Episode Details

Back to Episodes

TMiR 2026-05: Who even is on the Core team anymore, TanStack got pwn'd bad

Season 3 Episode 5 Published 7 hours ago
Description

Transcript and URLs

★ Support this podcast ★
Reply on Bluesky

  • (00:00) - Interview
  • (00:55) - Some podcast meta
  • (01:49) - New Releases
  • (01:51) - [TS v7 beta](https://devblogs.microsoft.com/typescript/announcing-typescript-7-0-beta/)
  • (05:15) - [Rolldown 1.0](https://voidzero.dev/posts/announcing-rolldown-1-0)
  • (06:51) - [Fate 1.0](https://fate.technology/posts/fate-1.0)
  • (09:48) - Main Content
  • (09:56) - React Core
  • (10:09) - React team status after Meta layoffs?
  • (14:59) - [React Compiler port to Rust still in progress](https://x.com/poteto/status/2056865079543681329), latest [PR](https://github.com/facebook/react/pull/36173)
  • (15:54) - [Tanner Linsley is "projecting" React](https://tannerlinsley.com/posts/projecting-react) (it's definitely not a fork)
  • (21:38) - [Tests are the new moat](https://saewitz.com/tests-are-the-new-moat)
  • (23:32) - [Brooks Lybrand thoughts on React + community after React Miami](https://brookslybrand.com/posts/react-miami-2026.html)
  • (25:04) - [TanStack is exploring how to expose Server Components](https://tanstack.com/blog/react-server-components)
  • (27:19) - [Who Owns the Tree](https://tanstack.com/blog/who-owns-the-tree)
  • (27:31) - [RSCs in TanStack](https://frontendmasters.com/blog/react-server-components-in-tanstack/)
  • (28:12) - [Remix v3 beta preview](https://remix.run/blog/remix-3-beta-preview)
  • (28:35) - Both Remix and TanStack are exploring "what if no React"?
  • (36:11) - [TSRX](https://tsrx.dev/), a variant on JSX
  • (41:52) - Security! Everything is compromised
  • (42:04) - [TanStack Router compromised](https://tanstack.com/blog/npm-supply-chain-compromise-postmortem), and [Socket analysis](https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack)
  • (46:58) - [TanStack followup with followup hardening](https://tanstack.com/blog/incident-followup)
  • (47:10) - [Nx monorepo tool compromised](https://nx.dev/blog/nx-console-v18-95-0-postmortem) as a result
  • (52:02) - React2Shell recaps from [Lachlan Davidson](https://lachlan.nz/blog/the-react2shell-story/) and [Sylvie](https://sylvie.fyi/posts/react2shell/)
  • (52:25) - [Next 16.2.5 and more React CVEs](https://github.com/vercel/next.js/releases/tag/v16.2.5)
  • (53:19) - [NPM adds “staged packages”](https://docs.npmjs.com/staged-publishing) and [E18E adds guidance](https://e18e.dev/docs/publishing.html#staged-packages)
  • (54:50) - [PNPM 11 defaults to min release age](https://socket.dev/blog/pnpm-11-adds-new-supply-chain-protection-defaults), NPM 12 will [block by default](https://github.com/npm/rfcs/pull/868)
  • (57:59) - [Review your GH Actions, people!](https://github.com/e18e/ecosystem-issues/issues/266)
  • (59:13) - Mark posted his big AI blog posts. [Part 1: Fears and Journey](https://blog.isquaredsoftware.com/2026/05/ai-thoughts-part-1-fears-opinions-journey/)
  • (01:08:39) - Outro

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us