Front-End Fire

The State of JavaScript 2025 survey results are in this week, and there’s some givens and some surprises this year. Givens: Vite's still a favorites and devs want more native TS features. Surprises: ChatGPT usage declined, no one’s using Windsurf, and Bun is the third most-used JS runtime. And thanks for making us the most written-in podcast of the survey! We appreciate it!
An 8 month study conducted by the Harvard Business Review reports AI tools don’t shrink work for employees, they actually intensify it. Employees work faster, take on more tasks, and work longer hours, which can lead to burnout, cognitive fatigue, and lower quality work over time. 
And there’s yet another new React2Shell flaw that’s being exploited by the ILOVEPOOP toolkit to scan and target vulnerable Next.js and RSC environments. Patch your React apps, folks.
Timestamps:
0:59 - State of JS survey results
23:53 - Harvard Business Review’s report on how AI is changing work
35:30 - React2Shell exploits and ILOVEPOOP
40:08 - The largest domain name purchase ever
43:00 - Adobe Acrobat can turn PDFs into podcasts
46:48 - We hit 100k downloads!
47:55 - What’s making us happy
News:
Paige - State of JavaScript survey results 2025
Jack - React2Shell exploits
TJ - HBR reports AI didn’t shrink work for employees, it intensified it and the burnout is getting real
Lightning News: 
Thanks for helping us reach 100k downloads!
The largest publicly disclosed domain name purchase ever
Adobe Acrobat can turn PDFs into podcasts
What Makes Us Happy this Week:
Paige - San Diego Zoo Safari Park
Jack - Bambu Lab H2C
TJ - Ubuntu OS
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast

Malicious code is making its way into VS Code extensions this week, as two Chinese-based AI coding assistants are identified as capturing every file on a user’s computer and sending it to servers in China without their knowledge or consent. Please just be cautious about what you’re installing on your machines, folks.
In related news, the Deno team has introduced Deno sandboxes to create and deploy secure, isolated VMs in the cloud. Strict permissions, network policies, directories, and isolated secrets—make these sandboxes great for AI agents, or any other dynamic workload where speed and security are paramount.
And the software going viral this week is OpenClaw (aka Clawdbot aka Moltbot), which is an open source, autonomous AI agent that runs locally on a user’s machine. OpenClaw can connect to LLMs and perform tasks like managing emails, scheduling, reorganizing local files or other daily tasks, and is designed to be proactive rather than just reacting to prompts. It’s truly the Wild West giving an AI agent access to read all the files on a machine or respond to emails on its own, so be careful out there, folks.
Timestamps:
1:07 - VS Code AI plugins are stealing data
10:47 - Deno sandboxes
16:09 - OpenClaw
43:41 - More Gemini features are coming to Chrome
45:33 - Apple containers
46:44 - What’s making us happy
News:
Paige - VS Code AI plugins are stealing all the data of users computers (silently)
Jack - Deno sandboxes
TJ - OpenClaw (aka Clawdbot aka Moltbot) and our lack of trust for AI agents
Lightning News: 
More Gemini features are coming to Chrome
Apple Containers
What Makes Us Happy this Week:
Paige - Claude Code
Jack - Sneakers movie
TJ - Firefox browser
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast

You heard it here first, folks, RSC support is now available in TanStack Start! Since TanStack Start supports not only React but also Solid, it handles serialization differently, meaning the critical security vulnerabilities RSC-enabled React apps have been suffering from lately won’t affect TanStack apps.
Yarn 6 was recently announced, and (surprise, surprise) it’s going to be ported to Rust. Get ready for blazing fast installs, the ability to easily switch between Yarn versions, and lazy installs to silently keep dependency versions in sync with the package.json. 
Also on the Rust bandwagon is the VoidZero team with Rolldown 1.0 RC. Rolldown is the bundler successor to Rollup, and boasts 10-30x faster speeds than Rollup while maintaining API plugin compatibility, built-in transforms, and native CJS/ESM interoperability. All hail the perf gains of JS tools written in Rust.
Timestamps:
1:20 - TanStack Start RSC
4:15 - Yarn 6 and Rust
12:03 - Rolldown 1.0 RC
16:38 - More RSC CVEs
23:19 - Mozilla is building an AI “rebel alliance”
30:05 - What’s making us happy
News:
Paige - Rolldown 1.0 RC
Jack - TanStack Start RSC
TJ - Yarn 6 and Rust
Lightning News: 
Another day, another RSC CVE
Mozilla’s building an AI “rebel alliance”
What Makes Us Happy this Week:
Paige - Landman season 2
Jack - Vaseline
TJ - ChatGPT continuing to help me around the house
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast

jQuery is the JavaScript library that just won’t quit. 20 years after its inception the team released jQuery 4.0.0, and it brings some notable modernizations including removed support for IE 10, a migration to ES modules, and support for Trusted Types. 
Node.js creator Ryan Dahl declared earlier this week that “the era of humans writing code is over”, and considering how good AI coding agents have gotten lately, he’s probably not wrong. 
Cloudflare also announces it has acquired popular JavaScript framework Astro. Cloudflare has been a good steward to other OSS projects in the past, and this acquisition allows the Astro team to focus on making the framework even better.
Timestamps:
0:50 - jQuery 4.0
7:58 - Is the era of humans writing code over?
18:23 - Cloudflare acquires Astro
24:54 - Vertical tabs are coming to Chrome
29:37 - Apple is going to use Gemini for Siri
43:07 - What’s making us happy
News:
Paige - Ryan Dahl declares humans writing code is over
Jack - Cloudflare acquires Astro
TJ - jQuery 4.0
Lightning News: 
Chrome adds support for vertical tabs
Apple and Google enter agreement to use Gemini for Apple Intelligence
What Makes Us Happy this Week:
Paige - Onyx Storm book
Jack - Learning to play Born to Run on guitar
TJ - Only Murders in the Building TV series and Dungeon Crawler Carl book series
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast

A new year, a new tactic to stem the flow of npm supply chain attacks. This time, the proposal is for “Staged Publishing” which introduces a review window that a package owner must approve before a package release becomes publicly available.
Vercel Labs is out with a new AI tool called json-render that lets users generate dashboards, widgets, apps, and data visualizations from prompts, and constrains the response to JSON for only components pre-defined by the user.
Finally, The Simpsons character Ralph Wiggum is the biggest thing in AI coding recently. Ralph is an AI development pattern using a while loop (like a bash script) to repeatedly run an AI agent on the same task, feeding its output back as context, and forcing it to iterate until a specific completion promise is met, rather than letting the AI stop prematurely. Interesting? Yes! Useful in practice? Still tbd.
Chapter Markers:
1:04 - npm to implement staged publishing
8:16 - Vercel’s json-render
16:13 - Ralph Wiggum loops
30:53 - Claude Code tips
33:52 - Firefox 147 and anchor positioning
35:42 - Fire starter
39:40 - What’s making us happy
News:
Paige - npm to implement Staged Publishing
Jack - Vercel Labs’ json-render
TJ - Ralph Wiggum loops
Lightning News: 
Firefox 147 and anchor positioning
Fire Starters:
CSS @container scroll-state()
What Makes Us Happy this Week:
Paige - Rolife Book Nook Garden House miniature
Jack - Blade Runner live at the symphony
TJ - Coffee advent calendars
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast