Friday Links #36 — JavaScript Ecosystem Weekly
A curated roundup of JavaScript ecosystem news: TypeScript, Node.js, Deno, AI developer tools, security discoveries, and new libraries from the past two weeks.
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
trigger.devOn November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and what we've changed.
Last Week in Security (LWiS) - 2025-12-15
Moonwalk++ stack telemetry bypass (@KlezVirus), a pile of Mediatek CVEs (@hyprdude), AppleScript decompiler (@__pberba__), SCOM hacking (@unsigned_sh0rt + @breakfix), .NET SOAP disaster (@chudyPB), and more!