{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"TypeScript.fm - The Friendly Show for TypeScript Developers","title":"Anthropic's Bet on Bun, React2Shell, Vite 8 Beta, and Elves Spam npm | News | Ep 47","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/41aa7f70\"></iframe>","width":"100%","height":180,"duration":3334,"description":"News for the week of December 1, 2025: Anthrophic acquired Bun, React2Shell is pretty darn bad (and that's not all), plus \"elf spam\" packages on npm. From the community: tRPC vs. oRPC, demystifying TSConfig, and hash-slash (#/) project-relative import support in Node.MCP in Practice CourseWatch now. Kamran shows you how to build a practical enterprise-grade MCP server with .NET, C#, and OAuth, hosted remotely on Azure. (Requires subscription)Sponsored by Excalibur.jsExcalibur.js is the free and open source friendly TypeScript 2D game engine for the web. Learn to make web games with TypeScript or JavaScript! Excalibur comes out-of-the-box with everything you need, like physics, sprites, animations, sound effects, and first-party plugins for popular 2D gamedev tools.Homepage and Docs: https://excaliburjs.comMake Your First Game in 10 MinutesJoin the Discord: https://discord.gg/9UemP985UyChaptersNewsBun: Bun is joining Anthropic ViteLand: Vite 8 Beta: The Rolldown-powered ViteViteLand: Announcing Oxlint Type-Aware Linting AlphaViteLand: The first Oxfmt alpha was releasedViteLand: tsdown got a new releaseNode.js PSA: Prepare for Monday, December 15, 2025 Security ReleasesCloudflare: Cloudflare outage on December 5, 2025Security: npm Sees Surge of Auto-Generated “elf-stats” Packages Published Every Two Minutes via (Sarah Gooding)Security: SVG Filters - Clickjacking 2.0 Ʊ lyra's epic blog React2Shell ResourcesReact2Shell Exploit: Critical Security Vulnerability in React Server ComponentsDeep Dive: https://react2shell.com/Next.js: Security Advisory: CVE-2025-66478Deno Blog: React Server Functions / Next.js Vulnerability: Deno Deploy users protected Explainer: this is the worst case scenario by LowLevelEdFrom the CommunityTemitope Oyedele: tRPC vs oRPC: Which is better for your next TypeScript project, and why?John Franey: How to test a Vue composable with TypeScript · JohnFraney.caFabian Hiller: Formisch for React just released (quietly) – the form library that powers...","thumbnail_url":"https://img.transistorcdn.com/LUVFPtghCfQs9Z5cmq099b61B1Uvk41woCYRjlvHUak/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9jY2Ew/ZThkMTZkZGNiN2E2/Mzc1MmI5NWI0ZjU0/YjA3MS5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}