FE Bits Vol.31 | axios Supply Chain Attack, JetStream 3.0 Released & View Transitions Toolkit

This article has been machine-translated from Chinese. The translation may contain inaccuracies or awkward phrasing. If in doubt, please refer to the original Chinese version.

About this newsletter

This issue's URL: https://blog.cosine.ren/post/weekly-31 This newsletter aims to update every Sunday. Subscribe to the RSS feed. WeChat Official Account: FE Bits (前端周周谈 FE Bits). Click the original link to view the full article. QQ discussion group 598022684 / Discord server

The newsletter content is also open-sourced at fe-bits-weekly. Follow for updates.

Today is April 12, 2026, Sunday. This is a biweekly issue covering content from the Qingming Festival holiday.

Personal Updates

Gaming

Some casual gaming thoughts. I've been in a gaming slump (electronic ED) for a while, but during the Qingming holiday I spent two consecutive days, 12 hours each, and completed all endings of Ai Hong — it felt like finishing a story as a visual novel.

I came from playing the prequel. My honest review is quite positive. Lin Pianpian's characterization felt genuinely more striking than Su Lianyan's, leaving a deep impression.

If I had to rate it, this work is a history-oriented, mainstream AVG rather than a galgame, and it wasn't marketed as a gal either, so there weren't really any deal-breakers for me. The prequel's sweet moments were plenty satisfying too.

Let me start with some pros from actual gameplay:

1. The music is impeccable, there's a generous amount of CG art, and I quite like the art style.
2. The historical perspective is truly excellent — it portrays the actions of all parties during the Yangzhou Massacre as objectively as possible. Humans are inherently bundles of contradictions. The depictions of the pleasure quarters and brothels are genuinely immersive. The paths leading to different endings also contain many historical and literary Easter eggs, featuring Jin Shengtan, Qian Qianyi, Zheng Chenggong, Liu Quanju Shi (Pu Songling), Zhu Cijiong, and others.
3. The plot itself feels very coherent — it successfully tells the story of the Yangzhou Massacre and ties up all the foreshadowing.
4. The music and visuals complement each other perfectly. I was moved to tears during Lin Pianpian's true ending.

Cons:

1. Honestly, I personally feel the main heroine's characterization isn't as good as the secondary heroine's. Though this game can't really be categorized with "main" and "secondary" heroines — the two characters were clearly designed to be polar opposites. Neither true ending can be considered a conventionally good ending; they're pure heartbreak. But the side story Liangtian Mansui from the prequel somewhat makes up for it with its sweetness... I also don't like the ALS (Lou Gehrig's disease) setting — that was a real misstep.
2. How does a visual novel even have a no-death achievement?! (rant) What does it even mean lol
3. Way too many dead ends, and a large portion of them are just Xiao Yanzi's "Zhiyou— Zhiyou—" — I'm getting PTSD from hearing it

Quoting a passage I saw from a Zhihu answer that I strongly agree with — the male protagonist of this game really does feel like this:

In practical terms, the male protagonist is a very typical person with a mental condition.
The "heroine" existing in his memories is Su Lianyan — he loves everything about her memories, because in his recollections, everything about Pianpian is dim and secondary.
While the "heroine" in reality is Lin Pianpian — she loves everything about him in the present, because in reality, everything about Lianyan is imagined and illusory.

References: Zhihu Answer 1, Zhihu Answer 2

Lastly, here's an image that expresses my feelings.

Wait and hold hope...

Miscellaneous Ramblings

• Blog migration & updates: As traffic grew, I migrated the blog from Vercel to a cloud server, and released astro-koharu v3.3.0 with playlist fixes. (Last night I released v4.0.0 which finally adds the long-overdue umami analytics display and more)

• My two guardians flanking me while I game at my desk (lol) — every PC case is nice and warm, the cats love it.

• MoePeek adds TTS read-aloud feature: Added TTS read-aloud for translation results and original text in MoePeek, handy for learning Japanese~

Community Updates

• JetStream 3.0 Released: The cross-browser JS/WASM benchmark receives its first major update in seven years, jointly developed by Mozilla, WebKit, and Chromium.

• Babylon.js 9.0 Released: Babylon.js releases version 9.0, introducing clustered lighting, frame graph system, and node particle editor among other high-performance rendering features.

• View Transitions Toolkit: Bramus releases view-transitions-toolkit, providing a set of utility functions and helpers to simplify View Transitions development.

• axios Hit by Supply Chain Attack: The popular npm package axios@1.14.1 was found to contain malicious dependencies, posing a supply chain attack risk. Malicious payload location. Although the issue has long been resolved, it's still recommended to read pnpm's article on supply chain security for additional prevention measures, such as enabling minimumReleaseAge. Also, pnpm disables postinstall by default.

• Our response to the Axios developer tool compromise: Meanwhile, OpenAI disclosed that the third-party library Axios used in its macOS app signing process was hit by a supply chain attack (version 1.14.1 contained a malicious payload). While there's currently no evidence of user data or source code being leaked, as a precaution, OpenAI has revoked and replaced its macOS code signing certificate. Affected apps include ChatGPT Desktop and Codex, and all macOS users must update before May 8, 2026, after which older versions will stop working.

Articles

• What To Know in JavaScript (2026 Edition): A comprehensive overview of the latest developments and trends in JavaScript language features, framework ecosystem, runtimes, and build tools in 2026.

• How AI Remembers and Why It Forgets: Part 1. The Context Problem: Explores how large language models (LLMs) simulate memory through context, and why excessive information leads to "Context Rot."

• SVG Filters Guide: Getting Started with the Basics: A guide to quickly mastering SVG filter fundamentals and core principles from both logical and mathematical perspectives.

• Building a Career with Open Source: An excellent article on how to build a career through open source, with personal reflections.

• Deep Dive into CSS contain Property and Performance Optimization: An in-depth exploration of the CSS contain property, explaining how isolating DOM subtrees can significantly improve browser rendering performance.

• Multiple Ways to Preload Images in JavaScript: Explores various approaches to preloading images in JavaScript along with their pros and cons, solving delay and flicker issues during image rendering.

• Creating Complex Shapes with CSS shape() Function: Introduces how to use CSS's new shape() function to create complex wavy lines, irregular shapes, and borders, replacing traditional SVG solutions.

• CSS Hexagonal Avatars and Honeycomb Grid Layout: Demonstrates how to use modern CSS features to achieve hexagonal avatar effects and highly automated pyramidal honeycomb grid layouts.

• CSS subgrid is super good: Explores how CSS Subgrid easily solves common "full-width background" and "center alignment" layout challenges in CMS content.

• The uphill climb of making diff lines performant: GitHub's engineering team details how they significantly improved the rendering and interaction performance of large-scale Pull Requests by refactoring the React architecture, reducing DOM nodes, and introducing virtual scrolling.

Fun Sites & Tools

• Bearnie Component Library: Accessible components built on Astro and Tailwind CSS, strictly following WCAG 2.1 AA standards.

• textstring: A highly creative demo that visualizes code strings as physical, stretchable, wrappable "threads" in the physical world.

• Rendering 3D DOOM with Pure CSS: An excellent blog post detailing how to render a 3D version of DOOM using modern CSS features, pushing the boundaries of what CSS can do.

• dany.works: An elegantly designed personal website with a beautiful Sunny Mode

Hypercube Particle Animation

See the Pen YPGrodj by jkantner (@jkantner) on CodePen.

Jon Kantner drew inspiration from motion graphics legend Dave Whyte's gif to create this JavaScript hypercube-shaped particle animation — it looks right at home on CodePen.

Reorder Cards

See the Pen WbGXVLG by vii120 (@vii120) on CodePen.

Vivi Tseng recreated Mollie Starr's design from Dribbble, adding sunshine and shadow effects to this responsive drag-and-drop card demo.

Box Flow System

See the Pen yyaXzoB by Ma5a (@Ma5a) on CodePen.

"Factory automation has a certain mesmerizing charm, so I wanted to create something inspired by it. The challenge was making the boxes interact with each other and with conveyor belts and pneumatic tubes in different ways." — Masahito Leo Takeuchi

Refs

• Frontend Focus #736
• CodePen Spark #503