Claude Sonnet 4.5 & GitHub Under npm Attack

Welcome to Q4!

Three months left in the year, but the news isn’t slowing down. Claude Sonnet 4.5 just landed, GitHub is fighting npm worms, and Zalando mined thousands of postmortems to see if AI is faster at spotting failures.

Google published its new State of AI-Assisted Development survey, and the results show AI is helpful - for some. And if you’d rather start October with a laugh, the Ig Nobel Prizes are out. Now I know more about pasta physics than I ever expected.

On our side, we’ve put together something new: the Next.js Promptbook, a free collection of AI prompts we use in real projects. If you want faster planning and smoother debugging, you can grab your copy here.

Now, get your coffee, settle in, and enjoy this week’s Frictionless.

In the Queue

• OpenAI Takes on TikTok with New Sora App

• Shopify Open Source Takeover

• Why Companies Are Leaving Contentful

• Google DORA: 90% AI Adoption among Developers

• Why Skipping Junior Devs Hurts Your Company

• Building Forward-Deployed Teams

• CTO of Kong: Can API keep up with AI?

Reduce Friction

How to Stay Relevant as an Engineering Leader While Empowering Others

Handing out tasks isn’t empowerment. Real autonomy starts with trust and matching the right challenge to the right personality. This is where the PCM framework comes into play, and if you haven’t heard of it, you might be missing out.

Hiring Only Senior Engineers is Killing Companies

Junior devs today are the top performers of tomorrow. AI-native juniors with proper mentoring can contribute almost as quickly as seniors. Avoiding hiring them can only hurt your company in the long run.

How to Build Your First Forward Deployed Engineering Team

Here’s a recipe for a forward-deployed team: Put engineers in the field with customers, give them authority to solve problems on the spot, and then feed those solutions back into product. That’s how Palantir built its discovery engine, so let’s learn from their experience.

Shopify Forces Bundler and RubyGems Takeover

The biggest risks in open source aren’t always bugs. Sometimes it’s politics. Shopify leaned on Ruby Central to take control of RubyGems, locking out maintainers who’d been building it for over a decade.

Deepen Your Expertise

Why Teams Move from Contentful to Sanity (And How to Do It Right)

I sat down with our CTO, Jakub Dakowicz, to chat about the biggest reason why many teams are moving away from Contentful: their pricing. We also walk through how a migration to a headless CMS like Sanity works, step by step, and share some of the things we’ve learned along the way.

Dead Ends or Data Goldmines? Zalando's Investment Insights from Two Years of AI-Powered Postmortem Analysis

Zalando built a multi-stage LLM pipeline to mine thousands of postmortems, testing if AI could spot recurring failure causes faster than humans. It worked: reviews that once took days are now finished in hours, but not without human help. Their conclusion: skip the “one big model” hype, use smaller verifiable steps, and keep people in the loop.

GitHub: Our Plan For a More Secure npm Supply Chain

The recent "Shai-Hulud" worm hit 500+ npm packages by stealing GitHub tokens and self-replicating through post-install scripts, but it wasn’t the first or last of its type. The web is under attack, and GitHub is preparing to protect your repos. Check their new strategy.

As Your AI Gets Smarter, So Must Your API

AI agents are hammering APIs at unprecedented volume, and 72% of tech leaders say they’ll increase LLM use in the next year. Marco Palladino, CTO of Kong, explains how businesses can prepare, why MCP protocols matter, and what’s needed to keep these new systems safe and reliable.

AI Corner

The 2025 DORA Report: State of AI-Assisted Software Development

The 2025 DORA report is in, and you should give it a read. AI is now used by 90% of developers, with more than 80% seeing productivity gains. But Google’s new report shows a hard truth: AI doesn’t make weak teams stronger. Those with solid platforms, fast feedback loops, and clear workflows will benefit from AI the most.

Introducing Claude Sonnet 4.5

Claude Sonnet 4.5 is Anthropic's biggest update yet. It promises better coding, reasoning, and a full Agent SDK that powers Claude Code. It can work on tasks for 30+ hours, runs in VS Code, creates files in chat, and more! Have you tried it out?

How AI Supports Me as a Project Manager

Can AI replace project managers? No, but it can make them far more powerful. Adrian from my team shared how he uses AI to cut time spent on reports, documentation, and other routine tasks. I bet there’s something in there you can use, too.

OpenAI Is Launching The Sora App, Its Own TikTok Competitor, Alongside The Sora 2 Model

Sora 2 takes AI video up a notch with more photorealism. Now you can drop yourself into a clip with a quick cameo, and the new Sora app, complete with a social feed, lets you remix, and share AI-generated videos tailored to what you like.

Just Cool

Meet the 2025 Ig Nobel Prize Winners

Zebra-striped cows, pasta physics, and pizza-loving lizards… the 2025 Ig Nobel Prizes celebrate science at its quirkiest. These anti-Nobels honor discoveries that make you laugh AND think.

Let’s Stay in Touch! 📨 

Do you have any comments about this newsletter issue or questions you want to ask? Drop me a message or book a meeting.