser traffic. Pair it with the HTML popover attribute (Baseline 2024) and you get show/hide toggling, keyboard dismissal, and top-layer stacking for free. The JavaScript tooltip library is dead for most use cases.

You implement OAuth 2.0 login by using the Authorization Code flow with PKCE (Proof Key for Code Exchange). Your web app redirects the user to the provider’s authorization endpoint with a code_challenge, the user authenticates and consents, the provider redirects back with an authorization code, and your backend exchanges that code along with the code_verifier for an access token. PKCE is mandatory for all OAuth 2.0 clients under the OAuth 2.1 draft specification (currently at draft-ietf-oauth-v2-1-15) and eliminates the need for a client secret in public clients. Building this from scratch - without Auth0, Clerk, or NextAuth - takes roughly 200 lines of code and teaches you exactly how token exchange, session management, and token refresh actually work.

Tailwind CSS v4 is a ground-up rewrite. The JavaScript-based PostCSS plugin is gone, replaced by a Rust-powered engine called Oxide. Configuration moves from tailwind.config.js into CSS-native @theme directives. Full builds run up to 5x faster, incremental builds over 100x faster. The entry point is now a single @import "tailwindcss" line instead of three separate @tailwind directives. Most v3 projects can migrate in under an hour using the official @tailwindcss/upgrade codemod, but knowing what actually changed - and why - prevents surprises during the transition.

By subsetting a variable font with pyftsubset to include only the Unicode ranges and OpenType features your site actually needs, and serving it as a WOFF2 file with the CSS unicode-range descriptor, you can reduce web font payload by 70-85%. A typical setup drops a 300 KB variable font to under 40 KB while keeping full weight and italic axis support for every glyph you actually use. This post walks through the entire process from font selection to CI integration.

A WebSocket-based real-time chat needs two pieces: a server that holds persistent connections and broadcasts messages between clients, and a browser client that opens a WebSocket connection, sends messages on form submit, and renders incoming messages in the DOM. Using Node.js with the ws library and vanilla JavaScript on the client - no React, no Socket.IO, no build step - the complete implementation is under 150 lines of code and handles dozens of simultaneous connections on commodity hardware. This tutorial walks through the entire build.

You can expose a local development server to receive webhooks from services like GitHub, Stripe, or Twilio by running cloudflared alongside a FastAPI application. This eliminates port forwarding, public IPs, and paid ngrok subscriptions entirely. Cloudflare Tunnels create an outbound-only encrypted connection from your machine to Cloudflare’s edge network, which then proxies incoming webhook requests back to your local FastAPI endpoint with full TLS, automatic reconnection, and zero firewall changes.