npm malware, Expo Router v56, tsgo memory bloat
The analysis uncovers a supply‑chain attack where the npm package js‑logger‑pack evolved through 29 versions into a binary dropper called MicrosoftSystem64, a cross‑platform RAT. It harvests credentials, crypto wallets, screenshots and other data, uploading everything to private HuggingFace datasets to avoid detection. Developers are urged to remove the packages and rotate all credentials.
Expo Router version 56 forks React Navigation, giving the team a dedicated codebase for tailored routing features. The update also brings streaming server‑side rendering and closes Android parity gaps, boosting performance and developer flexibility.
tsgo creates a separate TypeScript typechecker for each thread, duplicating full type‑checking state and never freeing allocated types. This design multiplies memory use across thousands of .ts files, especially in projects with heavy generic and library usage, leading to gigabytes of RAM consumption.
The blog walks through the transition from Service‑type exposure to Ingress and now the Kubernetes Gateway API, detailing how Gateway API structures traffic via GatewayClass, Gateways, multiple Route types, policies, and ReferenceGrant. It also outlines practical considerations for choosing a Gateway implementation and migrating from legacy Ingress controllers.
pgstream streams PostgreSQL changes in real time using Go, delivering Debezium‑level CDC in a 15 MB binary that runs with a single Docker command. It eliminates the need for a JVM, Kafka Connect, and other heavyweight dependencies, requiring only logical replication enabled on Postgres.
A blog post catalogs distinctive rhetorical structures, like punchy one‑liners, “X is the Y of Z” phrasing, and rapid short sentences, that repeatedly appear in LLM‑generated writing, alongside UI quirks such as specific fonts and button styles on AI‑crafted sites. Recognizing these “smells” helps developers and reviewers flag machine‑authored content.
In the past year, maintainers of small projects face a flood of low‑quality AI‑generated PRs, nonsensical code, bogus tests, and hallucinated imports, that waste reviewer time and fuel burnout. The New Stack details the scale of the problem and warns it foreshadows similar strain for enterprise teams.
A recent analysis shows that using a request queue to hide overload often backfires, customers may wait hours while latency metrics look fine, and the queue obscures the need for real capacity upgrades. The article illustrates this with a 1000‑RPS service that doubles traffic, highlighting the trade‑offs of rejecting, scaling, or queuing requests.
Direct I/O (O_DIRECT) bypasses the Linux page cache, eliminating extra memory copies and asynchronous flushes. Benchmarks on HedgeDB show ~26% higher IOPS and lower tail latency compared to buffered I/O, making storage performance more predictable. The article explains the trade‑offs and how to configure the system.
A Stack Overflow blog post argues that AI‑driven code generation is collapsing entry‑level software roles, cutting junior hiring by 25% in 2024. As routine coding tasks disappear, aspiring engineers must cultivate problem‑solving, system‑design, AI prompting, and collaboration skills to stay on the path to seniority.
Subscribe free