npm Supply Chain Worm, React Red Flags, This Week in React #278, Kivo HTTP Client, and Architecture Metaphors
Published on 23.04.2026
New npm Supply-Chain Attack Self-Spreads to Steal Auth Tokens
TLDR: A worm-like malware was injected into 16 npm packages from Namastex Labs, stealing developer credentials and then republishing itself through any publish token it finds. It targets AI agent tooling packages specifically, and has since spread to Python packages via PyPI as well.
New npm supply-chain attack self-spreads to steal auth tokens
29 React Codebase Red Flags from a Senior Frontend Developer
TLDR: A senior engineer at Palantir catalogued 29 anti-patterns commonly found in React codebases, covering dependency bloat, folder structure chaos, component design mistakes, and state management errors. It's a useful diagnostic checklist, though the "29" framing is doing some heavy lifting.
29 React Codebase Red Flags from a Senior Frontend Developer
This Week In React #278: React Email, TSRX, Rspack RSC, TanStack, Hook Form
TLDR: A packed week in the React ecosystem: React Email 6.0 consolidates into a single package with an embeddable editor, VisionCamera v5 gets a full rewrite with Nitro Modules, and the TypeScript 7.0 beta confirms the Go rewrite is real and roughly ten times faster. Rspack 2.0 adds experimental React Server Components support.
Kivo: A Minimal Desktop HTTP Client Built with Rust and Tauri
TLDR: Kivo is an open-source cross-platform HTTP client built with Rust, Tauri, React, and Tailwind CSS, designed as a lightweight Postman alternative with local-first data storage, a custom JSON query engine, and OAuth2 support. Version 0.4.0 just shipped today.
The Mighty Metaphor: How Architects Bridge Technical and Business Thinking
TLDR: Gregor Hohpe argues that metaphors are one of the most powerful tools an architect has for communicating technical trade-offs to non-technical stakeholders. When chosen well, metaphors turn one-way explanations into collaborative conversations where business people can reason about constraints they've never directly encountered.