Hey, I'm pyk

A Security Researcher, which is a fancy way of saying I get paid to find bugs in smart contracts. This site is my personal notebook for things I'm learning, tools I'm building with Rust and my ongoing experiments with fuzzing.

Latest projects

This is a collection of my open-source tools and libraries. Each one started as an experiment to learn something new or to fix a problem I had. You'll find they're mostly written in Rust, simply because I enjoy building things with it.

• cmdtest: CLI testing for Zig

• xdgdir: A tiny Rust crate that finds the right directories for your app's config and data, following the XDG spec.

• envfmt: A tiny Rust crate to expand environment variables in a string, just like your shell does.

Latest posts

This blog is my public notebook. It's where I document what I'm doing, share solutions to bugs, and write down my thoughts on Rust and other tech. These are basically my notes-to-self, which I post here in case they're useful to you.

• Brainstorming "Zig Object Validator" API

  November 8, 2025

  My journey designing a Zod-like validation library in Zig. A dive into comptime, type generation, and the trade-offs for good tooling support.

• cmdtest v0.2.0

  November 7, 2025

  I'm sharing my experience building cmdtest, a Zig package for testing CLI apps. This post covers Zig I/O, comptime vs runtime, and build.zig import quirks.

• Building VS Code Extensions with Bun and Mise

  October 23, 2025

  My notes on building a VS Code extension using Bun and Mise. Covers build scripts, tasks, and a macOS fix for zsh PATH issues.

• Fixing the Unresolved Dynamic Import in Astro

  October 20, 2025

  Vite's bundler was too smart for its own good and kept failing my dynamic import in Astro. This is the one-line trick I used to outsmart it.

• Fixing Astro's 'Import Declaration Conflicts' Error

  October 20, 2025

  I hit an 'Import declaration conflicts' error in Astro. My page and a component had the same name. Here's how I fixed it with an import alias.

• My Strategy for Winning

  October 20, 2025

  I'm building a custom security research env in VS Code to find more bugs, integrating Foundry and Medusa to make my workflow faster.

• A Plan Is Not a Strategy

  October 16, 2025

  My takeaways from a Roger Martin HBR video on plan vs. strategy. It showed me I was making to-do lists instead of figuring out how to win.

• Tracking Pagefind Search with Umami

  October 15, 2025

  I wanted to see what people search for on my site. Here's how I connected Pagefind to Umami with a simple MutationObserver trick.

• envfmt v1.0.0

  October 8, 2025

  I just released envfmt v1.0.0. The big change was removing all dependencies to make it a tiny, stable lib. Here are my notes on the update.

• Intersection Observer over Scroll Listener

  October 1, 2025

  My site's navbar felt janky with a scroll listener. I fixed it with the Intersection Observer API. Here's how I used it for a smoother scroll effect.

Show all posts