by HELLO EVERYONE!!! It’s April 2nd, 2026, and you are reading the 105th edition of Codeminer42’s tech news report. Let’s check out what the tech world showed us this week!
Claude code source code has been leaked!!!
Anthropic disclosed on Tuesday that a “human error” led to the accidental release of part of the internal source code for its AI-powered coding assistant, Claude Code.
Google Gemma 4 Announcement
Google has unveiled the Gemma 4, a new lineup of open models designed to run directly on your own hardware.
axios Compromised on npm – Malicious Versions Drop Remote Access Trojan — by Ashish Kurmi
This article covers a sophisticated supply chain attack on the most popular JavaScript HTTP client with over 100 million weekly downloads. Malicious versions 1.14.1 and 0.30.4 injected a hidden dependency that deployed a cross-platform remote access trojan. The attack was operationally sophisticated, with pre-staged payloads and self-destructing malware designed to evade detection.
ChatGPT Won’t Let You Type Until Cloudflare Reads Your React State. I Decrypted the Program That Does It. — by Jamie Larson
This article reveals how Cloudflare’s Turnstile bot detection on ChatGPT goes far beyond standard fingerprinting by reading React application state directly. The author decrypted 377 bytecode programs and found they collect 55 specific properties across browser, network, and application layers. The encryption uses XOR with keys embedded in the same data stream, making it technically bypassable but practically effective at preventing bot attacks.
A Message from the Ruby Central Board
This article addresses the RubyGems crisis that has dominated Ruby community discourse for months. Ruby Central acknowledges that decisions were made quickly without proper community engagement, leading to confusion and frustration. The board commits to publishing a detailed incident report, strengthening governance, improving transparency, and ensuring RubyGems stewardship reflects the collaborative spirit of the ecosystem rather than being a single point of failure.
RubyGems Fracture Incident Report — by Richard Schneeman
This article provides a comprehensive retrospective on the September 2025 RubyGems incident involving the controversial removal of access for six key maintainers. The report details the breakdown in communication, lack of documented offboarding policies, and the emotional impact of coupling access with status and income. Key lessons include the importance of distinguishing remarks from requests, explaining access changes clearly, and decoupling metrics from permissions management.
Why we replaced Node.js with Bun for 5x throughput
This article documents Trigger.dev’s migration of their Firestarter service from Node.js to Bun, achieving a 5x throughput increase. Through four phases of optimization—replacing SQLite with composite-key maps, switching to Bun’s native HTTP stack, stripping the hot path, and compiling to a binary—the team reduced latency and memory usage significantly. The article also documents a previously undocumented Bun memory leak in HTTP handling and its fix.
Getting Started with the Vercel AI SDK Agents in Node.js — by Valeri Karpov
This article introduces developers to building AI agents using Vercel’s AI SDK through the ToolLoopAgent class. The article demonstrates practical examples including a 20 Questions game where the agent iteratively calls tools and generates text. The pattern—where LLM decides, tools fetch data, repeat until done—applies broadly to real workflows like automated log querying and changelog generation.
Learn Claude Code Interactively — by Ahmed Nagdy
This article presents an interactive learning platform for Claude Code with 11 modules covering everything from basic slash commands to advanced features. The platform includes terminal simulators, config builders, and quizzes with no setup required or API keys needed. Users can practice in a dedicated playground, generate configurations interactively, and access a searchable feature index for comprehensive reference material.
Most Developers Misunderstand Node.js in Production (with Ulises, TC39 Delegate)
This interesting article features a discussion with Ulises, a TC39 delegate, addressing common misconceptions developers have about running Node.js in production environments. The conversation likely covers performance optimization, scaling considerations, and best practices that are often overlooked or misunderstood by developers transitioning from development to production deployments.
Languages, Tools & Framework releases
Node.js 25.9.0 — by Antoine du Hamel
This release includes test runner module mocking improvements consolidating options into MockModuleOptions.exports, async_hooks enhancements with using scopes for AsyncLocalStorage, and new cryptographic algorithms including TurboSHAKE and KangarooTwelve. Additional improvements span REPL customization, stream iteration, SEA code caching, and extensive dependency updates including V8 and npm upgrades.
Neovim 0.12.0 — by Justin M. Keyes
This release represents a significant update to the popular terminal text editor with comprehensive improvements across the codebase. The release comes with multiple installation options for Windows, macOS, and Linux, and has generated considerable community enthusiasm with over 500 reactions on the release announcement across various emoji reactions.
ruby-lsp 0.27.0.beta1 — by Vinicius Stock
This beta release integrates the Rubydex dependency for improved Ruby code analysis and introduces substantial refactoring across core functionality. The release migrates the type inferrer, go to definition, workspace symbol search, hover information, and rename functionality to use Rubydex, while also adding graph indexing capabilities and maintaining compatibility with the latest Rubydex versions.
—
And that’s all for this week! Wish you all a great weekend and happy coding!
We want to work with you. Check out our Services page!
