Your Lighthouse score is lying to you
Lighthouse runs in a simulated environment that doesn't reflect what real users see. Here's what to measure instead, and why CrUX should be your source of truth.
May 02, 2026
Apr 21, 2026
How to debug a Core Web Vitals regression in 30 minutes
A practical, ordered checklist for tracking down LCP, INP, and CLS regressions before they hurt your search rankings.
Apr 12, 2026
Introducing SiteCMD
350+ real engineering checks for your website. Ship fast, fix everything else.
Mar 28, 2026
How to set up pre-commit hooks that actually catch bugs
Most pre-commit hooks just run a formatter and call it done. Here's the setup I use, and why each piece earns its place.
Mar 10, 2026
AI-generated code keeps shipping the same five mistakes
After auditing codebases that lean heavily on Cursor, Claude Code, and Copilot, the bugs aren't random. The same five categories show up over and over.
Feb 19, 2026
What I run before pushing a website to production
Every dev has their own checklist. Mine got long. Here it is, in the order I actually run it.
Jan 30, 2026
Picking a stack for a side project (without regretting it in a year)
I've shipped a lot of side projects. Most got abandoned. A few turned into businesses. The stack you pick at the start matters more than people think, but probably not for the reasons you think.
Jan 08, 2026
How to actually test your Content Security Policy
A Content Security Policy is meant to stop XSS. Most CSPs in production are ornamental. Here's how to figure out if yours actually works.
Dec 12, 2025
The dependency update problem nobody talks about
Dependabot has been around for years. So has Renovate. Both are fine. Both miss the actual problem: nobody knows whether to update.
Nov 20, 2025
Cookie banners are doing nothing for you
Every cookie banner you've ever clicked is a fiction. Yours probably is too. Here's how to do this properly, or skip it entirely.
Oct 28, 2025
Why I run scans locally instead of in CI
The standard advice is: put your linter, your tests, your security scans in CI. I disagree. Local-first is better for everything except the build itself.