In this episode of Señors @ Scale, Dan sits down with Bramus Van Damme, Chrome Developer Relations Engineer at Google, and one of the driving forces behind View Transitions, Scroll-Driven Animations, Anchor Positioning, and CSS Custom Functions.Bramus brings a rare perspective from inside the browser engine itself. From helping shape CSS specs at the standards level to building the demos and tooling that developers rely on every day, he has a front-row seat to how modern UI engineering is evolving.We go deep into how the new CSS works in practice — beyond the marketing, straight into the mechanics of performance, rendering, and real-world API design.We break down how these capabilities actually work:How View Transitions calculate DOM deltas and morph shared elements across pages,How Scroll-Driven Animations run on the compositor instead of the main thread,How Anchor Positioning finally fixes popovers, tooltips, and dropdowns without JavaScript,and how CSS Custom Functions and Mixins push the language closer to a full programming environment.Bramus also explains the browser-internals most teams never see — interop, working with the CSS Working Group, and the engineering cost behind features that take 5 to 10 years to land across engines.The conversation goes beyond features into the realities of framework timing, React’s virtual DOM, when animations fall back to the main thread, and why modern CSS is becoming the foundation for UI systems at scale.If you’re building modern frontends, maintaining a design system, or leading platform engineering for UI, this episode is a masterclass in what the next generation of the web actually looks like.Chapters00:00 The Journey into Web Development01:02 Best Practices for View Transitions07:46 What Chrome DevRel Actually Does10:33 How Browser Features Get Prioritized13:38 Why Styling Forms Has Been Broken for Years17:18 Inside View Transitions and Cross-Document Animations22:11 Motion, Accessibility, and Reducing Overuse23:44 Integrating Browser Features with React, Vue, and Frameworks27:46 The Popover API and Pattern-Driven Standards30:48 How React and Chrome Collaborated on View Transitions31:46 The State of Scroll-Driven Animations34:25 Triggered Animations and What’s Coming Next35:50 Why JS Scroll Handlers Cause Jank37:17 GPU-Accelerated vs Main-Thread Animations40:10 The Coolest Demo: Scroll-Driven View Transitions44:24 Anchor Positioning and De-JSifying UI Patterns48:23 Developer Feedback, Interop, and Spec Evolution51:19 Custom Functions and the Future of CSS as a Language54:58 Mixins, Preprocessors, and Platform Evolution56:43 Books, Blogs, and Where Bramus Learns58:11 Closing Thoughts and Call for FeedbackFollow & Subscribe:📸 Instagram: https://www.instagram.com/senorsatscale/📸 Instagram: https://www.instagram.com/neciudev🎙 Podcast URL: https://neciudan.dev/senors-at-scale📬 Newsletter: https://neciudan.dev/subscribe💼 LinkedIn: https://www.linkedin.com/in/neciudan💼 LinkedIn: https://www.linkedin.com/company/se%C3%B1ors-scale/Additional Resources🌐 Bramus’ Blog: https://www.bram.us🌐 View Transitions Demos: https://view-transitions.chrome.dev🌐 Scroll-Driven Animations Course: https://scroll-driven-animations.style/🌐 Anchor-Tool by Una: https://anchor-tool.com#css #webdevelopment #frontend #javascript #chrome #softwareengineering #uiux #devtools #animations #react #performance #softwarearchitecture #señorsatscaleDon’t forget to like, comment, and subscribe for more engineering stories from the front lines.

In this episode of Señors @ Scale, Dan sits down with Liran Tal, Director of Developer Advocacy at Snyk, GitHub Star, and one of the most influential voices in modern application security. Liran has spent decades at the intersection of open-source ecosystems, Node.js, supply chain security, and now AI agent security, helping developers ship fast without exposing themselves to silent, catastrophic risks.

He breaks down the real stories behind today’s security landscape — from NPM malware and maintainer compromises to MCP attacks, toxic flows, and the hidden vulnerabilities emerging from AI-driven development.

We dig into what “security at scale” actually means: how attackers compromise maintainers and publish worm-style malware, how invisible Unicode payloads bypass human review, why AI-generated code is statistically insecure, and how developers can build guardrails directly into their workflows with tools like Snyk, NPQ, and MCP scanning.

Liran also reveals the problems teams consistently underestimate — developer ergonomics, dependency trust, package governance, CI risk, and why blindly upgrading dependencies is one of the most dangerous patterns in modern engineering.

The conversation goes far beyond theory — into secure coding, package hygiene, NPM ecosystem fragility, MCP prompt injection, SQL and command injection patterns, and what real-world breaches teach us about resilience.

If you build software, install dependencies, or use AI coding agents, this episode is a masterclass in defensive engineering, supply chain awareness, and the new security realities shaping our industry.

Chapters
00:00 Security at Scale – Why It Matters Now
02:14 How Liran Got Into Security
05:12 The Shift Toward Developer-Led Security
08:33 How Snyk Changed the Developer Security Workflow
11:07 The Story Behind NPQ and Safer Dependency Installation
14:02 The Rise of NPM Malware and Maintainer Compromise
16:48 Why Blind Upgrade Everything Pipelines Are Dangerous
19:15 Is Node the Problem or Is It NPM
21:10 The Hidden Risk of MCPs and AI Agent Vulnerabilities
24:18 Toxic Flows, Shadowed Tools, and Prompt Injection
27:22 AI Browsers, Extensions, and Real Prompt Injection Attacks
30:04 Why Prompt Injection Has No True Fix
33:01 AI-Generated Code Is Statistically Insecure
35:12 How Snyk Plus MCP Creates a Secure Coding Loop
37:40 The Most Common MCP Vulnerabilities
40:55 How AI Agents Turn Mild Bugs Into Critical RCE
43:11 The Glassworm Invisible Unicode Attack Vector
44:51 EventStream, XZ Utils, and Supply Chain Horror Stories
48:03 Liran’s Personal Security Incidents
51:10 UX vs Security and Real World Tension
53:04 Liran’s Book Recommendations
55:37 Final Thoughts and Protecting Yourself as AI Evolves

Sound Bites
"Security at scale is a complex challenge."
"AI-generated code is not always secure."
"Security and UX must work together."

Follow & Subscribe:
Instagram: https://www.instagram.com/senorsatscale/
Instagram: https://www.instagram.com/neciudev
Podcast URL: https://neciudan.dev/senors-at-scale
Newsletter: https://neciudan.dev/subscribe
LinkedIn: https://www.linkedin.com/in/neciudan
LinkedIn: https://www.linkedin.com/company/señors-scale/

Additional Resources
Snyk – developer-first security tools
Serverless Security (O’Reilly) – co-authored by Liran
Liran’s GitHub: https://github.com/lirantal
NPQ package checker: https://github.com/lirantal/npq
MCP Scan (Snyk) – securing MCP servers

#security #softwaresecurity #supplychainsecurity #npm

Don’t forget to like, comment, and subscribe for more engineering stories from the front lines.

How are you protecting your stack from supply chain attacks? Share below 👇

In this episode of Señors @ Scale, Dan sits down with Luca Mezzalira, Principal Serverless Specialist at AWS and author of Building Micro-Frontends, for a deep and highly practical look at scaling frontend architectures for hundreds of developers.

Luca shares the real story behind how micro-frontends were born — from his early experiments at DAZN trying to scale a live sports platform across 40 devices and 500+ engineers, to pioneering techniques that cut app startup times from 40 seconds to 12.

We break down how distributed frontends actually work:
How to design stable application shells with zero global state,
How to compose independently deployed views without iframes, and how guardrails like bundle-size budgets and canary deployments keep massive systems fast and safe.

Luca also explains the hidden challenges most teams miss — governance, team topology, and socio-technical design.
He shows how to evolve from a monolith to micro-frontends step by step, using edge routing, feature flags, and domain-driven design to scale safely without rewrites.

The conversation goes beyond theory — into the mechanics of migration, platform teams, CI/CD pipelines, and why friction in your system is actually a signal, not a failure.

If you’re leading a frontend platform, planning a migration, or just trying to make sense of where micro-frontends actually fit, this episode is a masterclass in autonomy, architecture, and evolution at scale.

Chapters
00:00 The Origin of Micro-Frontends at DAZN05:41 Building a Distributed Frontend Without iFrames08:50 Designing the Application Shell and Stateless Architecture12:23 Zero Global State and Memory Management15:53 Guardrails for Bundle Size and Developer Discipline17:39 Governance and Designing for Scale20:18 When (and When Not) to Adopt Micro-Frontends22:46 Canary Releases and Edge Routing for Safe Migration25:49 Vertical vs Horizontal Splits in Micro-Frontends31:30 Lessons from Building the First Edition of the Book35:38 Frameworks, Federation, and Modern Tools39:22 Core Principles of Successful Frontend Architecture42:06 Building Platform Teams and Core Governance44:19 When Micro-Frontends Don’t Make Sense47:50 Micro-Frontends for Small Teams and Startups49:32 Monorepo vs Polyrepo – What Actually Matters53:10 Preventing Duplication and Encouraging Communication57:39 Why a Design System Is Non-Negotiable59:17 Common Anti-Patterns in Micro-Frontend Architecture

1:03:33 Book Recommendations and Final Thoughts

Follow & Subscribe:
📸 Instagram: https://www.instagram.com/senorsatscale/
📸 Instagram: https://www.instagram.com/neciudev
🎙 Podcast: https://neciudan.dev/senors-at-scale
📬 Newsletter: https://neciudan.dev/subscribe
💼 LinkedIn: https://www.linkedin.com/in/neciudan
💼 LinkedIn: https://www.linkedin.com/company/se%C3%B1ors-scale/

Additional Resources

📘 Building Micro-Frontends – Luca Mezzalira (O’Reilly) buildingmicrofrontends.com

🌐 buildingmfe.com

💬 Luca’s Blog: https://lucamezzalira.com

#microfrontends #aws #frontendarchitecture #javascript #webdevelopment #softwareengineering #softwarearchitecture #react #scaling #teamtopologies #serverless #señorsatscale

Don’t forget to like, comment, and subscribe for more engineering stories from the front lines.

How is your team approaching frontend scaling and independence? Share below 👇