Securing Software Development: Insights on Vulnerabilities and Best Practices

News of the week of September 1, 2025: Deno Fresh 2.0 is now in beta, Swift 6.2 adds WASM support, and a serious spear-phishing attack on npm maintainers. From the community: looking back on TypeScript, optimizing immutability, type-safe state machines, sharing Wi-Fi links, and some prolific open source work.

Chapters

• (00:00) - Welcome to the Show
• (05:20) - News: New ESLint Rule to Prevent Empty Type Argument Lists
• (06:43) - News: Deno Fresh 2.0 Graduates to Beta with Vite Support
• (09:17) - News: Rolldown Will Ship as ESM-only
• (10:55) - News: Swift 6.2 Adds WASM Support
• (12:17) - Reminder: TypeScript AI Conf in San Francisco on Nov 6
• (12:42) - PSA: Upgrade Your Vite Packages
• (14:53) - PSA: Massive npm Supply Chain Attack
• (22:05) - News: GhostAction Attack Exfiltrated Secrets from GitHub Actions
• (24:42) - Community Highlight: TypeScript 1.5 Was 10 Years Ago
• (25:54) - Community Highlight: Dr. Axel's Corner
• (27:38) - Community Highlight: Perf Improvements Coming to Immer.js
• (28:40) - Community Highlight: Meta AI Piracy Case Might Owe Authors Money
• (29:26) - Library Watch: Easily Create Wi-Fi Share Links
• (30:58) - Library Watch: Type-safe State Machines
• (32:37) - Library Watch: Eclipse Modeling Framework for TypeScript
• (34:33) - Library Watch: A Tiny Translate Utility for TypeScript
• (35:13) - Community Highlight: Azat's OSS Tools
• (38:09) - This Week's TypeScript Joke
• (38:33) - Cool Library: 2D Geometry and Math Utilities
• (39:11) - Cool Watch: The Business Side of Digital Goods
• (40:18) - Cool Read: A New Way to Think by Roger Martin
• (43:47) - The Minnesota Long Goodbye

News

• typescript-eslint v8.43.0 introduces a new rule to disallow empty type arguments
• Fresh 2.0 Graduates to Beta, Adds Vite Support (h/t deno)
• Rolldown will only be shipping as ESM, dropping their CJS bundle (h/t VoidZero)
  • Clarification: It will still bundle your code as CJS; this applies only to Rolldown itself.
• Swift for Wasm: Q3 2025 Updates (h/t maxdesiatov)
• Reminder: TypeScript AI Conf is Nov 6
• PSA: Vite CVEs. Upgrade your packages!
  • CISA mailing list for cybersecurity incidents
• PSA: Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
• PSA: Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

From the Community

• TS 1.5 nostalgia (h/t rob palmer)
• Dr. Axel’s Corner
  • Learning web development: Frontend frameworks 
  • Learning web development: Installing npm packages and bundling 
• Immer.js optimizations coming
• Meta Piracy Case You might be owed $$$
  • Search LibGen, the Pirated-Books Database That Meta Used to Train AI 
  • It has affected Dan Abramov and Josh Goldberg 
• Library watch: wifi-share-link: Create shareable links over Wi-Fi with QR codes (h/t Joshua Goldberg)
• Library watch: @machinist/core for type-safe finite state machines 
• Library watch: TMF: Model-driven development for TypeScript 
• Library watch: pixltd-dev/ts-mini-translate, a simple TypeScript translation utility
• Check out Azat’s work! Including Josh Goldberg’s favorite ESLint plugin, perfectionist.
• This week's TS joke

Cool Stuff

• 2D math utilities: https://github.com/romgrk/2d-geometry 
• Video: A Complete Guide To The Business Side Of Indie Gamedev
• Book: A New Way to Think by Roger Martin (Thriftbooks)
• Game: Hollow Knight: Silksong

Sponsored by Excalibur.js
Excalibur.js is the friendly TypeScript game engine for making 2D web games. Use your TypeScript or JavaScript skills to make games! Excalibur comes out-of-the-box with everything you need to make web games, like physics, sprites, animations, sound effects, input, and particles. Design your assets with tools like Aseprite and Tiled, then load them natively using first-party plugins.

Music
Seahorse Dreams by Kubbi (Spotify)