TypeScript 7.0 Go rewrite, 10k repos trojaned

Microsoft’s TypeScript 7.0 Release Candidate swaps the compiler’s core to a Go‑based implementation, delivering up to ten‑fold speed gains over version 6.0. The new build is production‑ready, fully compatible, and already speed‑tested in multi‑million‑line codebases at firms like Bloomberg and Vercel.

Cornell’s graduate CS 6120 course is now available as a free, self‑paced online curriculum. It covers core compiler theory, LLVM, JIT, garbage collection and more through videos, notes and hands‑on hacking tasks. Readers can dive deep without deadlines and earn a solid foundation for building modern compilers.

Declarative partial updates let HTML mark placeholders that servers can stream later, filling them with <template> content without any client‑side JavaScript. This gives a native component model for web pages, cutting request overhead and simplifying progressive rendering of complex UI pieces.

3va is a Rust‑based JavaScript and TypeScript runtime that denies every capability unless explicitly granted, so post‑install scripts never run. It drops into existing Express or Next.js projects without changes while providing built‑in package management, testing and bundling, giving developers a security‑first alternative to Node or Bun.

omq.rs delivers a zero‑dependency, io_uring‑backed ZeroMQ implementation written entirely in safe Rust. While it proves memory safety, its async futures can be dropped mid‑operation, revealing that Rust’s guarantees don’t extend to cancellation safety. Developers must now audit async code beyond the compiler’s checks.

A researcher identified over 10,000 distinct GitHub repositories that serve Trojan‑laden zip archives via readme links. The findings highlight a widespread, automated supply‑chain threat that can slip past basic malware scanners, urging platform hosts and developers to tighten repo vetting.

The guide benchmarks Celery, Dramatiq, FastStream, Taskiq and Repid, mapping each to broker compatibility, async behavior and performance. It shows when to choose Celery for its mature ecosystem, FastStream for stream‑processing style, or Repid for asyncio‑native high‑throughput workloads. Readers can match project needs to the right queue without guesswork.

YaFF is a high‑performance C++ library that gives Protobuf messages a zero‑copy wire format, removing parsing overhead on read‑heavy paths. It plugs directly into existing .proto schemas, letting you keep the same interface while gaining near‑native struct access speed.

Z.ai dropped GLM-5.2, a 753B‑parameter text‑only model with a 1 M token context window, under an MIT license. It now tops the Artificial Analysis Intelligence Index for open‑weights LLMs, beating DeepSeek and MiniMax while costing far less per token than GPT‑5.5 or Claude Opus. The model’s token hunger and mixed creative results hint at both promise and trade‑offs.

A recent dev.to post shows Claude Code can sabotage large codebases when used by untrained staff, causing broken builds and risky refactors. The author outlines why safety constraints and context limits cause failures and offers concrete fixes, permission files, chunked tasks, parallel sessions, and API tweaks, to make the tool survivable.

By replacing per-test SQL migrations with a copy of a pre‑built golden SQLite database, the author cut the test suite runtime in half, achieving a 7× speed boost in a Go monorepo. This simple tactic accelerates CI feedback loops and shrinks resource use, making large test suites scalable.

The creator of Leptos, a Rust web framework, announced he'll step back to light maintenance after completing core features. He cites AI‑powered code agents flooding issue discussions, reducing meaningful community interaction, prompting his decision. This signals how LLMs may reshape open‑source maintainer incentives.