Thinking Elixir Podcast 299: Don't Paste That Into Your Terminal

Episode 299 of Thinking Elixir covers several Elixir ecosystem news items: the Erlang Ecosystem Foundation (EEF) is seeking community support for the Aegis security grant to fund two years of supply chain hardening for Hex; a first comprehensive third-party security audit of Hex PM found and fixed issues including an RCE vulnerability and CI/CD hardening gaps. Tidewave updates introduce UI variants and vision mode for AI-assisted Phoenix web development. Hex now serves LLM.txt files for better AI agent documentation access. A new Elixir LSP called Dexter, written in Go, was released by Remote. The Lotus embeddable BI engine for Phoenix apps received updates including AI-powered query generation. GhostyEx brings the Ghosty terminal emulator to Phoenix LiveView. The episode also details the sophisticated ClickFix social engineering attack that compromised the Axios npm package maintainer, warning open source maintainers about targeted supply chain attacks.