Schedule

As AI coding assistants like Cursor, Jules, Cline and Copilot revolutionize software development, a new reality emerges: while these tools excel at generating boilerplate and routine functions-roughly 70% of coding work-they struggle with the crucial final 30% that transforms a basic solution into production-ready software. This talk explores how developers can adapt to this paradigm shift by strategically embracing AI for what it does best while doubling down on uniquely human skills. Drawing from industry leaders' insights, we'll examine why AI struggles with essential complexity like system architecture, edge cases, and maintainability, and how developers can position themselves as indispensable collaborators rather than competitors with AI. Whether you're a senior architect seeking to amplify your impact or a junior developer navigating this rapidly evolving landscape, you'll leave with practical strategies to elevate your craft beyond what AI can generate.

Fixing CORS errors is a frustrating rite of passage for every web developer. Bun's Rendering API makes it trivial to run your frontend and API on the same server, eliminating the entire category of cross-origin errors. Developers no longer need to wrestle with complex server-side headers or proxy requests just to fetch data from a different domain.

Signals and fine-grained reactivity have recently become staples in modern JavaScript frameworks. However, 9 years ago, when Ryan Carniato created SolidJS, the blueprint for the modern framework, that was not the case at all. Today more developers use Signals than ever before, but we are only at the beginning of the journey. Join Ryan as he looks to the future of fine-grained reactivity, web development, and explores what lies beyond Signals.

Compilers have long been seen as one of the most complex topics in computer science. Nowadays, web frameworks are evolving from runtime libraries into optimizing compilers and reshaping how we build user interfaces. Different topics in front-end development—e.g., reactive programming—are now experiencing this era fueled by static-analysis-driven insights.This talk will explore how modern UI compilers are redefining performance and developer experience. We’ll discuss how some compilers are designed and different open-source solutions — including the React Compiler, Million.js, Svelte, and Marko, as well as enterprise apps, and the growing role of compilers in automating things.By the end of the session, you'll probably be optimistic about a future where compilers understand our entire code and offload a huge part of our mental burden related to manual tasks!

Developers have gone full-steam from traditional programming to AI code assistants and vibe coding but where does that leave application security? What are the risks of LLMs introducing insecure code and AI applications manipulated through prompt engineering to bypass security controls?In a series of real-world application hacking demos I’ll demonstrate how developers mistakenly trust LLMs in generative AI code assistants that introduce insecure code and result in vulnerable applications that attackers easily exploit against you. We don’t stop here. We’ll apply adversarial attacks on neural networks in the form of prompt injection payloads to compromise LLMs integrated into AI application workflows and weaponize them for SQL injection and other business logic bypass.Join me in this session where you’ll learn how security vulnerabilities such as path traversal, prototype pollution, sql injection and other AI security risks are impacting LLMs and how to leverage AI security guardrails to secure GenAI code.

npm powers the JavaScript ecosystem, but many developers still treat it as a black box.This talk aims to demystify core npm workflows and give developers with various levels of experience a clearer mental model of how npm works behind the scenes. With the rise of AI-assisted coding, many engineers are shipping code that depends on npm without deeply understanding it. Meanwhile, seasoned developers often struggle with subtleties around publishing, dependency resolution, and security.This talk clarifies the install and publish lifecycle, surfaces modern best practices, and offers decision-making tools that help developers avoid surprises and regain control over their tooling.

Things are evolving constantly and it's hard to know what's worth your time. As someone who learns and teaches for a living, Scott explores the web platform and what really matters.

JavaScript represents a big part of page weight - and optimising for performance often requires trimming or optimising the bundle - albeit imperfectly. At the same time, bundlers have never been more important in full-stack JS frameworks. In this session we’ll be rethinking how bundlers can optimise JS, if we let go of some of our previous assumptions about what bundling means.

This talk shares real-world lessons from building and operating remote MCP (Model Context Protocol) server. It covers the architectural decisions, technical challenges, and practical insights that came from enabling scalable, context-aware model execution in one of the world’s largest payment platforms.

Join me for a technical deep-dive on TypeGPU which, among other things, allows your WebGPU shader to be made up of JavaScript either partially or entirely. This means a library can be written fully in WebGPU Shading Language, yet accept a JS callback that gets compiled and injected into the shader code. Improving APIs by going past just tweaking knobs and parameters.In my talk, I’ll be touching upon how we offload most of this work to a build-step while still supporting dynamic scenarios, how we mitigate the differences between JavaScript and WebGPU Shading Language, and how we leverage existing tooling like the TypeScript language server to make CPU and GPU code connect seamlessly through types.

The web is capable of way more than we might think. During this talk, we'll explore some lesser known parts of the web. Did you know you can control the web via webHID or send and receive notes to devices via webMIDI? In this interactive talk we might make some music together, by controlling synthesisers and exploring the wide range of strange web API's.

Kubernetes doesn’t have to be hard. In this talk, we’ll explore kubernetes-fluent-client, a TypeScript-based meta framework that makes working with the Kubernetes API intuitive even if you’ve never touched client-go. From building controllers to managing subresources like logs, scale, and proxy, this talk dives into how the fluent client simplifies cluster interaction through a clear, expressive API, server-side apply, and custom informers. Whether you’re writing automation or full-blown operators, you’ll walk away ready to build Kubernetes-native applications faster and with less boilerplate.