npm Breach Hits Millions: Largest Supply Chain Attack Ever

Hello!
In my experience, tech leadership is about spotting shifts before they hit the front page.

This week we’ve got three that matter: a single maintainer’s mistake exposed millions in the largest recorded supply chain attack. Cloudflare’s CEO is taking direct aim at Google’s crawling model, and Microsoft is taking a step back from its partnership with OpenAI.

On the technical side, Shopify shows how to migrate in React Native without users noticing, and the New York Times shares their recipe for disciplined API management.

And my top pick: an interactive that shows AI pays off not in the code, but in the 84% of work surrounding it.

Ready? Then grab your coffee and let’s get into Frictionless.

In the Queue

• SEO- Safe CMS Migration in 5 Steps

• Why LLMs Hallucinate?

• Happy 17th Birthday to Google Chrome!

• Biggest Customers Are the Biggest Blockers

Reduce Friction

Is the Web Broken? Cloudflare’s CEO on Internet History, AI, and Reinventing Crawling Economics

Cloudflare CEO Matthew Prince argues that Google’s free ride on the open web is over. In his recent interview, he lays out why search engines should pay for the content they index, and why it’s a question of when, not if.

No, You Don't Want to Hire "the Best Engineers"

Hiring “the best” often means bringing in egos that don’t scale. Instead of searching for unicorns, create systems that make even average engineers very productive.

Your Biggest Customer Might Be Your Biggest Bottleneck

Enterprise contracts can feel like a blessing, but big clients can quickly become a huge drain. Their attention and resource demand might leave your other projects starving, so here’s how to balance their needs with your business goals.

5 Tips for Future-Proofing Your IT Leadership Career

Good leaders obsess about tech, but great ones obsess about staying relevant. Each step on this checklist is something I have seriously considered in my own career path, and so should you. Three years from now, you’ll be grateful for it.

Deepen Your Expertise

Millions at Risk: Inside npm’s Biggest Supply Chain Attack 

One compromised maintainer account pushed malicious packages to millions of downloads, hitting even companies like Vercel. The full story shows how the breach unfolded and what it means for anyone relying on open source.

Scaling and Maintaining The New York Times’ Incident Management API

When you’re delivering news on a global scale, failure isn’t an option. The New York Times team goes into detail about their incident API management and shows how to keep reliability high without building bloated systems. 

Successful CMS Migration in 5 Steps with Next.js & Sanity

CMS migrations can be messy, but with the right process in place, they don’t have to be. In this video, I walk you through the 5 steps my team at Pagepro uses to move sites to Next.js and Sanity while keeping SEO and performance intact.

Shopify: Migrating to React Native's New Architecture

Shopify engineers pulled off the move to React Native’s New Architecture without slowing performance or disrupting releases, a rare feat at scale. Their “keep the ship moving” approach shows how to handle a migration while customers are still on board.

AI Corner

OpenAI on Why Language Models Hallucinate

Hallucinations are a bane of anybody who works with an AI, but what are they exactly? A glitch in the system or a complex math? The scientists at OpenAI published a paper that answers these questions and many more - have a look.

Microsoft to Use Some AI From Anthropic in Shift from OpenAI

Microsoft takes another step away from their fraying partnership with OpenAI. Some of the Office 365 apps will include features from Anthropic, raising an interesting question: is it a tool diversification or a break-up in the making?

AI for the Rest of Your Technical Job: Expanding Productivity Beyond Code

If you read one AI piece this week, make it this one. Developers spend just 16% of their time coding. If you want AI to make a real difference in your productivity, look into the other 84%: docs, planning, reviews, and tool juggling. This brilliant interactive presentation shows exactly how to do it.

CTOs Hold the Key to Unlocking AI’s Innovation Potential

AI is saving $28K per developer annually, yet most teams use it for only 25% of the work. The real opportunity is platform-first leadership: centralize AI capabilities, cut silos, and upskill engineers to focus on business problems instead of prompts. That’s how you reach the $750B upside everyone talks about.

Just Cool

Google Chrome at 17 - A History of Our Browser

Seventeen years ago, Chrome launched with a minimalist UI and a radical idea: the browser should feel invisible. Today, it’s the backbone of modern web development and a technological pioneer, so let’s have a look at how much it has changed.

Let’s Stay in Touch! 📨 

Do you have any comments about this newsletter issue or questions you want to ask? Drop me a message or book a meeting.