Senior Full-Stack Engineer

React, Vue, Node.js, .NET, Security

Twenty years building web apps that hold up under real traffic. Startups to Fortune 500s.

About Me

Full-stack by trade: React, Vue, Node.js, .NET. These days I spend most of my spare time building tools that help other developers work faster.

Accessibility scanners that catch real issues. Security audits automated so nobody has to slog through them manually. If it involves shipping software that holds up under pressure, I'm interested.

More About MeView Portfolio

Technical Blog

What I'm working on and what I've figured out.

Thumbnail for Your Claude Prompts Are an Audit Gap. LiteLLM Closes It.
LiteLLMClaudeAI+6 more

Your Claude Prompts Are an Audit Gap. LiteLLM Closes It.

A staff engineer's case for putting LiteLLM in front of Claude to close the audit gap: PII filtering, secret detection, virtual keys per user, and a real log of every prompt. Config examples and an honest take on the tradeoffs.

10 min read
Thumbnail for 84 Malicious TanStack Versions Hit npm. My Portfolio Pulled Zero.
npmpnpmTanStack Start+4 more

84 Malicious TanStack Versions Hit npm. My Portfolio Pulled Zero.

On May 11, 2026, the Mini Shai-Hulud worm published 84 malicious versions across 42 TanStack packages in a six-minute window. My portfolio runs on TanStack Start. None of the bad versions ever touched it. Here is why, and what every project running npm should be doing right now.

11 min read
Thumbnail for WordPress Was Already a Security Nightmare. AI Agents Are About to Make It Unlivable.
WordPressSecuritySupply Chain Attacks+5 more

WordPress Was Already a Security Nightmare. AI Agents Are About to Make It Unlivable.

Someone spent six figures on 31 trusted WordPress plugins, planted a PHP deserialization backdoor, and sat on it for eight months before lighting it up in April 2026. That's not a WordPress bug. That's what WordPress is. Here is why the next wave of agentic AI turns every outdated install into a ticking clock, and what to move to instead.

11 min read
Thumbnail for GEO is the New SEO: Optimizing for AI Answer Engines in 2026
GEOSEOAI+4 more

GEO is the New SEO: Optimizing for AI Answer Engines in 2026

Generative Engine Optimization (GEO) is the discipline of getting cited by ChatGPT, Perplexity, Claude, and Gemini. It overlaps with SEO about 40%. The other 60% is new territory, and it's worth learning now.

10 min read
Thumbnail for Why I Rebuilt My Portfolio with TanStack Start
TanStack StartReactPerformance+2 more

Why I Rebuilt My Portfolio with TanStack Start

I previously wrote about choosing Nuxt over Next.js. Then I rewrote my entire portfolio in React. This isn't a framework war - it's about what TanStack Start gets right that Next.js doesn't, and why the rebuild was worth it.

8 min read
Thumbnail for Stop Supply Chain Attacks: Why Your Build Pipeline Should Use Locked Dependencies
npmpnpmSecurity+5 more

Stop Supply Chain Attacks: Why Your Build Pipeline Should Use Locked Dependencies

A simple switch from npm install to npm ci in your CI/CD pipeline can prevent supply chain attacks by enforcing exact dependency versions. Learn why this matters and how to implement it in your build scripts.

10 min read
View All Articles

Contact

Drop me a line. I read everything and reply within a day.

Required fields are marked “(required)”.