Email Content

<!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" style="font-size:16px;"><head></head><head><meta charset="utf-8"/><!--[if !mso]><!--><meta http-equiv="X-UA-Compatible" content="IE=edge"/><!--<![endif]--><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="x-apple-disable-message-reformatting"/><meta name="format-detection" content="telephone=no,address=no,email=no,date=no,url=no"/><meta name="color-scheme" content="light"/><meta name="supported-color-schemes" content="light"/><title>🚨 TanStack's full postmortem (+ 13 Next.js CVEs)</title><!--[if mso]><xml><o:OfficeDocumentSettings><o:AllowPNG/><o:PixelsPerInch>96</o:PixelsPerInch></o:OfficeDocumentSettings></xml><![endif]--><style>
  :root { color-scheme: light; supported-color-schemes: light; }
  body { margin: 0; padding: 0; min-width: 100%!important; -ms-text-size-adjust: 100% !important; -webkit-transform: scale(1) !important; -webkit-text-size-adjust: 100% !important; -webkit-font-smoothing: antialiased !important; }
  .body { word-wrap: normal; word-spacing:normal; }
  table.mso { width: 100%; border-collapse: collapse; padding: 0; table-layout: fixed; }
  img { border: 0; outline: none; }
  table {  mso-table-lspace: 0px; mso-table-rspace: 0px; }
  td, a, span {  mso-line-height-rule: exactly; }
  #root [x-apple-data-detectors=true],
  a[x-apple-data-detectors=true],
  #MessageViewBody a { color: inherit !important; text-decoration: inherit !important; font-size: inherit !important; font-family: inherit !important; font-weight: inherit !important; line-height: inherit !important; }
  span.MsoHyperlink { color: inherit !important; mso-style-priority: 99 !important; }
  span.MsoHyperlinkFollowed { color: inherit !important; mso-style-priority: 99 !important; }
  .a { background-color:#ffffff; }
  .b { background-color:#030712; }
  .c  { background-color:#ffffff; }
  .d { background-color:#EAEBEC; }
  .d2 { background-color:#FFFFFF; }
  .d3 { background-color:#FFFFFF; }
  h1 a { text-decoration:underline;color:#a6825a !important;font-weight:bold;font-style:italic; }
  h2 a { text-decoration:underline;color:#a6825a !important;font-weight:bold;font-style:italic; }
  h3 a { text-decoration:underline;color:#a6825a !important;font-weight:bold;font-style:italic; }
  h4 a { text-decoration:underline;color:#a6825a !important;font-weight:bold;font-style:italic; }
  h5 a { text-decoration:underline;color:#a6825a !important;font-weight:bold;font-style:italic; }
  h6 a { text-decoration:underline;color:#a6825a !important;font-weight:bold;font-style:italic; }
  h1, h1 a, h2, h2 a, h3, h3 a, h4, h4 a, h5, h5 a, h6, h6 a, ul, li, ol, p, p a { margin: 0;padding: 0; }
  h1 { font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif;font-weight:400;font-size:28px;color:#2A2A2A;line-height:42px;padding-bottom:4px;padding-top:16px;mso-margin-top-alt:16px;mso-margin-bottom-alt:4px }
  h2 { font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif;font-weight:400;font-size:24px;color:#2A2A2A;line-height:36px;padding-bottom:4px;padding-top:16px;mso-margin-top-alt:16px;mso-margin-bottom-alt:4px }
  h3 { font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif;font-weight:400;font-size:20px;color:#a6825a;line-height:30px;padding-bottom:4px;padding-top:16px;mso-margin-top-alt:16px;mso-margin-bottom-alt:4px }
  h4 { font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif;font-weight:400;font-size:18px;color:#2A2A2A;line-height:27px;padding-bottom:4px;padding-top:16px;mso-margin-top-alt:16px;mso-margin-bottom-alt:4px }
  h5 { font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif;font-weight:400;font-size:16px;color:#2A2A2A;line-height:24px;padding-bottom:4px;padding-top:16px;mso-margin-top-alt:16px;mso-margin-bottom-alt:4px }
  h6 { font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif;font-weight:400;font-size:14px;color:#2A2A2A;line-height:21px;padding-bottom:4px;padding-top:16px;mso-margin-top-alt:16px;mso-margin-bottom-alt:4px }
  p { font-family:'Helvetica',Arial,sans-serif;font-weight:400;color:#2D2D2D;font-size:16px;line-height:24px;padding-bottom:12px;padding-top:12px;mso-margin-top-alt:12px;mso-margin-bottom-alt:12px; }
  p a, .e a, ul a, li a, .h a, .h2 a, .h3 a { word-break:break-word;color:#a6825a !important;text-decoration:underline;text-decoration-color:#a6825a;font-weight:bold;font-style:italic; }
  p a span, .e a span, ul a span, li a span { color: inherit }
  p .bold { font-weight:bold;color:#2D2D2D; }
  p span[style*="font-size"] { line-height: 1.6; }
  .f p { font-size:12px;line-height:15px;color:#2D2D2D;padding:0; }
  .f p a { color:#2D2D2D !important; }
  .g p { font-family:'Helvetica',Arial,sans-serif;font-size:14px;line-height:20px;font-weight:normal;margin:0; }
  .g p a  { text-decoration: underline; }
  .i p { font-family:'Helvetica',Arial,sans-serif;line-height:23px;font-size:15px;color:#2D2D2D; }
  .i p a { color:#2D2D2D !important; }
  .i2 p { font-family:'Helvetica',Arial,sans-serif;line-height:23px;font-size:15px;color:#2D2D2D; }
  .i2 p a { color:#2D2D2D !important; }
  .i3 p { font-family:'Helvetica',Arial,sans-serif;line-height:43px;font-size:24px;color:#2D2D2D; }
  .i3 p a { color:#2D2D2D !important; }
  .h p a { color:#0C4A6E !important; }
  .h2 p a { color:#0C4A6E !important; }
  .h3 p a { color:#0C4A6E !important; }
  .f p a, .i p a, .i2 p a, .i3 p a, .h p a, .h2 p a, .h3 p a { text-decoration:underline; }
  .j { border-top:4px solid #a6825a; }
  .k p { padding-left:15px;padding-bottom:0px;padding-top:6px;mso-margin-top-alt:6px;mso-margin-bottom-alt:0px;mso-margin-left-alt:15px; }
  .o { background-color:#FFFFFF;border:1px solid #F1F1F1;border-radius:5px; }
  .o p { font-family:'Helvetica',Arial,sans-serif;padding:0px;margin:0px; }
  .l p,
  .l p a, .l a { font-size:14px;line-height:20px;font-weight: bold;color:#2D2D2D;padding-bottom:6px;mso-margin-bottom-alt:6px;text-decoration:none; }
  .m p,
  .m p a { font-size:13px;line-height:18px;font-weight:400;color:#2D2D2D;padding-bottom:6px;mso-margin-bottom-alt:6px;text-decoration:none; }
  .n p,
  .n p a { font-size:12px;line-height:17px;font-weight:400;color:#2D2D2D;padding-bottom:6px;mso-margin-bottom-alt:6px;text-decoration:none; }
  .p { background-color:#FFFFFF;max-width:520px;border:1px solid #E1E8ED;border:1px solid rgba(80, 80, 80, 0.3);border-radius:5px; }
  .q { font-size:16px;font-family:Helvetica,Roboto,Calibri,sans-serif !important;border:1px solid #e1e8ed;border:1px solid rgba(80, 80, 80, 0.3);border-radius:10px;background-color:#FFFFFF; }
  .q p { font-size:16px;font-family:system-ui,Helvetica,Roboto,Calibri,sans-serif !important;color:#222222;padding:4px 0; }
  .r { border:1px solid #E1E8ED !important;border-radius:5px; }
  .s p { font-size: 14px; line-height: 17px; font-weight: 400; color: #697882; text-decoration: none; }
  .t p { font-family:'Helvetica',Arial,sans-serif;font-size:12px;line-height:18px;font-weight:400;color:#000000;font-style:italic;padding:4px 0px 0px; }
  .v { border-radius:10px;border:solid 0px #a6825a;background-color:#a6825a;font-family:'Verdana',Geneva,sans-serif;color:#000000; }
  .v a { text-decoration:none;display:block;color:#000000; }
  .w p { font-size:12px;line-height:15px;font-weight:400;color:#FFFFFF; }
  .w p a { text-decoration: underline !important;color:#FFFFFF !important; }
  ul { font-family:'Helvetica',Arial,sans-serif;margin:0px 0px 0px 25px !important;padding:0px !important;color:#2D2D2D;line-height:24px;list-style-type:disc !important;font-size:16px; }
  ul ul { list-style-type:circle !important; }
  ul ul ul { list-style-type:square !important; }
  ul ul ul ul { list-style-type:disc !important; }
  ul ul ul ul ul { list-style-type:circle !important; }
  ul ul ul ul ul ul { list-style-type:square !important; }
  ul ul ul ul ul ul ul { list-style-type:disc !important; }
  ul ul ul ul ul ul ul ul { list-style-type:circle !important; }
  ul ul ul ul ul ul ul ul ul { list-style-type:square !important; }
  ul > li { font-family:'Helvetica',Arial,sans-serif;margin:10px 0px 0px 0px !important;padding: 0px 0px 0px 0px !important; color: #2D2D2D; }
  .poll-choices > li { margin: 4px 0px 0px 0px !important; }
  ol { font-family:'Helvetica',Arial,sans-serif;margin: 0px 0px 0px 25px !important;padding:0px !important;color:#2D2D2D;line-height:24px;list-style:decimal;font-size:16px; }
  ol > li { font-family:'Helvetica',Arial,sans-serif;margin:10px 0px 0px 0px !important;padding: 0px 0px 0px 0px !important; color: #2D2D2D; }
  li > p, li p { font-family:'Helvetica',Arial,sans-serif;font-size:16px;font-weight:normal;line-height:24px;padding:0px; }
  .e h3,
  .e p,
  .e span { padding-bottom:0px;padding-top:0px;mso-margin-top-alt:0px;mso-margin-bottom-alt:0px; }
  .e span,
  .e li { font-family:'Helvetica',Arial,sans-serif;font-size:16px;color:#2D2D2D;line-height:24px; }
  .rec { font-family:  ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji" !important; }
  .rec__button:hover { background-color: #f9fafb !important; }
  .copyright a {color: inherit !important; text-decoration: none !important; font-size: inherit !important; font-family: inherit !important; font-weight: inherit !important; line-height: inherit !important;}
  .txt_social p { padding: 0; word-break: break-all; }
  .table, .table-c, .table-h { border: 1px solid #C0C0C0; }
  .table-c { padding:5px; background-color:#FFFFFF; }
  .table-c p { color: #2D2D2D; font-family:'Helvetica',Arial,sans-serif !important;overflow-wrap: break-word; }
  .table-h { padding:5px; background-color:#F1F1F1; }
  .table-h p { color: #2A2A2A; font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif !important;overflow-wrap: break-word; }
  @media only screen and (max-width:667px) {
    .aa, .w100pc { width: 100% !important; }
    .bb img { width: 100% !important; height: auto !important; max-width: none !important; }
    .cc { padding: 0px 8px !important; }
    .ee { padding-top:10px !important;padding-bottom:10px !important; }
    .ff ul, .ff ol { margin: 0px 0px 0px 10px !important;padding: 0px !important; }
    .ff li { margin:10px 0px 0px 10px !important; }
    .r {height:140px !important;}
    .s p { font-size:13px !important;line-height:15px !important; }
    .mob-hide {display:none !important;}
    .mob-show {display: block !important; width: auto !important; overflow: visible !important; float: none !important; max-height: inherit !important; line-height: inherit !important;}
    .mob-stack {width:100% !important;display:block !important;}
    .mob-w-full {width:100% !important;}
    .mob-block {display:block !important;}
    .embed-img {padding:0px 0px 12px 0px !important;}
    .socialShare {padding-top:15px !important;}
    .rec { padding-left:15px!important;padding-right:15px!important; }
    .bodyWrapper { padding:10px 4px 10px 4px !important; }
    .social-mobile {float:left !important;margin-top:10px !important;}
  }
  @media screen and (max-width: 480px) {
    u + .a .gg { width: 100% !important; width: 100vw !important; }
    .tok-heart { padding-top:75% !important; }
    .tok-play { padding-top: 250px !important; }
  }
  @media screen and (max-width: 320px) {
    .tok-heart { padding-top:65% !important; }
  }
  .u { border: 1px solid #CACACA !important; border-radius: 2px !important; background-color: #ffffff !important; padding: 0px 13px 0px 13px !important; font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif !important;font-size: 12px !important; color: #767676 !important; }
  .u a { text-decoration: none; display: block !important; color: #767676 !important; margin: 0px !important; }
  .u span, .u img { color: #767676 !important;margin:0px !important; max-height:32px !important;background-color:#ffffff !important; }
</style><!--[if mso]><style type="text/css">
    h1, h2, h3, h4, h5, h6 {font-family: Arial, sans-serif !important;}
    body, table, td, p, a, span {font-family: Arial, sans-serif !important;}
    sup { font-size: 100% !important;vertical-align: .5em !important;mso-text-raise: -1.5% !important;line-height: 0 !important; }
    ul { margin-left:0px !important; margin-right:10px !important; margin-top:20px !important; margin-bottom:20px !important; }
    ul li { margin-left: 0px !important; mso-special-format: decimal; }
    ol { margin-left:0px !important; margin-right:10px !important; margin-top:20px !important; margin-bottom:20px !important; }
    ol li { margin-left: 0px !important; mso-special-format: decimal; }
    li.listItem { margin-left:15px !important; margin-top:0px !important; }
    .paddingDesktop { padding: 10px 0 !important; }
    .edm_outlooklist { margin-left: -20px !important; }
    .embedImage { display:none !important; }
</style><![endif]--><!-- SVE9JWJXQUc88b925b-ad35-4013-ad2e-a5006015907561506297-0c60-4133-a925-5ec571ff2483 --><style></style></head><body class="a" style="margin:0px auto;padding:0px;word-wrap:normal;word-spacing:normal;background-color:#ffffff;"><div role="article" aria-roledescription="email" aria-label="email_name" lang="en" style="font-size:1rem"><div style="display:none;max-height:0px;overflow:hidden;"> The TanStack postmortem, plus Tanner's 9KB React experiment and Rolldown 1.0  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ </div><table role="none" width="100%" border="0" cellspacing="0" align="center" cellpadding="0" class="gg"><tr><td align="center" valign="top"><table role="none" width="670" border="0" cellspacing="0" cellpadding="0" class="aa" style="width:670px;table-layout:fixed;"><tr><td class="bodyWrapper" align="center" valign="top" style="padding:10px 5px 10px 5px;"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td align="center" valign="top" style="border-width:0px 0px 0px 0px;border-style: solid; border-color: #FFFFFF;border-radius:10px 10px 0px 0px;background-color:#ffffff;" class="c"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" align="center"><tr id="header"><td style="padding:15px 15px 0px 15px;"><div style="padding-top:0px;padding-right:0px;padding-bottom:20px;padding-left:0px;"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td class="f" align="right" valign="top"><p> May 14, 2026   |   <a data-read-online-tooltip="true" href="https://link.mail.beehiiv.com/v1/c/urqshpqDNd1t9M2qUfa4nVmnUE%2BE89L9zIbS0L2OXa4uIbg0P5UuV3GkYxsl%0AU7SYW%2FNlUTKJ7b31BsJiNKU%2FghCF52lyX1vI3lBjBlSLzTSNv07botlkON%2FM%0AitCpx8hq0J7YON3eUsnd7K%2FyhT%2BNXzB3wb4QelnoGrvWi%2FaPxE%2BkAg17Lleu%0AsRaFrYPpk0pHG7qfQGrIl2NGZfo3H5dxELnSlw0tHKjLHk641JUAzng%3D%0A/93a4eb640638f8fc">Read online</a></p></td></tr><tr><td style="line-height:0;"><div data-open-tracking="true"><img src="https://link.mail.beehiiv.com/v1/o/dOTEdPrjrY9qiHQI1MpZ4%2BXCEzBM4q6jvAqo2PkitHhVY1xNffS%2BcPI5W9ef%0AvtdzqjI104bvkV6Z8I7t6U3z4RPo6sBRbfXrtiIHj07ez%2FrA1jA0pUUZw0Cm%0AouQLOAKzmWELSSqXnK4Ragk8vvTqEayPeiTu1FveePBaIWo1MceeTvcMh4LX%0AsmO%2Fh6aX5%2F9%2FXKjyb5geYdt3sWYhVrvve03G3xJF9YSlQL3E2ykmh2gaTyUO%0A%2FMFplFdAwYSUwvy2s1nQOZVCvk%2BUlfAhGDYxJ7p9xiZB1UbCw7fqPfjfTLpQ%0Am20A1Q6EgyVvyRQxR%2FUR6q0IUgY4goEpxqoCR74sd0K%2BarTY4ug0ZcDsidoz%0AcNu59%2BNY27shxzi7Iskfdgo%2Fm7eBUha4VKb%2FVjvzgKPuh11cBred%2BJPOBVfd%0AH98Z1v9t8WvyDqrgTXcu75wfptR%2BnHeVc%2FwhouqQNz%2Be3Z%2F%2BX2KCWk65qjdJ%0AO4hnxcasFr4gpH1p3SYElue84T6g7phkln1hTQzLalc0mh0SYSwVX1kXUUG6%0A%2FLv6WSN77d3r4NaqbYYM9jWhYdcMxDmqcCVpDgA5WvqwzXUF4AMKcFtYqQ%3D%3D%0A/8753b9b34badc841.gif" alt="" width="1" height="1" style="display:block;border:0;outline:0;"></div></td></tr></table></div></td></tr><tr id="content-blocks"><td class="email-card-body" align="center" valign="top" style="padding-bottom:15px;"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td align="center" valign="top" style="padding: 20px 15px 20px;" class="dd"><table role="none" border="0" cellspacing="0" cellpadding="0" style="margin: 0 auto 0 auto"><tr><td align="center" valign="top" style="width:300px;"><p style="opacity: 0.8;"><b>In partnership with</b></p></td></tr><tr><td align="center" valign="top" style="width:300px;"><a href="https://link.mail.beehiiv.com/v1/c/MmkCO%2FfVAJVuI1AfiLGnG4dqf2N27SojbOdDRN1Lc5sirjeMKJyybSAoCKAV%0APe3HN5Joh91snPxaa9M3WbCCWrUv4DBlgeQvmidXF5r9DLFGfuDGBAM0zRIS%0AJPiIaMOyYSrRryEXttgDq%2FiMhNQ1QXTPIVnywuilHZ6Ua1ox1V8XtkADBbN9%0A8zu0Q7q7uiU%2B00iGiS0CcaW%2F7HyWBjQOaYHK%2BSDGFYEcCN1uKhbQD%2Fx8oeX9%0AoVl%2FAZo0acXj91TwBEV%2BYALv%2FKz24niKoppCIZnco%2B7%2F7KmeQ8AdkxBr3MML%0AtwpGTieoe7QR4jZDl%2FlItGfhQkLvTtidpuzyjzThhg%3D%3D%0A/13e30cdba56f5f17" target="_blank" rel="noopener noreferrer nofollow" style="text-decoration:none;"><img src="https://beehiiv-images-production.s3.amazonaws.com/uploads/ad_network/advertiser/logo/113ef7f4-3572-4050-98be-94ffcf4f69af/logo-full-dark.png" height="auto" width="300" style="display:block;" lborder="0"/></a></td></tr></table></td></tr><tr><td><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" style=""><tr><td bgcolor="transparent" style="background-color:transparent;padding:0.0px 0.0px 0.0px 0.0px;"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td class="dd" align="center" style="padding:0px 15px;text-align:center;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><span style="color:#161616;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/hEZZHXHvc743gREfY2dAb8rR7jJcdR1GaefTvyXN7d23yxkVcgQf%2BG1bwsjz%0AUTIPgMRsIndPlzlMxAehwla7BYnkOsgUHr921zzQhuZIhqJ7ZC9Oq2Vmqa80%0A0l50mKDPAdIW2AFq5uVLiUex3GJ%2BiI62GtEW3PerCelYkW1lEyhf8h7DWOe1%0A3DSnspKlJmb2eP3ySFM25B3B4tKuSSVCRBGUd6GCq69bFcitCG%2Fs4Zs%3D%0A/4157c0fc393f95cc" target="_blank" rel="noopener noreferrer nofollow"><span>Your Complete React Learning Platform</span></a></b></span><span style="color:#161616;"> </span><span style="color:#161616;"><b>| </b></span><span style="color:#161616;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/ElQlfY1vCUVg%2BNk7sSOHMiabgFKpu6h65h3qQA8F4JOprJNfhHiOe2XA4AU%2B%0AiG0zUAXlNfIP3stkwRcC0HaRaoEc1N5%2BX94Q65oytq%2Fd25%2BEPKX8jMzZoXOs%0Apbec2Yhh%2FEdv2VRMm4pCmz0y%2FEatBX9qb0WVR4JvLIdNX6x9AcvPictu90gu%0Az%2FfyRXAn%2BCE%2FBFjAMdZ6zxDg3xLrYxo2kr8kgzNddrnpIiFuRYWqDTg%3D%0A/71407841890d9d30" target="_blank" rel="noopener noreferrer nofollow"><span>My channel</span></a></b></span><span style="color:#161616;"> </span><span style="color:#161616;"><b>| </b></span><span style="color:#161616;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/cbt0KbJIQEh0%2Bx26dFBKQ2u5v7KgLnRimtMw62K8YYq6PtoIVqW9bi2Awvuu%0A6%2FNBSvILN0XM5adLeVnt2NlsB3wtZeAXcr%2BMxHfx6%2FIoA5LvNUrPqo3xbApz%0A5fQjs1g5ip7y1gBIqGIyhb8FvidRr9zrbROF5yxkhSCxGV7Sk%2Fxy%2BbV4U%2B2s%0AbcJK6EMPYWKE7h1NjK5LUaXMDA1wQwvOFkCeIlPxkJp%2BhaaNXBRqNkk%3D%0A/cf02bdf34eb72067" target="_blank" rel="noopener noreferrer nofollow"><span>Sponsor This Newsletter</span></a></b></span></p></td></tr><tr><td align="center" valign="top" style="padding-bottom:20px;padding-left:15px;padding-right:15px;padding-top:20px; " class="dd"><table role="none" border="0" cellspacing="0" cellpadding="0" style="margin:0 auto 0 auto;"><tr><td align="center" valign="top" style="width:126px;"><img src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/49f41ede-f34d-44d3-be63-576c8db69686/500w-logo.png?t=1738244373" alt="Cosden Solutions Logo" height="auto" width="126" style="display:block;width:100%;border-radius:0px 0px 0px 0px;border-style:solid;border-width:0px 0px 0px 0px;box-sizing:border-box;border-color:#E5E7EB;" border="0"/></td></tr></table></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><span style="color:#161616;">Hey guys,</span></p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><span style="color:#161616;">Welcome to another edition of Import React by Cosden Solutions!</span></p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><span style="color:#161616;">It’s been a rough week on the security front </span>😬<span style="color:#161616;"> TanStack dropped the full postmortem on last week's npm compromise, and Next.js shipped 13 CVEs at the same time. Both worth a read even if you weren't directly hit.</span></p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><span style="color:#161616;">Plus a wild Tanner Linsley experiment, a $5M founder admission, and the bundler quietly sitting under every Vite app just hit 1.0.</span></p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><span style="color:#161616;">Let's get into it.</span></p></td></tr></table></td></tr></table></td></tr><tr><td align="center" valign="top" style="font-size:0px;line-height:0px;padding:30px 0px 30px;" class="dd"><table class="j" role="none" width="80%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td>   </td></tr></table></td></tr><tr><td id="you-think-4-x-faster-than-you-type-" class="dd" align="left" valign="top" style="color:#a6825a;font-weight:normal;padding:0px 15px;text-align:left;"><h3 style="color:#a6825a;font-weight:normal;mso-line-height-alt:125.0%;">You think 4x faster than you type. Your IDE should keep up.</h3></td></tr><tr><td align="center" valign="top" style="padding-bottom:20px;padding-left:15px;padding-right:15px;padding-top:20px; " class="dd"><table role="none" border="0" cellspacing="0" cellpadding="0" style="margin:0 auto 0 auto;"><tr><td align="center" valign="top" style="width:630px;"><a href="https://link.mail.beehiiv.com/v1/c/raccf7dY9fqmwD9mFgeflhiY2pjtvyL%2FHrJ%2FvrKA1hFwzHOkfF8Ahwi1in7E%0AbLdf2ZAlMRCT%2BCjy6egZwBiki9TQfmSs6dC0uJoC%2BfPsD8pOFgJqRuxyhh37%0Abg1QF7y0yx%2FDzOtPr%2Bhgr8cdmO%2FxTrJ36bBjw6doIm9qIGme2nt8wZe%2FNsaN%0AG3waU2LCGsQFHmD9MQ4%2FuCXxXz%2BwVI52bopzKYCvZ7aR4EszvDxk3itWzM61%0AzCOs5Z0hIS7i8FmJw4IvZ6pZ%2FL1YSUK1b3kp4HSf3kun5oUBbR7Sp4yiQeEX%0AZ%2Bi%2BpWYgppK%2FF9a6QaiIp7QNmcGas2sNmKZ5Yk9yhQ%3D%3D%0A/bfe0e35088e15d41" rel="noopener noreferrer nofollow" style="text-decoration:none;" target="_blank"><img src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/uploads/asset/file/ba557053-ffcc-4624-baa6-5ad289664697/flow-4x-faster-than-typing.png?t=1776898293" alt="" height="auto" width="630" style="display:block;width:100%;" border="0"/></a></td></tr></table></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><a class="link" href="https://link.mail.beehiiv.com/v1/c/bJm3QLtvu%2B01oRbvrxFQpMcSe4RkT8KYgOQEhQ0%2F4%2B24YfhJ7Q%2BuOOqN5rZM%0ALAs8YtQlLDsJwo5r5Jn%2BOyzpFHxwDN5FbL839Nd14hnPZatY0Z3zDLHNSlAo%0AoyaOSPqW1fQnM9KVjriZ5LFOvxu5478rHjzsYki8y1PYUeDJKc%2FbsnKXCgGD%0AW1%2Fh2UnWFnPvUNrYAFUj17a6fh7kVNl3chDMuOz92Rr%2FCIEDNn%2FLq%2FF1jLKL%0AuuF5fUfkWx9Xu2S2vBITVBRiE58qKkPG7GV5%2BZHEqMtKn8O%2FkIKbsL708IOa%0AFzN20i3qhyQjkn1lYVMz7fqha%2BvsIcqq3Vg4sbSMRw%3D%3D%0A/38fbd1dd94525ee7" target="_blank" rel="noopener noreferrer nofollow"><span>Wispr Flow</span></a> lets you dictate prompts, acceptance criteria, and bug reproductions inside Cursor or Warp — with automatic file name and variable recognition. Say user_id, get user_id. Say useEffect, get useEffect. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> Paste directly into GitHub, Jira, or Linear. Give coding agents the full context they need without typing a novel. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 89% of messages sent with zero edits. Millions of developers use Flow daily, including teams at OpenAI, Vercel, and Clay. Free on Mac, Windows, and iPhone. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><a class="link" href="https://link.mail.beehiiv.com/v1/c/3s3n%2BJhbD7WjhWA1JaSFOu4hWApD5p7uv%2Bg%2FpSyDWJJgNVhtSXtQV6dwu1HU%0A1s81phRSyN29SDff4HDYPi89buyoMamyuWU6GVj%2F%2BibIoQkuVLBSFngJHDrh%0AqyeuRD1XDUHegsgRbiL53zdTYA4A9hSC6L3IwErIt0%2Biy5eTzIL%2BEJi6mafS%0AzMBpkkBDN%2BB6iudDL0SHa3%2BewXySXZaWLW6C6Ak64Dp7YC3vpBVi02GtQvF6%0A%2BSJP07Z569JM7lHiTiy62Bd41Pb60d9Cye7qPyIiwa5aBF4Q8MuE95wwbz4S%0AL2IS%2BryWmF0ZDh%2FLZSpBVqhgBJPDq9nZj5fF70vSTg%3D%3D%0A/70e9bfedc86c70a9" target="_blank" rel="noopener noreferrer nofollow"><span>Start flowing free</span></a></p></td></tr><tr><td id="the-latest-in-react" class="dd" align="left" valign="top" style="color:#a6825a;font-weight:normal;padding:0px 15px;text-align:left;"><h3 style="color:#a6825a;font-weight:normal;mso-line-height-alt:125.0%;">⚡️ The Latest In React</h3></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 🚨 <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/FB5msRiBYlc1te6p9BcEZXxWQhrfmTxJmBPM1ie7cHHZtkuXXY7YfWUZH8W%2B%0Az5BmQQLpevBc4J1519G2m7GVo2TvGe8DPacNY9tLFJ3yCBL7kYGTEkcP2K28%0A%2Boz6YVjNWYTwH0ZxnB0g46scZSgiNsFQkYbHKuSFUI3th27qQsqWw0qXDJi3%0AYa2xKBlaGm04Sy5GeqlYAP17TN4oyDfcugPlOuRzWGotMojuV98h7pA%3D%0A/27ff067b5aefdbc5" target="_blank" rel="noopener noreferrer nofollow"><span>TanStack's Full Postmortem on the npm Supply-Chain Attack</span></a></b><br>The TanStack compromise now has the official writeup from Tanner. <i>84 malicious versions across 42 @tanstack/ packages, published by chaining three vulnerabilities</i>. No npm tokens were stolen, the attacker bypassed npm credentials entirely. <b>If you installed anything on May 11, treat the host as compromised</b> and rotate AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials. External researchers caught it within ~20 minutes; internal alerting did not. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 🛡️<i> </i><i><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/527azFXNg%2FAsRLS8PrCBZAog108WnjBFxwEGOrcCiCbHM931aZ5G3Mdk5tMH%0ALgzdf%2F26dohe79RlKucKmHtI0UHdbDBZBmC6kZ1LKAu9aq0TEykbILTPe2dQ%0AaMedg8uv%2BwuBsfawIgxSbiHdKvdp3zdkLnPMcf7zwij5k6AEfaDOMa7wonw1%0AJYsRZMbremDNqD7eI%2BipbOUfjGDV9b21PfRnEDeX1wP4hFpKF%2BUwN%2F8%3D%0A/811702ab9dfe0700" target="_blank" rel="noopener noreferrer nofollow"><span>Next.js Shipped 13 CVEs in One Coordinated Release</span></a></b></i><br>Same week, Vercel dropped a coordinated patch for <b>13 advisories across Next.js, six rated High</b>, covering auth bypass via App Router segment-prefetch URLs, SSRF in WebSocket upgrades, cache poisoning in RSC responses, XSS in CSP-nonce App Router apps, and a DoS in React Server Components itself (CVE-2026-23870). <b>Patching is the only complete mitigation, upgrade to Next.js 15.5.18 / 16.2.6 and React 19.0.6 immediately.</b> A lot of "I'm done with Next.js" energy in the discourse this week, but the underlying issue is RSC's attack surface is still being mapped in public. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 🧪 <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/gNoCgGTIC6tnx4Ot1oF2oKgOUIwz54KvYv4e0Iy%2F6Pc7%2FcB0LeeTLEEVV%2B5l%0AxmcLq5zvaFF9wa2U7XWWUeanWXHQRWr8eJP7UWwIO2SAC%2F0tHi5eSXf1RKdr%0ABG3izJLtEeDXkYuK6qgT2KICmxAzzoYXCtW5eGvwDgIZYkIQJWrfIJ28e6ok%0AykuEnBlhw2seWA1aD1DloDl5HEPpeqtmt1PKDlvVWJV9C8G7uEYrAIw%3D%0A/3132d36cf3b796e5" target="_blank" rel="noopener noreferrer nofollow"><span>Tanner Linsley Built an AI-Generated "Projection" of React in a Weekend</span></a></b><br>Same Tanner, busy week. He shipped @tanstack/redact: <b>an AI-generated React projection that lands at ~9KB gzipped (vs React's ~60KB), runs 2–3× faster on TanStack workloads, and passes 700/700 tests.</b> It's running tanstack.com and his personal site in production today. He's explicit this isn't an "alternative React" and it's not going into TanStack Start, it's an experiment in what happens when <b>regenerating code stops being expensive</b>. The framing alone (code as a "materialized view" of a spec) is worth the read. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> ⚠️ <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/kxA9rYDtdXWRd9KygLkyK6PBV7vOvTs1Awx5VoD%2BhNdHq1I1LKjRixFgLVl7%0A03Xf9V2SnsDE6pVAOp5WRlUBrO8TRJIsvSLnRo8BeNmxEeaHNPTz4ea0Ra7L%0Ai5DRAD5CJlxcu%2FlCCvZE2tGcNi7uomz0Y6TgMmgInVwx53gAPmEdWKJ8keA7%0AgrRzQ7iXQc3OmoWAsWrcrL1wK76lb3sPf9hBK5mjdtCGpeMyTKCgrx8%3D%0A/c56cd85ded516300" target="_blank" rel="noopener noreferrer nofollow"><span>RSC Server Functions Are Not an API Boundary</span></a></b><br>Timely after the Next.js CVE wave. Long Ho argues that 'use server' functions <i>feel</i> internal but <b>are functionally public RPC endpoints</b> — anyone can call them with crafted payloads, and treating them like internal-only code is the misconception powering a lot of the recent RSC vulnerabilities. Authenticate, validate, and rate-limit every server function the way you would any public API route. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 🪶 <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/IfDDXNzEVnRIEEe3KBqcRv%2FSKHmKOmStCfPHXauWEAo%2BPMkBzpCTPXG%2BrY1m%0A6a%2F04I2MCk6Q7aOiMaA0Kg2EXKxZ38j2jp5jCeZ%2FtGiVRlCRFUmffsKv1zdh%0ALiybB%2F8N9QWPkpcrw19Qn52f2hNmnFwOjLQCwp3G7LpSUzAhK%2BFbA3TkxLNi%0AwtmmMoSSK3DLlhH%2Fe%2FDW46bUbPyHXVb%2FMbpcudYLYkqKeJFGvKgSdSs%3D%0A/ab39546319b2c488" target="_blank" rel="noopener noreferrer nofollow"><span>Migrating Off React Saved This Marketing Site 100 KB</span></a></b><br>Evil Martians took an Astro + React + Ark UI marketing site and ripped React out, replacing it with native Web Components and a tiny new library called <b>nanotags (~2.5 KB)</b>. Result: 100 KB less JavaScript on the wire, no functionality lost, accessibility actually slightly better. The argument is narrow but sharp — <b>most marketing sites are shipping a full SPA framework just to toggle a sidebar.</b></p></td></tr><tr><td align="center" valign="top" style="font-size:0px;line-height:0px;padding:30px 0px 30px;" class="dd"><table class="j" role="none" width="80%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td>   </td></tr></table></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"><b>Quick Links</b></p></td></tr><tr><td style="padding-bottom:12px;padding-left:37px;padding-right:27px;padding-top:12px;" class="ee"><div style="margin-left:0px;" class="edm_outlooklist"><ul style="font-weight:normal;list-style-type:disc;margin-bottom:12px !important;margin-top:12px !important;padding:0px 0px 0px 0px;"><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/yJRLx5RHAfUYudKhFm79FXwMk68MamG1wzOrc3alaAP5hNDUBG8iXII6O7iy%0A9BLCwgjcbycdfWdO0KuR0HGOu%2Fq8eyh7ONpw8qJC1U%2F4FMpCRhaBwbFvAhc0%0ATAcEAD5Dwwr8sGAoH3s1CWC4HNOPY8dRIv67eR33rqwGY1ucAPgIP%2BXEitHi%0A7WLH8rcAJbXs70Ml1IKHrD4xTMzWskEUflN73H%2FiJYgSrWImqDq1L28%3D%0A/5053d6251b027fef" target="_blank" rel="noopener noreferrer nofollow"><span>Julia Evans on Testing Vue Components in the Browser</span></a></b> — Vue-flavored, but the <b>"why real-browser testing beats jsdom"</b> argument applies cleanly to React. Short and sharp. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/qdIAnINYdim8tgpkStgP6vzttzH5Y9cRA1dWTPkNB4oZO%2B386wKvpsRIvsvj%0AHRcUaBFyst4vm%2FJW%2FUZVxZYy4dHELaQVjAN3lPLiOc8uXwZnE7Q5DY%2FMKkmF%0Ai2CgiM95hO2yZq7WMJT3G7JpsdV81Np%2F1zzQvbqr0iT2Ax1xk7sTvAX0cgfw%0AoW2JlD0w3hc6kFlmYAh%2FkY%2FL9sb8k2Li7BH9qMb6x%2FAin9EMb1LLoS4%3D%0A/53cc4dfb5cd8c1ea" target="_blank" rel="noopener noreferrer nofollow"><span>Tailwind CSS v4.3</span></a></b> — Point release with <b>new utilities for </b><code>color-mix()</code><b>, text-wrap, and faster arbitrary-value compilation</b>. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/zWD39WTUyMsQ%2BQ1h3xQPQNJrrMJRVrooIhL3ooUg12IWpD2%2Bb4oLIZNtKIVI%0AN2Gz8cBUYv%2FRv3YycK%2FUkvjSuu8M5%2BEa4qw%2F%2F%2BFfrsp7SsMozsazWYIF9ciw%0AgLeU44kLWWCJjloS2Sp0%2FRwMNCZDlELKkHp88XmRlNTaijBZmY87Wp17805s%0A1dWalKiHa9Q9JB7PyaYznhtnuzrxL3ZBszTPTHl9%2BgbZgkDjYze28jk%3D%0A/ad2b2bfbf988f617" target="_blank" rel="noopener noreferrer nofollow"><span>How Libraries Are Quietly Shaping the Web Platform</span></a></b> — Jad Joubran on which library patterns are getting <b>absorbed into native browser APIs</b>. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/u1UpN7I7GRjfZqpHbqJNeOg%2FjYjhpoV8zjywJXMlEMIw%2BybpRMZgzdEVlnER%0Ar%2B%2F%2F9cRa93Fb2vGByBmWSJUQURuRDSPjRvMg9AQRAPmjt9lADsG0ZX6Bz8yE%0A4J0Vbz529zVOEpnVowFquebA%2BlRqHUPVa2PMKgEFTgjAXYn5NBYRjN5Er1aj%0ALK5v9M%2BKn4Shnr9mP1q8zCXR%2Bk%2F%2BauR4UkSnVHhqzqoaNFZL%2BHooSFM%3D%0A/d4605e49696ab1e6" target="_blank" rel="noopener noreferrer nofollow"><span>react-doctor by Million</span></a></b> — New CLI from the Million team that <b>diagnoses common React perf issues</b> in your codebase. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/N0PygrDZ3BLCVB6LSR9%2Ff7Aa%2BLccLYdoH7b%2BxpzmZnYMwyHFzozDGrMYL8pZ%0AHhdkKcKCmYUDy0qk%2BXH99zHpoppy7B%2F4GR1L%2FqagyMCHSkHPCpwIEFLphkiZ%0AwiqnCArdhd4Uf%2FVfXeYtZQZz0HrEOPKBgeEyB9toezfkVh8Uq5Z%2FcVk466yn%0AuNMzOwB4OlwByq4hrK%2FZpsEUXH5VioWhi4mmDK6ciZA3Bl8eYedZ9yg%3D%0A/2ea297e151248199" target="_blank" rel="noopener noreferrer nofollow"><span>Remix Changed Direction… Again</span></a></b> — Lively r/reactjs thread on Remix's latest pivot. Lots of "are we back?" energy in the replies. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/pFr4oDcy5jHvXW%2FqEY2joplf7Ll21E0QRzapeFv0BcJKO0IgkKSxTF60frVe%0ABtrvSBNT3iX8%2FKG8AaC6hbcQWAPx2P7N%2FSJkccJjtcPKpVCUgjqJY%2Fy1eNyH%0AbPY3C0zAFQMKzXZMm8lD900f%2FZCRw9xAJgUw%2BZHZUDmUyQV2eke9Dk7g%2FQsk%0AC1b56SqNoNHPbIK6UE9d9LUc7El3bgCZ5BR59BtQ3EreDf5CHcDXQPk%3D%0A/91061d9b835a52bf" target="_blank" rel="noopener noreferrer nofollow"><span>Waku v1 Beta</span></a></b> — Daishi Kato's <b>minimal RSC-first framework</b> hits beta with a much more stable API surface. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/%2Bw113D%2FPfqFy4axXyrTxD3CfxY8sblThn4ue4zt%2BLjrnAMRh1PshmEvtIiF0%0AZDOC8zAG5iwk67pl3x%2F8%2Bc%2FUjWtKDcTJq9iH53fnBUyC%2BBx%2FmmkuCL6ZesPC%0An8hRK4SrXQvdjEBVsN8serefszjkN0X8za%2BdQGo78yz6bnkwg%2B3hXZ%2Fzv34C%0Aa%2BmJePoh0sTsVG8WyGbBVj1Hgu6VeeEEpG75xr%2BZnPgGfXigsGSlF4U%3D%0A/45d46dd3ffa6a2b0" target="_blank" rel="noopener noreferrer nofollow"><span>MapLibre React Native</span></a></b> — The open-source Mapbox alternative now has a proper React Native binding. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/gdyfmHziHFT0EPlhInM2O8QV3NIpdPOo6szz%2FP3xVzDb0iAeh4VaJaJENhxx%0A7nCQw6kuKlvVK%2B2henMDCRVecjxY1YASP74zNS0g4%2B41p2WWMZCMzMFW8fxU%0ActUgR9AGUeyFFa0%2FcbT%2Bw5rJA5NnCnRTNBeVMCUhB7nd7YN%2BaU1txrud9TWX%0AuEnPgULpow%2FmZzn%2Bl%2Fp5HcMwy7x0A%2B3iaPzIJ%2BqbXR2vLbF7M4AAK2g%3D%0A/b2af489461221756" target="_blank" rel="noopener noreferrer nofollow"><span>The "Pocket" / OneCall Factory Pattern</span></a></b> — r/reactjs thread on an experimental pattern that <b>collapses a component's render path into a single call</b> for perf. Weird, interesting, probably not for production. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/KTyK2mvlFGVcQeoxkkxOTHVtcj3wc7VKWETPU7o58Q7VQtNCsJl39nP0c8qI%0AFnVh3Aq5yaHRPmIZTH0eBOCVTq5ymaMOmds5qP%2F2BO1uoPb%2BfXFNBBuQhzZD%0AZPo5tv1lBWffSUtg0A6YRlI0SKf61G69cYe8fsWn0rpmx1DK%2F2Ti421l47Z%2F%0AxP39Oqir9a00byk715Kk7LoC%2Fkb3tukTirRrObx9cco3a%2Fhe5cZkbUY%3D%0A/57aef027bef96d88" target="_blank" rel="noopener noreferrer nofollow"><span>Write Better Error Messages</span></a></b> — Wix UX on <b>error-message writing as a product skill</b>, not a copy task. Worth bookmarking. </p></li><li class="listItem ultext"><p style="mso-line-height-alt:150.0%;padding:0px;text-align:left;word-break:break-word;"><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/X2bCASYnqbrUujFLC6peq8p4ISR4Ic3luOPVDER9EG2Uc%2FR77OwbnsesNXNd%0A1CJapy8KA2YU7pqUrf2ct1NVz4m4gqAKcswcQbCWSC4nXjVD1yvcRMJfDxPH%0ABkqM3B6aCt29RGARNW%2FGIGQoPLehWwwjcuaJ11aAe4ivsZjjEZQmqxab7B8r%0ArWg35ZwQUTuLpyQNZgxniKWcf43wHynV3WBmAMjyqcxISCiTPhvyJvA%3D%0A/5c8cf1e02870a993" target="_blank" rel="noopener noreferrer nofollow"><span>33 JS Concepts</span></a></b> — Compact reference of the JS fundamentals every dev should know cold. Useful for <b>interview prep or onboarding juniors</b>. </p></li></ul></div></td></tr><tr><td align="center" valign="top" style="font-size:0px;line-height:0px;padding:30px 0px 30px;" class="dd"><table class="j" role="none" width="80%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td>   </td></tr></table></td></tr><tr><td id="ai-general-programming" class="dd" align="left" valign="top" style="color:#a6825a;font-weight:normal;padding:0px 15px;text-align:left;"><h3 style="color:#a6825a;font-weight:normal;mso-line-height-alt:125.0%;">🧠 AI & General Programming</h3></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 🤖<i> </i><b><a class="link" href="https://link.mail.beehiiv.com/v1/c/P4baUonlcTSLMTBnA8Sg2OYuTquipt01dyqjqUKANDhH6jolVGom6kP0Beul%0A5MIURlvlUYJLYEwPxEVrL1tAxkEAMDxEwK4rW1fyfsmD%2BiA6qmq68dlzfKVo%0Ad65TiWMYJizhKK9OFahHl2Ke6Qn7JTeaMG6zYt8Ypsi2mLFc%2BI%2FfgDCFx2p1%0ADmT8qBrTwQm%2BV9vGvBsL6vK5wVoVlkCcQsaO0qRhEo5pPxTszu%2FTMkY%3D%0A/692bb2ff39ce0454" target="_blank" rel="noopener noreferrer nofollow"><span>"I'm Going Back to Writing Code by Hand"</span></a></b><br>A 7-month vibe-coding postmortem that blew up on HN. The author shipped 234 commits on a Kubernetes TUI before sitting down and reading the code Claude wrote, <b>a 1,690-line god object with a 500-line Update() function dispatching across 110 switch branches</b>, all "working 99% of the time." <b>AI builds features beautifully, but it builds architecture terribly</b>, and the velocity high hides the rot until everything collapses at once. Includes five concrete <code>CLAUDE.md</code> / <code>AGENTS.md</code> directives to stop it happening to you. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 🕵️ <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/qe4TS9%2BQIXFbQOkBY1lASMcp%2Bo5gv9OLM7a4GnZN5gxVqPfv4rhsdyoHUBEp%0AZ1%2Br%2FBrvzZgFXRkZm5oYdxGaq84mnzIAHHTnndia7xdTx1bCOinjhOa2D%2Fwy%0ANemyMt%2B0j8HWjRTQIsYM67ah7aNFkJ0j9ISfek1xlVDJrNKFsPOmzDh7o2q1%0AzGPxuHBiq4vYJUcqgfrbyzZj7%2F4EKQrBwj8FshW1%2FODHMt9MtKN9Qfs%3D%0A/00560bcb3fa6e62e" target="_blank" rel="noopener noreferrer nofollow"><span>Claude Mythos "Discovered" a CVE That Was Already in Its Training Data</span></a></b><br>Anthropic claimed Claude Mythos pulled off the first AI-discovered remote kernel exploit (CVE-2026-4747 in FreeBSD's RPCSEC_GSS). Rival Security dug in and found <b>the vulnerable FreeBSD code is a near-verbatim copy of MIT Kerberos code patched as CVE-2007-3999, almost 20 years ago.</b> Mythos didn't invent anything, it pattern-matched a recycled bug. The actually-worrying conclusion: <b>it doesn't have to invent anything to be dangerous</b> — there's a <i>lot</i> of copy-pasted legacy code sitting in production right now. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 💸 <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/TPN5gVxlMDEn7BwkDZPcbuWhem8bg%2FeJSXYJ5xm4o5xkhxXpqJozBD5lu1qF%0AThHkP3drN8e8%2FEl0M1b5%2Bzbe8K3ZoCJott0m1rx1Mt%2BETAzF4NWJtbZq3rGw%0A%2FF1H5hQNEHogRfDl%2BC5ahziXDMOJSWtUBzR4vgNRBJOOmvbCfDAUyZsjfh5a%0AUONbtWIqZjxJcnWdc1lqFrIaxnpY4VMhO1w4%2F4cvWPXsn2E7kWFkUXU%3D%0A/93777cf8dac45042" target="_blank" rel="noopener noreferrer nofollow"><span>5 Years and $5M Later: Building a Custom Language Was a Mistake</span></a></b><br>A genuinely candid founder postmortem from Wasp on why they're <b>replacing their custom DSL with TypeScript</b> while keeping the framework internals identical. The "lang" suffix made every dev think they were trying to replace JavaScript; building IDE tooling for a custom language was a years-long tax; and they eventually realized <b>the moat was never the language, it was having a high-level spec the compiler could reason about</b>. Rare honest writeup of a multi-year bet that didn't pay off. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> ⚡ <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/fgSQNFOaRU6FDe7i%2BzYbdChvblKoN2wDCFN94uKrJyAr7yEDd5Lt4BidH34K%0AF%2B7bdB94uEDgsFnBrCnhgVPKGldcT3aynWGxsB60lTW4g3hcwYFDK3yi1kDE%0AVX4fd0cfGuqgbswUsb5%2FxMRJly4fMwyk70dxFffSp5w6rCw5YLCOc5qCsDz0%0Ax4BNgCj%2FfSmP2MbxUFBk5qXMZ3NnXeLZv4J1YKDWTejoX2vjQjiYQsQ%3D%0A/be59e8cc0e030c74" target="_blank" rel="noopener noreferrer nofollow"><span>Rolldown 1.0 Is Stable</span></a></b><br>The Rust-based bundler that's been quietly powering Vite 8 since March just hit stable. <b>10–30× faster than Rollup, on par with esbuild, Rollup-plugin-compatible.</b> Production numbers from the post: Ramp cut build times 57%, Mercedes-Benz.io 38%, <b>Beehiiv 64%</b>. If you're on Vite 8, you're already running it. Next milestone is a "full bundle mode" for dev with claimed <b>3× faster startup and 40% faster reloads</b>. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 🧱 <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/dX%2BS3%2Bk8o8GxLrGJQkg1%2BtZZR9N6cNMOhOnAWC2D936DSf1r%2BpNtmCR2pk%2BP%0ApN5dwdG66%2BYdQ1g6%2Fg4rFLf%2FCAV%2BqNDHZkmTZbL2c15GeuteJEill7337MVD%0Ae%2FWkFewgTOhCVV4p3iDxhDE2jD%2BFbruTa9jz5q2eUf2giZYvNJF2sIagSksI%0AAUCi2fi%2BB11WGSK0GstMyU5fOhSmBe0e%2F%2F%2BdmYIag7ZptasmWoUmmLE%3D%0A/b7695c1d77ff1225" target="_blank" rel="noopener noreferrer nofollow"><span>The 4 Symptoms of Bad Software Design</span></a></b><br>Clean, example-driven breakdown of the four "smells" that say your architecture's in trouble: <b>Rigidity</b> (one change cascades into ten), <b>Fragility</b> (fixing one module breaks another), <b>Immobility</b> (you can't extract anything without dragging the whole stack), and <b>Viscosity</b> (the hacky path is faster than the right one). Each comes with a concrete refactor and a real-world example. </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> 🗣️ <b><a class="link" href="https://link.mail.beehiiv.com/v1/c/fKiOWG60xBNErQMJUR5tbDycNvX7TX2fPx6bBN9ufEkuw5tK5nxKOlhXPnmG%0AhiYqnjWde2q%2B8bvYdiUS5IlXnE18uezYaAgDQdnPzn%2FbLQCMZe5WZnnugF4Z%0AnbAtVcyjgxSOdDiZpzrvGQzxW8SlMz%2FcLx0keZpp9LRVChKZaN%2BWVevjGqJD%0ApOFlLUfq7qz3Pi5NGyMgnAuXEIO5bdQeyTCDUrfyY7wMdy%2FqUIg%2F6IA%3D%0A/8642ba383862d102" target="_blank" rel="noopener noreferrer nofollow"><span>Why Senior Developers Fail to Communicate Their Expertise</span></a></b><br>Sharp framing on a problem most senior devs feel but can't quite name: <b>the rest of the business worries about uncertainty; senior devs worry about complexity</b>, and they're talking past each other every meeting. The magic phrase the post offers ("Can we try something quicker?") is almost worth the read on its own. Bonus take on <b>splitting a codebase into a "Speed" version and a "Scale" version</b> in the AI era. </p></td></tr><tr><td align="center" valign="top" style="font-size:0px;line-height:0px;padding:30px 0px 30px;" class="dd"><table class="j" role="none" width="80%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td>   </td></tr></table></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> See you next week, </p></td></tr><tr><td class="dd" align="left" style="padding:0px 15px;text-align:left;word-break:break-word;"><p style="mso-line-height-alt:150.0%;"> Darius </p></td></tr></table></td></tr></table></td></tr><tr><td align="center" valign="top"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td><tr><td class="b" align="center" valign="top" bgcolor="#030712" style="padding:0px 0px 0px 0px;border-style:solid;border-width: 0px 0px 0px 0px;border-color: #FFFFFF;border-bottom-left-radius:10px;border-bottom-right-radius:10px;"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td align="center" valign="top" bgcolor="#a6825a" style="padding:12px"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td><span style="padding-left:1px;"></span></td><td align="center" valign="middle" width="75" style="width:75px;"><a href="https://link.mail.beehiiv.com/v1/c/5j2m0b%2FKqcbcUb9p%2B8e45pTb%2FOkIVVBGkWER1Hi4avlNHFOux5Y98xeVpOXP%0AvBrT%2Fr0%2F4B9prvHojTK8LO7FG%2Be3%2FtcOkqgETwX1NxfckxBPNZSE1DBUmX5e%0AawqQNxtp8TyvZN1LIwCNreQBWRv9VBCrZsqvIzSnaCtfuR1BiKA%2F6GpQ9ANW%0ADW8FbKWPiIcNybMbuoTQstrzOVHdZp8dYfe0qN7HtTvo4JisXCtVjEE%3D%0A/a9e52cb9bfdbf081" style="text-decoration:none;"><img width="22" height="16" alt="yt" border="0" style="display:block;max-width:22px;color:Dark" src="https://media.beehiiv.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,quality=80/static_assets/youtube_dark.png"/></a></td><td><span style="padding-left:1px;"></span></td></tr></table></td></tr><tr><td height="10" style="line-height:1px;font-size:1px;height:10px;">   </td></tr><tr><td class="w" align="center" valign="top" style="padding:15px 15px 15px 15px;"><table role="none" width="100%" border="0" cellspacing="0" cellpadding="0" align="center"><tr><td align="center" valign="top"><p style="font-family:'Verdana',Geneva,sans-serif;color:#FFFFFF!important;"> Update your email preferences or unsubscribe <a class="link" href="https://link.mail.beehiiv.com/v1/c/QKglyxaRsmT5kr7aQa0cr%2B8%2FC%2BLTHxKa71wcwKLa4Z2OCBnLTf7krb4wCX%2F9%0AKka8uJ8aHkD8y1U8CHfWfq2eaxIDSckFcvRoG%2BSa2EUO0mic1UIbzGZ%2FnL1q%0Aa%2B8lzAljliHjigMh9NkY5skBsovcMxTl5UMCs89h66LdIP4DcXlYJjf186tO%0A3gkMf2kavtsifHh8V%2FiTbw9ewW79g1ZHh9awnioQUBG8tT5pSaBDYBY%3D%0A/0a1dbd220d76d360" style="text-decoration:underline;text-decoration-color:#FFFFFF!important;color:#FFFFFF!important;"> here</a></p><p class="copyright" style="font-family:'Verdana',Geneva,sans-serif;color:#FFFFFF!important;"> © 2026 Import React </p><p style="font-family:'Verdana',Geneva,sans-serif;color:#FFFFFF!important;"> 228 Park Ave S, #29976, New York, New York 10003, United States </p></td></tr><tr><td align="left" valign="top" height="2" style="height:2px;"><a href='https://hp.beehiiv.com/c88b925b-ad35-4013-ad2e-a50060159075' style="color: #030712 !important; cursor: default; font-size: 1px; text-decoration: none;"> Terms of Service </a></td></tr><tr><td align="left" valign="top" height="2" style="height:2px;"><a href='https://email.beehiivstatus.com/0204eb64e925bfad578de4434ad017ce38db78e0/hclick' clicktracking="off" style="color: #030712 !important; cursor: default; font-size: 1px; text-decoration: none;"></a></td></tr></table></td></tr></table></td></tr></td></tr></table></td></tr></table></td></tr></table></td></tr></table></div></body></html>