Dev Weekly #111 covers a major npm supply-chain attack on TanStack where attackers published 84 malicious versions across 42 packages via GitHub Actions cache poisoning and OIDC token extraction. Other highlights include: Node.js 22.22.3 LTS security fixes, MySQL 9.7 LTS release with enterprise features, Rubydex (a Rust-based Ruby static analysis engine), a 300x memory reduction using finite state transducers instead of SQLite, Claude Agent SDK credits for subscribers, and discussions on AI team workflows, local AI as a privacy-respecting norm, and why senior developers struggle to communicate expertise.
Sort: