Olivia
Online
Abdul Samad
@AbdulSamadDev
•Crafting awesome web experiences •
Remote
Joined December 2022
228 Following
24 Followers
562 Posts
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
https://t.co/Zy8qG7PA9f
Credit to the security researcher for responsible disclosure.
🚨 Bitwarden CLI 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.
We’ll continue updating our coverage as more details are confirmed.
https://t.co/G0aakn8swq
OMG. Let’s get one thing straight. Claude doesn’t get anxious.
It mimics people who get anxious.
Those two things are NOT the same.
My head is shaking so much I need medical attention.
We benchmarked TanStack Start, React Router, and Next.js running the exact same eCommerce app at 1,000 req/s on AWS EKS.
The results were eye-opening.
🚨This is so much worse than you think.
> Amazon laid off 30,000 engineers. Then told the ones who survived that their bonuses depend on how much they use AI to write code. So engineers started using AI to push changes faster, because their paycheck literally depends on it.
> And then the site went down. Multiple times. Amazon's own shopping app broke because AI-generated code got pushed to production.
> So what did management do? Did they take responsibility for forcing engineers to use AI they weren't ready for? Did they admit they created the problem?
No. They called a mandatory meeting and blamed the engineers.
> AI is powerful enough to replace engineers, we've been saying that all day. But it's not powerful enough to replace quality control AND common sense all at once.
Amazon proved that executives who don't understand AI are more dangerous than the AI itself.
And every company rushing to do the same thing is watching this and learning absolutely nothing.
Just downgraded to MacOS Sequoia. Tahoe is very disappointing 😏
@themkmaker Faced the same problem today for the same model 😅
Finally React Router middleware is stable! 🔥
@amix3k Yes, I also think it's slower in coding at least for me
Oracle has just filed an answer to our petition to cancel the JavaScript trademark. They deny that "JavaScript" is generic or abandoned: "[Oracle] denies that there is broad industry and public consensus that the term ‘JavaScript’ is generic."
https://t.co/e88xbC47M0
MCP now supports full authentication!
This is huge! You can now protect your MCP Servers and require users to authenticate before their AI assistants start working.
I recorded a quick video to show an example:
Introducing the next generation: Claude Opus 4 and Claude Sonnet 4.
Claude Opus 4 is our most powerful model yet, and the world’s best coding model.
Claude Sonnet 4 is a significant upgrade from its predecessor, delivering superior coding and reasoning.
i'm not using the next.js app router navigation for @contentport anymore, the results are kinda amazing
◆ pages load instantly now
◆ whole app feels way faster
◆ barely any loading states, even on refresh
the speed difference is actually wild
@argyleink Sorry to hear that Adam. You were the face of CSS for me ☹️
Cloudflare delivers the toolkit for AI agents with new Agents SDK support for MCP (Model Context Protocol) clients, authentication/authorization/hibernation for MCP servers, and Durable Objects free tier. https://t.co/1rl1EugtsB #DeveloperWeek
Last Seen Users on Sotwe
Ester
Seen from Singapore
Gopāla গোপাল
Seen from India
Ts transgenders
Seen from Turkey
Heba ✨✨🏳️⚧️
Seen from Kuwait
alter past
Seen from Indonesia
snap sex
Seen from Turkey
الملكة لمى العراقية (سادية)
Seen from Algeria
RichBoy Lucky
Seen from Brazil
無関係なゆっくり舞
Seen from Japan
至此终年
Seen from United States
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers