Anthropic's Bet on Bun, React2Shell, Vite 8 Beta, and Elves Spam npm | News | Ep 47 скачать в хорошем качестве

Anthropic's Bet on Bun, React2Shell, Vite 8 Beta, and Elves Spam npm | News | Ep 47

News for the week of December 1, 2025: Anthrophic acquired Bun, React2Shell is pretty darn bad (and that's not all), plus "elf spam" packages on npm. From the community: tRPC vs. oRPC, demystifying TSConfig, and hash-slash (#/) project-relative import support in Node. MCP in Practice Course Watch now. (https://bit.ly/PSMCPInPractice) Kamran shows you how to build a practical enterprise-grade MCP server with .NET, C#, and OAuth, hosted remotely on Azure. (Requires subscription) Sponsored by Excalibur.js Excalibur.js (https://excaliburjs.com/?utm_source=t...) is the free and open source friendly TypeScript 2D game engine for the web. Learn to make web games with TypeScript or JavaScript! Excalibur comes out-of-the-box with everything you need, like physics, sprites, animations, sound effects, and first-party plugins for popular 2D gamedev tools. • Homepage and Docs: https://excaliburjs.com (https://excaliburjs.com/) • Make Your First Game (https://excaliburjs.com/docs/excalibi...) in 10 Minutes • Join the Discord:   / discord   Chapters • (00:00) - Welcome to the Show • (04:09) - Kamran's MCP in Practice Course is Now Live on Pluralsight • (08:35) - News: Anthropic Acquires the Bun JavaScript Runtime • (13:41) - News: Vite 8 Beta with Rolldown • (15:40) - News: tsdown 0.17 Release • (17:10) - News: oxlint Brings Type-aware Linting in Alpha • (17:50) - News: oxfmt Alpha is 30X Faster Than Prettier • (18:45) - News: Gird Your Loins for Upcoming Node.js Security Releases • (19:38) - News: React2Shell Remote Code Execution Exploit in RSC • (26:55) - News: React2Shell Causes Yet Another Cloudflare Outage • (28:16) - News: Santa's Elves Flood npm With Naughty "Gifts" • (30:10) - News: SVG Clickjacking Exploit Using Filters • (32:05) - Community Highlight: tRPC vs. oRPC for Your Next TypeScript Project? • (33:15) - Community Highlight: Testing Vue Composables in TypeScript by John Franey • (34:03) - Community Highlight: Formisch for React Quietly Released by Fabian Hillar • (34:53) - Community Highlight: Building a Dinosaur Runner Game in Deno • (36:19) - Community Highlight: Node Will Soon Support Project Root Import Paths • (37:51) - Community Highlight: TSConfig Grimoire by Bjorn Lu • (39:01) - Community Highlight: How is ESM vs. CJS Going? by Titus • (40:45) - Community Highlight: Next Astro Release Supports Vite Environments API • (41:18) - Bleet of the Week by Joke Bailey • (42:10) - Cool Read: Godot Shaders Bible by Fabrizio Espendola • (42:56) - Cool Watch: Cancellation Tokens by Stephen Toub • (43:44) - Cool Game: Classic Game Zork is Released as Open Source • (44:16) - Cool Tool: Helion, a Modern DOOM Engine • (45:18) - Cool Watch: Modern .NET Serialization Attacks by Hampton Paulk • (47:25) - Cool Reads: Architecture for Flow and Domain-driven Transformation • (48:40) - The Minnesota Long Goodbye News • Bun: Bun is joining Anthropic (https://bun.sh/blog/bun-joins-anthropic)   • ViteLand: Vite 8 Beta: The Rolldown-powered Vite (https://vite.dev/blog/announcing-vite...) • ViteLand: Announcing Oxlint Type-Aware Linting Alpha (https://voidzero.dev/posts/announcing...) • ViteLand: The first Oxfmt alpha was released (https://voidzero.dev/posts/announcing...) • ViteLand: tsdown got a new release (https://bsky.app/profile/sxzz.dev/pos...) • Node.js PSA: Prepare for Monday, December 15, 2025 Security Releases (https://nodejs.org/en/blog/vulnerabil...) • Cloudflare: Cloudflare outage on December 5, 2025 (https://blog.cloudflare.com/5-decembe...) • Security: npm Sees Surge of Auto-Generated “elf-stats” Packages Published Every Two Minutes (https://socket.dev/blog/elves-on-npm) via (Sarah Gooding (https://bsky.app/profile/sarahgooding...) ) • Security: SVG Filters - Clickjacking 2.0 Ʊ lyra's epic blog (https://lyra.horse/blog/2025/12/svg-c...)   React2Shell Resources • React2Shell Exploit: Critical Security Vulnerability in React Server Components (https://react.dev/blog/2025/12/03/cri...) • Deep Dive: https://react2shell.com/ • Next.js: Security Advisory: CVE-2025-66478 (https://nextjs.org/blog/CVE-2025-66478) • Deno Blog: React...