feat(blog): npm supply-chain compromise postmortem + gradient cover fallback

[tannerlinsley]

Summary

• Publishes the 2026-05-11 postmortem on the TanStack npm supply-chain compromise: src/blog/npm-supply-chain-compromise-postmortem.md
• Adds a slug-seeded, deterministic muted gradient placeholder for blog posts that ship without a header image, mirroring the pattern from tannerlinsley.com:
  • src/utils/ogGradient.ts — 8 desaturated palettes (sat 22-38%, light 55-65%) rendered as alpha-blended radial blobs (0.40-0.55) so they composite cleanly on both light and dark backgrounds.
  • src/components/CoverFallback.tsx — neutral bg-gray-100 dark:bg-gray-900 base + ring + the slug-derived gradient as backgroundImage.
• Wires the fallback into both surfaces that show a header image:
  • src/components/BlogCard.tsx — card uses the gradient in the same aspect-video slot when there's no headerImage.
  • src/routes/blog.$.tsx — post page renders an aspect-[5/2] rounded-2xl gradient above the title when there's no headerImage.

The postmortem itself contains no ![](...) line, so it picks up the gradient on both the blog index and the post page automatically. Existing posts (all of which have a header image) are unaffected.

Test plan

• Visual check at /blog/npm-supply-chain-compromise-postmortem in both light and dark mode — gradient renders above the title, no console or server errors
• Visual check at /blog — postmortem's BlogCard shows the gradient in place of the image
• tsc clean, lint clean (no new warnings introduced)
• Confirm og:image behavior for posts without a header image is acceptable (currently emits no og:image meta tag — follow-up could route to a server-side OG endpoint)