SShortSingh.
Back to feed

Widget Storm launches on DevHunt with native DOM web widgets via single script tag

0
·1 views

Widget Storm, a library of embeddable web widgets including countdowns, flip cards, and guestbooks, has gone live on DevHunt with its launch week running through Monday. Unlike traditional embeddable widgets that load inside iframes, Widget Storm injects markup directly into the host page's DOM, allowing host CSS to style widgets without fixed-size constraints. The platform addresses security concerns through two methods: static widgets are verified as inert before embedding, while user-created dynamic widgets run inside a WASM sandbox with no filesystem or network access. Originally built in 2008, the modernized platform now supports English and German, offers Composer distribution for PHP developers, and includes a browser-based widget editor called Station. The tool is free to use and the developer is actively responding to feedback on the DevHunt listing throughout the week.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Revera 1.0.0 Launches with Bayesian Engine to Score npm Package Security Risk

A developer has released revera version 1.0.0, upgrading the tool from its earlier 0.1.0 beta to a stable release. Revera is a command-line interface designed to assess the security risk of npm packages before they are installed. The major rewrite replaces the previous fixed-weight scoring system with a Bayesian evidence engine that dynamically determines weights based on real signals. Each package is evaluated across eight categories — including vulnerability feeds, publisher trust, GitHub activity, and typosquat detection — and risk scores propagate through the entire dependency tree rather than just the top-level package. The tool is publicly available and can be installed via npm.

0
ProgrammingDEV Community ·

Developer finds site advertised rate limits for months with no enforcement code

A developer discovered that their Cloudflare Worker had been sending RateLimit headers on every response, promising a cap of 100 requests per 60 seconds, while no actual limiting logic existed anywhere in the codebase. The flaw meant no 429 responses were ever returned, and any well-behaved automated agent trusting those headers would have unnecessarily throttled itself against a non-existent limit. The bug surfaced during an internal audit while the developer was preparing answers to tough questions about the site's own agent-readiness standards. A fix was implemented using Cloudflare's Workers rate limiting binding, keyed to client IP, which now enforces the same 100-requests-per-60-seconds limit the headers had long advertised. The developer noted a key limitation: because the site has no accounts or logins, IP-based keying is the only option, meaning multiple users sharing a proxy or NAT address share a single request budget.

0
ProgrammingDEV Community ·

XHS Data API Offers Async Batch Processing for Up to 50 Xiaohongshu Notes

Developers working with Xiaohongshu note data can now use an asynchronous batch workflow via the XHS Data API on RapidAPI to process up to 50 public note URLs without holding a single gateway request open. The workflow involves submitting URLs to an async endpoint, receiving a job ID, and polling for results until the status reaches succeeded, partial, or failed. Jobs process URLs sequentially, can survive service restarts, and automatically expire after 24 hours. Per-item results are preserved even if individual URLs in a batch fail, allowing partial successes to be retrieved. Developers are advised to keep API authentication server-side, avoid using job IDs as authorization tokens, and ensure all data use complies with applicable laws and platform rules.

0
ProgrammingDEV Community ·

Python Tutorial Shows How to Fetch Public Xiaohongshu Note Data via RapidAPI

A new developer tutorial demonstrates how to retrieve structured public note data from Xiaohongshu, also known as RedNote, using Python and the XHS Data API on RapidAPI. The guide requires a RapidAPI subscription key and a valid public note URL containing an xsec_token, both stored as environment variables. Two API endpoints are used: one to parse and validate the URL locally, and another to fetch full note details including author info, images, tags, engagement counts, and media metadata. Developers are advised to use media URLs promptly as they may be signed or temporary, and to retain request IDs for error handling and retries. The XHS Data API is an independent service with no affiliation to Xiaohongshu, and users are reminded to handle public data in compliance with applicable laws and platform rules.

Widget Storm launches on DevHunt with native DOM web widgets via single script tag · ShortSingh