DEV Community

Cover image for TypeScript at Warp Speed, Bun's Rust Glow-Up, and Agents Everywhere
Adam
Adam

Posted on

TypeScript at Warp Speed, Bun's Rust Glow-Up, and Agents Everywhere

TypeScript 7.0 is officially out — the full Go-port rewrite, 10x faster compilation, validated against real-world large codebases. If you've been waiting for a reason to care about compiler speeds, here it is.

The agent beat is packed this week. Oleg Luganskiy reviewed 35 active CLI coding agents so your stack decision doesn't have to be a coin flip. Matt Rickard shows how Cognition shards codebases MapReduce-style and uses Git itself as the inter-agent communication layer — boring infrastructure, genuinely clever coordination. Jesse Vincent argues that agents write better code when the engineer building their tooling is in the loop, not at arm's length.

Security corner delivered two memorable entries: Noma Security's GitLost shows how a public GitHub issue can become a prompt injection vector that extracts data from private repos — a live attack if your agents have repository access. Anthropic's GRAM isolates dual-use knowledge into dedicated model compartments that actively resist recovery attempts, which is a more honest containment story than post-training scrubbing. And npm v12 finally ships with lifecycle scripts off by default — a supply-chain vector that's been open since npm's early days is now closed.

Also notable: Bun rewrote its runtime from Zig to Rust with Anthropic's models — faster, smaller, safer, probably the most consequential AI-assisted migration shipped in public. ECMAScript 2026 officially adds Array.fromAsync and native Base64/Hex conversion, quietly retiring whole categories of utility imports. Ubuntu's team used TLA+ to track down a 16-year-old SQLite WAL corruption bug — formal verification making a strong practical case for itself. And Kapa AI pruned 68% of RAG context with a small LLM while keeping 96% recall — small models as intelligent pre-filters, not just cheaper completions.

On the tools side: Vite+ arrives in beta as an open-source MIT toolkit unifying Vite, Vitest, and Oxlint under a single vp command (originally planned as commercial — community pressure wins). Herdr gives agents SSH-reachable persistent terminal sessions that survive disconnects. OSV.dev pulls advisories from PyPA, GitHub, Go, Rust, and more into one open API for cross-ecosystem dependency scanning. And Postgres Is Enough catalogs 89 extensions mapping Postgres onto Redis, Kafka, and Elasticsearch use cases — the single-database argument finally has a proper directory.

Enjoy!

Signup here for the newsletter to get the weekly digest right into your inbox.

Find the 15 highlighted links of weeklyfoo #145:


Announcing TypeScript 7.0

by Microsoft

TypeScript 7.0's native Go port delivers up to 10x faster compilation, tested across large-scale real-world codebases

🚀 Read it!, typescript, performance


State of CLI Coding Agents, Mid-2026

by Oleg Luganskiy

A survey of 35 actively maintained terminal-based coding agents, with Claude Code, Codex CLI, and Omp leading on memory, editing precision, and orchestration

📰 Good to know, ai, agents, tooling


Rebuilding Cognition's Agentic MapReduce

by Matt Rickard

How Cognition scales agent tasks by sharding codebases, verifying vulnerabilities in parallel, and using Git itself for inter-agent communication and fault tolerance

📰 Good to know, ai, agents, engineering


Hunting a 16-Year-Old SQLite Bug With TLA+

by Alberto Carretero

Modeling SQLite's Write-Ahead Log behavior in TLA+ to check whether dqlite was exposed to a long-standing corruption bug — it wasn't, thanks to stricter locking

📰 Good to know, sqlite, engineering


How We Taught a Small LLM to Throw Away 68% of Our RAG Context

by Kapa AI

A small, cheap LLM learned to prune 68% of retrieved RAG context chunks while keeping 96% recall, cutting cost without sacrificing accuracy

📰 Good to know, ai, engineering


Some New Agentic Patterns

by Jesse Vincent

Letting an agent work directly with the engineer building its runloop and tooling produces higher-quality results than routing every change through a human intermediary

📰 Good to know, ai, agents, engineering


What's New in ECMAScript 2026

by Pawel Grzybek

The newly approved 876-page ECMAScript 2026 spec adds Array.fromAsync, native Uint8Array Base64/Hex conversion, and more — most already usable today in browsers and runtimes

📰 Good to know, javascript, ecmascript


Rewriting Bun in Rust

by Bun

Facing recurring use-after-free and double-free bugs from Zig's manual memory management, Bun's team used Anthropic's models to rewrite the runtime in Rust, ending up faster, smaller, and safer

📰 Good to know, rust, engineering, bun


An Off Switch for Dual-Use Knowledge in AI Models

by Anthropic

Anthropic's GRAM (Gradient-Routed Auxiliary Modules) isolates dual-use knowledge like cyber offense/defense into dedicated model compartments, resisting attempts to recover removed knowledge

📰 Good to know, ai, safety


GitLost: How We Tricked GitHub's AI Agent Into Leaking Private Repos

by Noma Security

An indirect prompt injection through public GitHub issues let attackers exploit GitHub's Agentic Workflows to extract data from private repositories

📰 Good to know, security, ai, agents


npm v12 Ships With Install Scripts Off by Default

by GitHub Blog

npm 12 is now GA with lifecycle scripts and implicit node-gyp builds no longer running by default, closing off a major supply-chain attack vector

📰 Good to know, npm, security, nodejs


Vite+ Beta

by VoidZero

The Vite team's unified toolchain brings Vite, Vitest, Oxlint, and more together under a single vp command — originally planned as commercial, now open sourced under MIT

🧰 Tools, vite, tooling, javascript


Herdr

by Herdr

A terminal-based multiplexer for running multiple coding agents in persistent sessions that survive disconnects and can be reached remotely over SSH

🧰 Tools, ai, agents, cli


OSV.dev

by OSV

An open, distributed vulnerability database that aggregates open-source security advisories for scanning dependencies via API, CLI, or GitHub integration

🧰 Tools, security, opensource


Postgres Is Enough

by Goodway

A directory of 89 extensions and tools that let Postgres stand in for Redis, Elasticsearch, Kafka, and other systems

🧰 Tools, postgres, database


Want to read more? Check out the full article here.

To sign up for the weekly newsletter, visit weeklyfoo.com.

Top comments (0)