LodeHQSubscribe →

npm malware, Expo Router v56, tsgo memory bloat

Dev · 2026-05-31

Languages & Frameworks
Malicious npm package delivers cross‑platform RAT that exfiltrates data via HuggingFace5 MIN

The analysis uncovers a supply‑chain attack where the npm package js‑logger‑pack evolved through 29 versions into a binary dropper called MicrosoftSystem64, a cross‑platform RAT. It harvests credentials, crypto wallets, screenshots and other data, uploading everything to private HuggingFace datasets to avoid detection. Developers are urged to remove the packages and rotate all credentials.

Expo Router v56 Splits Off React Navigation for Faster Development and SSR1 MIN

Expo Router version 56 forks React Navigation, giving the team a dedicated codebase for tailored routing features. The update also brings streaming server‑side rendering and closes Android parity gaps, boosting performance and developer flexibility.

Tools & Platforms
tsgo’s per‑thread typecheckers cause massive memory bloat9 MIN

tsgo creates a separate TypeScript typechecker for each thread, duplicating full type‑checking state and never freeing allocated types. This design multiplies memory use across thousands of .ts files, especially in projects with heavy generic and library usage, leading to gigabytes of RAM consumption.

Understanding Kubernetes Gateway API: Evolution, Architecture, and Migration Paths41 MIN

The blog walks through the transition from Service‑type exposure to Ingress and now the Kubernetes Gateway API, detailing how Gateway API structures traffic via GatewayClass, Gateways, multiple Route types, policies, and ReferenceGrant. It also outlines practical considerations for choosing a Gateway implementation and migrating from legacy Ingress controllers.

pgstream: A lightweight Go CDC tool matching Debezium in a 15 MB Docker image2 MIN

pgstream streams PostgreSQL changes in real time using Go, delivering Debezium‑level CDC in a 15 MB binary that runs with a single Docker command. It eliminates the need for a JVM, Kafka Connect, and other heavyweight dependencies, requiring only logical replication enabled on Postgres.

AI-Assisted Development
Spotting AI ‘smells’: recurring patterns in LLM‑generated text and web design1 MIN

A blog post catalogs distinctive rhetorical structures, like punchy one‑liners, “X is the Y of Z” phrasing, and rapid short sentences, that repeatedly appear in LLM‑generated writing, alongside UI quirks such as specific fonts and button styles on AI‑crafted sites. Recognizing these “smells” helps developers and reviewers flag machine‑authored content.

Open-source maintainers overwhelmed by AI‑spam pull requests7 MIN

In the past year, maintainers of small projects face a flood of low‑quality AI‑generated PRs, nonsensical code, bogus tests, and hallucinated imports, that waste reviewer time and fuel burnout. The New Stack details the scale of the problem and warns it foreshadows similar strain for enterprise teams.

Engineering Practice
Why Adding a Queue Can Worsen Capacity Bottlenecks8 MIN

A recent analysis shows that using a request queue to hide overload often backfires, customers may wait hours while latency metrics look fine, and the queue obscures the need for real capacity upgrades. The article illustrates this with a 1000‑RPS service that doubles traffic, highlighting the trade‑offs of rejecting, scaling, or queuing requests.

Direct I/O Boosts HedgeDB Performance by Bypassing the Page Cache6 MIN

Direct I/O (O_DIRECT) bypasses the Linux page cache, eliminating extra memory copies and asynchronous flushes. Benchmarks on HedgeDB show ~26% higher IOPS and lower tail latency compared to buffered I/O, making storage performance more predictable. The article explains the trade‑offs and how to configure the system.

Careers & Open Source
AI is upending the junior‑to‑senior developer ladder, new skills needed12 MIN

A Stack Overflow blog post argues that AI‑driven code generation is collapsing entry‑level software roles, cutting junior hiring by 25% in 2024. As routine coding tasks disappear, aspiring engineers must cultivate problem‑solving, system‑design, AI prompting, and collaboration skills to stay on the path to seniority.

Get Dev in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ