npm Supply Chain Worm, React Red Flags, This Week in React #278, Kivo HTTP Client, and Architecture Metaphors

Published on 23.04.2026

bash — 80×24$pnpm dev▶ ready on localhost:3000$git commit -m "feat: og images"$npx tsc --noEmit✓ 0 errorsCODING

New npm Supply-Chain Attack Self-Spreads to Steal Auth Tokens

TLDR: A worm-like malware was injected into 16 npm packages from Namastex Labs, stealing developer credentials and then republishing itself through any publish token it finds. It targets AI agent tooling packages specifically, and has since spread to Python packages via PyPI as well.

New npm supply-chain attack self-spreads to steal auth tokens


29 React Codebase Red Flags from a Senior Frontend Developer

TLDR: A senior engineer at Palantir catalogued 29 anti-patterns commonly found in React codebases, covering dependency bloat, folder structure chaos, component design mistakes, and state management errors. It's a useful diagnostic checklist, though the "29" framing is doing some heavy lifting.

29 React Codebase Red Flags from a Senior Frontend Developer


This Week In React #278: React Email, TSRX, Rspack RSC, TanStack, Hook Form

TLDR: A packed week in the React ecosystem: React Email 6.0 consolidates into a single package with an embeddable editor, VisionCamera v5 gets a full rewrite with Nitro Modules, and the TypeScript 7.0 beta confirms the Go rewrite is real and roughly ten times faster. Rspack 2.0 adds experimental React Server Components support.

This Week In React #278


Kivo: A Minimal Desktop HTTP Client Built with Rust and Tauri

TLDR: Kivo is an open-source cross-platform HTTP client built with Rust, Tauri, React, and Tailwind CSS, designed as a lightweight Postman alternative with local-first data storage, a custom JSON query engine, and OAuth2 support. Version 0.4.0 just shipped today.

GitHub - DevlogZz/Kivo


The Mighty Metaphor: How Architects Bridge Technical and Business Thinking

TLDR: Gregor Hohpe argues that metaphors are one of the most powerful tools an architect has for communicating technical trade-offs to non-technical stakeholders. When chosen well, metaphors turn one-way explanations into collaborative conversations where business people can reason about constraints they've never directly encountered.

The Mighty Metaphor