This week TanStack joins the AI wars with the alpha release of TanStack AI: an open-source AI SDK with a unified interface across multiple providers. TanStack AI is an open-source ecosystem of libraries and standards, and it is client, server, and AI provider agnostic, to make building AI-enabled apps accessible to all.

In a surprise move, AI company Anthropic acquires JavaScript runtime Bun to accelerate its development of Claude Code. Apparently, Bun has been central to Claude Code reaching $1 billion in run-rate revenue in just six months, and Anthropic’s brought the team in house to keep the momentum going.

And it’s been another rough week for security in JavaScript. First, a new self-replicating, credential stealing malware attack, dubbed Shai-Hulud 2.0, swept the npm ecosystem and compromised 800 npm packages in the process, and then a critical security vulnerability was discovered for any React projects using React Server Components. Just remember to lock down your dependencies and install those patches ASAP, folks.

Timestamps:

• 1:22 - TanStack AI
• 9:12 - Anthropic buys Bun
• 21:03 - Shai-Hulul 2.0 on npm and an RSC vulnerability
• 30:23 - What’s making us happy

News:

• Paige - Shai-Hulud 2.0 on npm and RSC vulnerability
• Jack - TanStack AI
• TJ - Anthropic buys Bun (Bun post) (Anthropic post)

What Makes Us Happy this Week:

• Paige - The Durrells TV series
• Jack - Essentialism book
• TJ - Dungeon Crawler Carl book series

Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.

• Front-end Fire website
• Blue Collar Coder on YouTube
• Blue Collar Coder on Discord
• Reach out via email
• Tweet at us on X @front_end_fire
• Follow us on Bluesky @front-end-fire.com
• Subscribe to our YouTube channel @Front-EndFirePodcast