What a week! Some people were debating over our npm workflows and security attacks (and sadly not just virtual social engineering ones but real ones in Brussels), we've also seen some great new articles that feature the better parts of our community and society. I'm happy to share them with you over this longer Easter-weekend. Cheers!

News

• iOS9.3 and OS X 10.11.4 is finally being delivered to users, and with it, Safari 9.1 is out with <picture> element support, CSS Custom Properties, will-change property, unset value and unprefixed filter.

General

• “I ran the stats today. Of more than 250 million Opera Mini users, 50% are on Android/iOS and 50% are on feature phones. The second group of people almost certainly have no choice in which browser to use to get a full web experience. That’s 125 million people that the designer-on-stage doesn’t care about.” says Bruce Lawson in his article about why Opera Mini matters for designers and developers in the Western world.
• In her presentation, Kendra Skeene shares why access by default should be your goal — primarily because accessible code is literally better for everybody.

Tools

• I bet most of you have already heard about it: This week, many of the most popular open source packages broke due to one author pulling all his packages from npm due to a trademark dispute with kik. Finally, npm restored the package without the author’s consent to fix the Internet. This event shows how fragile our development workflow has become these days. If just one person pulls a package, millions are affected. If npm itself pulls the registry, most dev workflows will break. If npm changes the authorship of a module and lets a new author ship another unrelated package under the same old name, things will break. Let’s fix our workflows again and not rely on single points of failure.
• GSX2JSON is a useful tool to convert Google Spreadsheet to JSON data, available as a simple API.

Security

• This week has been troublesome for some people. And while some people’s CI builds broke because of missing npm modules, people using the awesome greenkeeper service, experienced a social engineering attack. Someone has created a GitHub account greenkeeperlo-bot that’s very similar to greenkeeperio-bot, copied the avatar and sent around a couple of useless Pull Requests. Gladly it didn’t end up becoming a malicious attack but shows that even experienced developers just trusted it and merged it without reviewing the changes. Be careful and review your code extensively, all the time!

Accessibility

• The W3C published a new document summarizing what is needed to meet WCAG 2.0 requirements within your website or application.
• How do you implement media to be accessible for a variety of users? Tricks for writing better alternative texts, or when to provide an empty alt=“” attribute, how to add video captions, or create transcripts are shared by Megan Zlock.

JavaScript

• Tired of using Mocha or Jasmine for testing your JavaScript modules? Nicolás Bevacqua shows us how to test our modules with tape.
• The folks from Basecamp just shared how they implemented a ‘Snapback Cache’ to make infinite scrolling feeds at Highrise awesome. It’s basically covering a technique to allow visitors to open a link in the infinite scrolling page and then want to read on from the previous position, so the scroll position needs to be restored.

CSS / Sass

• Using object-fit, some tricks like a lens-vignette won’t work anymore as expected. But there’s a trick how to make these effects work again.
• After Jonathan Neal took over the development for the Normalize.css project this month, version 4.0.0 has been published, adding a lot of useful normalizations and fixing a couple of bugs.
• StickyState is a high performance module making native position:sticky stateful and polyfilling the missing sticky browser feature.

Work & Life

• After years of intensive analysis, Google has discovered that the key to good teamwork is being nice. Who would’ve thought that, but on the other hand, if Google needs years to get this right, other companies don’t know this either. Maybe it’s a chance to change it and finally treat everyone at work and at home nicely.
• To be creative, you sometimes need to leave your desk behind. By the way, Zoran Jambor, author of CSS Weekly, started an inspiration newsletter.

And with that, I’ll close for this week. If you like what I write each week, please support me with a donation or share this resource with other people. You can learn more about the costs of the project here. It’s available via email, RSS and online.

Thanks and all the best,
Anselm