quoting this to pin it 😎

It's Redux release day! Shipped RTK 2.12.0, React-Redux 9.3.0, and Reselect 5.2.0 Highlights: - RTK skills files - `connect` is officially deprecated! Don't use it! :) - Fixed trusted publishing github.com/reduxjs/redux-too… github.com/reduxjs/react-red… github.com/reduxjs/reselect/…

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/router/i… Credit to the security researcher for responsible disclosure.

🚀 Valibot v1.3 is here! ✅ Smarter pipelines with `guard()` for type refinement & `parseBoolean()` for boolish inputs (env vars, forms, query strings). ✅ Result caching via `cache()` / `cacheAsync()` for repeated & async validations. ✅ New validators: `domain()`, `jwsCompact()`, `isrc()` important compatibility fixes. Huge thanks to @eskimojo, @yslpn and many others for contributing to this release! 🙌 Full details examples 👉 valibot.dev/blog/valibot-v1.… npm i valibot@latest #Valibot #TypeScript

Shoutout for @eskimojo for the implementation and TypeBox for being currently the fastest ⚡️

🚨 Exciting update! Our Schema Benchmarks OSS project now has a dedicated section for Standard Schema. Check it out and discover how fast your favorite Standard Schema libraries like @valibot, @zodtypes, @arktypeio, @EffectTS_ and more really are! 📈 Which one surprises you the most? 👀 schemabenchmarks.dev/standar… #TypeScript #WebDev #OpenSource #StandardSchema

🚨 Missed our big announcement yesterday? We launched schemabenchmarks.dev! 🎉 An open-source project comparing top JS schema libraries like @zodtypes, @valibot, @arktypeio, Typia, TypeBox, @EffectTS_ and more. 🧩 Dive into metrics on download time, schema creation, and parsing speed. 🔥 Check it out now and see who's leading the pack: schemabenchmarks.dev/blog/we…

We'll also aim to expand to other types of benchmarking and comparison - I'm already investigating capturing error messages and traces, inspired by x.com/techsavvytravvy/status…

Proud to have teamed up with @eskimojo on Schema Benchmarks! 🙌 Valibot and Typia neck-and-neck on bundle size (~1.9KB gzipped)—the fight for the smallest bundles is heating up! 🔥 Transparent metrics like these help us all improve—dive in and let us know what you think! schemabenchmarks.dev/

this was also a great opportunity to try out a bunch of new tech - we're currently running on Vite 8 (beta), @tan_stack Start ( Query Pacer), and using Oxfmt/Oxlint/TSGo 👀

To see our results in depth, check out schemabenchmarks.dev/! Reckon we've missed a library, or thought of an improvement to our methodology? We'd love to hear from you! github.com/open-circle/schem… Want to do one better and DIY? Thanks! Give this a read: schemabenchmarks.dev/contrib…