Front-End Fire

Malicious code is making its way into VS Code extensions this week, as two Chinese-based AI coding assistants are identified as capturing every file on a user’s computer and sending it to servers in China without their knowledge or consent. Please just be cautious about what you’re installing on your machines, folks.
In related news, the Deno team has introduced Deno sandboxes to create and deploy secure, isolated VMs in the cloud. Strict permissions, network policies, directories, and isolated secrets—make these sandboxes great for AI agents, or any other dynamic workload where speed and security are paramount.
And the software going viral this week is OpenClaw (aka Clawdbot aka Moltbot), which is an open source, autonomous AI agent that runs locally on a user’s machine. OpenClaw can connect to LLMs and perform tasks like managing emails, scheduling, reorganizing local files or other daily tasks, and is designed to be proactive rather than just reacting to prompts. It’s truly the Wild West giving an AI agent access to read all the files on a machine or respond to emails on its own, so be careful out there, folks.
Timestamps:
1:07 - VS Code AI plugins are stealing data
10:47 - Deno sandboxes
16:09 - OpenClaw
43:41 - More Gemini features are coming to Chrome
45:33 - Apple containers
46:44 - What’s making us happy
News:
Paige - VS Code AI plugins are stealing all the data of users computers (silently)
Jack - Deno sandboxes
TJ - OpenClaw (aka Clawdbot aka Moltbot) and our lack of trust for AI agents
Lightning News: 
More Gemini features are coming to Chrome
Apple Containers
What Makes Us Happy this Week:
Paige - Claude Code
Jack - Sneakers movie
TJ - Firefox browser
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast

You heard it here first, folks, RSC support is now available in TanStack Start! Since TanStack Start supports not only React but also Solid, it handles serialization differently, meaning the critical security vulnerabilities RSC-enabled React apps have been suffering from lately won’t affect TanStack apps.
Yarn 6 was recently announced, and (surprise, surprise) it’s going to be ported to Rust. Get ready for blazing fast installs, the ability to easily switch between Yarn versions, and lazy installs to silently keep dependency versions in sync with the package.json. 
Also on the Rust bandwagon is the VoidZero team with Rolldown 1.0 RC. Rolldown is the bundler successor to Rollup, and boasts 10-30x faster speeds than Rollup while maintaining API plugin compatibility, built-in transforms, and native CJS/ESM interoperability. All hail the perf gains of JS tools written in Rust.
Timestamps:
1:20 - TanStack Start RSC
4:15 - Yarn 6 and Rust
12:03 - Rolldown 1.0 RC
16:38 - More RSC CVEs
23:19 - Mozilla is building an AI “rebel alliance”
30:05 - What’s making us happy
News:
Paige - Rolldown 1.0 RC
Jack - TanStack Start RSC
TJ - Yarn 6 and Rust
Lightning News: 
Another day, another RSC CVE
Mozilla’s building an AI “rebel alliance”
What Makes Us Happy this Week:
Paige - Landman season 2
Jack - Vaseline
TJ - ChatGPT continuing to help me around the house
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast

jQuery is the JavaScript library that just won’t quit. 20 years after its inception the team released jQuery 4.0.0, and it brings some notable modernizations including removed support for IE 10, a migration to ES modules, and support for Trusted Types. 
Node.js creator Ryan Dahl declared earlier this week that “the era of humans writing code is over”, and considering how good AI coding agents have gotten lately, he’s probably not wrong. 
Cloudflare also announces it has acquired popular JavaScript framework Astro. Cloudflare has been a good steward to other OSS projects in the past, and this acquisition allows the Astro team to focus on making the framework even better.
Timestamps:
0:50 - jQuery 4.0
7:58 - Is the era of humans writing code over?
18:23 - Cloudflare acquires Astro
24:54 - Vertical tabs are coming to Chrome
29:37 - Apple is going to use Gemini for Siri
43:07 - What’s making us happy
News:
Paige - Ryan Dahl declares humans writing code is over
Jack - Cloudflare acquires Astro
TJ - jQuery 4.0
Lightning News: 
Chrome adds support for vertical tabs
Apple and Google enter agreement to use Gemini for Apple Intelligence
What Makes Us Happy this Week:
Paige - Onyx Storm book
Jack - Learning to play Born to Run on guitar
TJ - Only Murders in the Building TV series and Dungeon Crawler Carl book series
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast

A new year, a new tactic to stem the flow of npm supply chain attacks. This time, the proposal is for “Staged Publishing” which introduces a review window that a package owner must approve before a package release becomes publicly available.
Vercel Labs is out with a new AI tool called json-render that lets users generate dashboards, widgets, apps, and data visualizations from prompts, and constrains the response to JSON for only components pre-defined by the user.
Finally, The Simpsons character Ralph Wiggum is the biggest thing in AI coding recently. Ralph is an AI development pattern using a while loop (like a bash script) to repeatedly run an AI agent on the same task, feeding its output back as context, and forcing it to iterate until a specific completion promise is met, rather than letting the AI stop prematurely. Interesting? Yes! Useful in practice? Still tbd.
Chapter Markers:
1:04 - npm to implement staged publishing
8:16 - Vercel’s json-render
16:13 - Ralph Wiggum loops
30:53 - Claude Code tips
33:52 - Firefox 147 and anchor positioning
35:42 - Fire starter
39:40 - What’s making us happy
News:
Paige - npm to implement Staged Publishing
Jack - Vercel Labs’ json-render
TJ - Ralph Wiggum loops
Lightning News: 
Firefox 147 and anchor positioning
Fire Starters:
CSS @container scroll-state()
What Makes Us Happy this Week:
Paige - Rolife Book Nook Garden House miniature
Jack - Blade Runner live at the symphony
TJ - Coffee advent calendars
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast

We’re back with our first episode of 2026, and prominent software developer and YouTuber, Theo Browne, made waves recently when he announced he’d migrated his T3 Chat app from the Next.js framework to TanStack Start. It isn’t that Next.js is bad, but that the requirements of T3 Chat were better supported by TanStack Start’s architecture, and Theo breaks down his evaluation process to reach that decision.
For the 10th year in a row, the JavaScript Rising Stars report drops, and the most popular projects (by GitHub stars) for the year include n8n (a workflow automation platform), react-bits (gorgeous animated React components), shadcn/ui (more UI components), and Excalidraw (virtual whiteboard for sketching and diagramming).
In less stellar news, the creator of the wildly popular CSS library Tailwind announced he’s had to lay off 75% of his engineering team because AI has killed traffic to its website (and by association, Tailwind’s commercial products that drive revenue). It was hard enough before the rise of AI for OSS to get funding, and this is just another cautionary tale that we need to support the people building the tools and products so many of us use every day in our jobs.
Timestamps:
1:54 - Theo moves off Next.js and resulting buzz
11:32 - A look at the 2025 JS rising stars
23:25 - Is AI hurting Tailwind?
31:03 - Lego smart bricks
35:45 - What’s making us happy 
News:
Paige - Is AI killing OSS now? Tailwind thinks so
Jack - Theo moved off Next.js to TanStack Start and the internet is buzzing 
TJ - 2025 rising stars
Lightning News: 
Lego smart bricks
What Makes Us Happy this Week:
Paige - Flip-It! Bottle emptying caps
Jack - Miami Hurricanes football team 
TJ - New Pokemon GO features
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
Front-end Fire website
Blue Collar Coder on YouTube
Blue Collar Coder on Discord
Reach out via email
Tweet at us on X @front_end_fire
Follow us on Bluesky @front-end-fire.com
Subscribe to our YouTube channel @Front-EndFirePodcast