JSWkly is a resource that helps in JavaScript development, offering a weekly digest of the latest news, trends, and best practices shaping the JavaScript ecosystem. Developers delving into JSWkly's curated selection of articles, tutorials, and tips can expect to embark on a journey of continuous learning and growth, mastering the intricacies of modern JavaScript development. Whether exploring  frameworks and libraries, diving into advanced language features, or honing their skills in front-end architecture and performance optimization, JSWkly equips developers with the knowledge and insights needed to excel in the dynamic world of JavaScript development.

JavaScript Weekly

Issue 785 of JavaScript Weekly covers a supply chain attack on TanStack npm packages via CI OIDC token theft and cache poisoning (not stolen credentials), affecting ~170 packages for 26 minutes. Mitigation tips include setting install-time cooldowns and auditing GitHub Actions with zizmor. Also featured: Rolldown 1.0 stable release (Rust-based bundler, 10–30x faster than Rollup, backbone for Vite 8), BlueJS ahead-of-time JS compiler producing tiny binaries, and releases including pnpm 11.1, Astro 6.3, Syncpack 15.0, and Expo SDK 56 Beta.

JavaScript Weekly Issue 785: May 12, 2026