Your git/CI/editor toolchain just proved it’s a prime attack vector, with compromised VS Code extensions, GitHub repo theft, npm malware, and fresh NGINX/Starlette bugs all landing at once.
At the same time, AI coding tools are smashing into hard token and cost ceilings, while local and in‑browser LLM stacks quietly get fast and cheap enough to be real options.
Key Events
/Malicious VS Code extensions and the new “Megalodon” attack together compromised over 9,000 GitHub repositories, while GitHub Actions also suffered downtime that broke CI workflows.
/New NGINX and Starlette vulnerabilities enable unauthenticated RCE and authentication bypass, impacting FastAPI, vLLM, and Docker reverse‑proxy setups.
/Microsoft began canceling internal Claude Code licenses and reportedly halted some AGI projects due to unsustainable token‑based AI costs.
/Salesforce plans to spend about $300M on Anthropic tokens in 2026, with AI handling 30–50% of its workload.
/Node.js 26.0.0 shipped the Temporal API and a slimmed production Docker image from 1.2GB to 78MB, while Deno 2.8 launched its largest minor release focused on Node compatibility.
Report
Two things moved the goalposts this cycle: the supply‑chain/security story around GitHub and friends, and the hard ceiling on AI tooling costs. Everything else is noise unless it affects those or your runtime choice.
github, actions, and the editor as attack surface
A malicious VS Code extension installed by a Microsoft dev exfiltrated around 3,800 internal GitHub repositories, while a separate “Megalodon” attack compromised over 5,500 more public repos via poisoned commits.
The same period saw GitHub Actions downtime disrupting CI workflows, reminding people that hosted runners are just another third‑party dependency.
TeamPCP is actively selling stolen GitHub data on cybercrime forums, which means some of that code is now in hostile hands. GitHub is still investigating unauthorized access to internal repos and is telling users that no customer data was impacted, but external trust is visibly shaken.
In parallel, npm’s Shai‑Hulud malware wave hit ~600 packages and pushed npm toward staged publishing and pnpm 11 toward stronger supply‑chain protections, closing one hole while advertising how many were open.
framework vulns in the usual suspects
NGINX picked up a new unauthenticated RCE plus an ASLR bypass (including the nginx‑poolslip bug) that specifically bites setups using Docker reverse proxies and tools like NGINX Proxy Manager.
Attackers are already scanning and exploiting exposed servers via the NGINX Rift family of bugs, not just passing around theoretical exploits. Separately, a severe auth‑bypass vuln in Starlette landed, affecting anything built on it, including FastAPI, vLLM, LiteLLM, and OpenAI‑compatible shims.
On the auth side, people are still tripping over JWT edge cases, including an AWS API Gateway quirk where adding a trailing slash to an endpoint can bypass JWT checks entirely.
The HN consensus is hardening around “JWTs good for service‑to‑service, bad for browser sessions,” with many war stories about invalidation and misuse causing security holes.
ai coding tools vs the token ceiling
Microsoft is canceling internal Claude Code licenses and steering staff back toward Copilot/CLI because the token bills were unsustainable.
Salesforce expects to drop around $300M on Anthropic tokens this year, with AI already handling 30–50% of its workload and a hiring freeze on new engineers.
Uber’s COO says AI investments haven’t produced measurable productivity gains and that token budgets were blown through early, to the point that AI tools are now more expensive than human workers in some cases.
Across the ecosystem, quarterly token volume is up ~17,000x in four years while prices per token dropped, encouraging “tokenmaxxing” patterns like median 96k‑token contexts for coding agents—longer than The Great Gatsby on every call.
Cheaper models like DeepSeek V4 Pro and Cursor’s Composer 2.5 are being called out as 3–18x cheaper than frontier models like GPT‑5.5 or Opus 4.7, which is starting to dictate which tools people actually keep running all day.
runtime/tooling churn: node, deno, bun, uv
Node.js 26.0.0 landed the Temporal API for sane date/time handling and the official production Docker image got crushed from 1.2GB to 78MB, which materially affects cold start and transfer times.
Deno 2.8 shipped as its largest minor release yet, adding features like Visual Fold for big graph‑like workflows and pushing harder on Node compatibility to lure existing TypeScript services.
Meanwhile, Bun is rewriting itself in Rust with 13,365 `unsafe` blocks in the new core and has deprecated parts of its original support surface, which the community reads as everything from “much better runtime” to “marketing‑driven stunt.” Supply‑chain anxiety is bleeding into this choice too, with people calling for serious benchmarking against Deno and Node plus better stories around dependency/update safety after recent vuln waves.
In Python land, uv is getting real adoption for its speed and resolver quality, but devs keep flagging confusing UX, upper‑bound dependency issues, and unclear Docker integration, so it mostly shows up on greenfield or lower‑risk projects.
local and in‑browser llms grow up
On personal rigs, llama.cpp keeps getting faster with Multi‑Token Prediction and VRAM fixes, with BeeLlama v0.2.0 hitting 177.8 tok/s on an RTX 3090 when tuned correctly.
Ollama v0.30.0‑rc23 now talks directly to llama.cpp and GGUF backends, making it more of an orchestration layer than a bespoke runtime. For heavier setups, vLLM remains the preferred engine on multi‑GPU and DGX boxes, but it was caught up in the same Starlette auth‑bypass issue as FastAPI because of its web shim.
On the browser side, PrismML’s Binary and Ternary Bonsai Image 4B models bring 1‑bit/ternary text‑to‑image diffusion (~3GB) fully client‑side over WebGPU, versus ~16GB footprints for models like FLUX.2 Klein.
WebGPU support for llama.cpp and libraries like Local Ghost running Qwen2.5 in‑browser mean non‑trivial language, audio, and image models now run entirely on the client for users with modern hardware.
What This Means
Security and cost pressure are converging: the same platforms that run your code (GitHub, npm, cloud runtimes, AI agents) are now both prime attack vectors and major line items. At the same time, runtimes and local/browser LLM stacks are maturing fast enough that “boring but hardened” versus “new and powerful” is becoming an explicit tradeoff, not an edge case.
On Watch
/Caddy 2.11 will only forward the Host header to HTTPS backends by default starting in February 2026, which could subtly change routing for existing HTTP reverse‑proxy configurations that relied on the old behavior.
/Early scans show that 15.3% of 500 public MCP servers have security vulnerabilities, and the NSA is now warning about cyber risks in this automation protocol, so any growth in MCP usage will come with increasing security noise.
/Flatpak 2.0’s new hard dependency on systemd raises questions for non‑systemd distros and containerized environments that rely on sandboxed desktop apps, and may force stack changes once it ships widely.
Interesting
//advisor mode is an open-source Python coding agent that combines a cheap worker model with an expensive reviewer.
/Developers are frustrated with npm's slow response to security vulnerabilities, with some packages remaining available for hours post-advisory.
/There is a possibility to convert any Chromium-based browser into a permanent JavaScript botnet member, raising security alarms.
/The scanner that found 41 live AWS keys in Terraform state files emphasizes the importance of security practices in infrastructure as code.
/The integration of LLMs with local HTML renderers can significantly streamline the rapid prototyping process, eliminating the need for manual copy-pasting.
We processed 10,000+ comments and posts to generate this report.
AI-generated content. Verify critical information independently.
/Malicious VS Code extensions and the new “Megalodon” attack together compromised over 9,000 GitHub repositories, while GitHub Actions also suffered downtime that broke CI workflows.
/New NGINX and Starlette vulnerabilities enable unauthenticated RCE and authentication bypass, impacting FastAPI, vLLM, and Docker reverse‑proxy setups.
/Microsoft began canceling internal Claude Code licenses and reportedly halted some AGI projects due to unsustainable token‑based AI costs.
/Salesforce plans to spend about $300M on Anthropic tokens in 2026, with AI handling 30–50% of its workload.
/Node.js 26.0.0 shipped the Temporal API and a slimmed production Docker image from 1.2GB to 78MB, while Deno 2.8 launched its largest minor release focused on Node compatibility.
On Watch
/Caddy 2.11 will only forward the Host header to HTTPS backends by default starting in February 2026, which could subtly change routing for existing HTTP reverse‑proxy configurations that relied on the old behavior.
/Early scans show that 15.3% of 500 public MCP servers have security vulnerabilities, and the NSA is now warning about cyber risks in this automation protocol, so any growth in MCP usage will come with increasing security noise.
/Flatpak 2.0’s new hard dependency on systemd raises questions for non‑systemd distros and containerized environments that rely on sandboxed desktop apps, and may force stack changes once it ships widely.
Interesting
//advisor mode is an open-source Python coding agent that combines a cheap worker model with an expensive reviewer.
/Developers are frustrated with npm's slow response to security vulnerabilities, with some packages remaining available for hours post-advisory.
/There is a possibility to convert any Chromium-based browser into a permanent JavaScript botnet member, raising security alarms.
/The scanner that found 41 live AWS keys in Terraform state files emphasizes the importance of security practices in infrastructure as code.
/The integration of LLMs with local HTML renderers can significantly streamline the rapid prototyping process, eliminating the need for manual copy-pasting.