by HELLO EVERYONE!!! It’s December 5th, 2025, and you are reading the 90th edition of Codeminer42’s tech news report. Let’s check out what the tech world showed us this week!
Bun is joining Anthropic – by Jarred Sumner, Bun Blog
This article announces that Bun, the open-source JavaScript runtime and toolkit, has been acquired by Anthropic to power Claude Code, Claude Agent SDK, and future AI coding products. Bun remains open-source under MIT license, with the same team continuing development in public on GitHub, focusing on high-performance tooling and Node.js compatibility. Click through for more details on Bun’s evolution and future.
Introducing Mistral 3 – by Mistral team
This article unveils Mistral 3, the next generation of open multimodal and multilingual AI models. It introduces three dense models (3B, 8B, 14B) and the powerful Mistral Large 3, a sparse mixture-of-experts with 675B parameters. The models deliver frontier-level performance, image understanding, and multilingual capabilities, all under the Apache 2.0 license. Optimized with NVIDIA and partners, they scale from edge devices to enterprise workloads. Dive into the full article to explore how Mistral 3 redefines open AI innovation, click to read more!
DeepSeek-V3.2: Pushing the Frontier of Open Large Language Models – by DeepSeek-AI E. Research & Engineering team
This article introduces DeepSeek-V3.2, an open-source large language model designed to balance computational efficiency with advanced reasoning and agentic capabilities. The model achieves performance comparable to GPT-5 and even surpasses it in certain reasoning tasks, with the high-compute variant DeepSeek-V3.2-Speciale winning gold medals in international math and coding competitions. It also narrows the gap between open-source and proprietary models, offering cost-efficient solutions for complex tool-use scenarios. Click through to explore how DeepSeek-V3.2 is reshaping the frontier of open AI innovation!
Bundle Size Investigation: A Step-by-Step Guide to Shrinking Your JavaScript – by Nadia Makarevich
This article provides a step-by-step guide to investigating and reducing JavaScript bundle sizes in a React project, using a sample app with a 5MB initial bundle. The author shows practical fixes, including targeted imports, removing unused libraries, and refactoring to native APIs or smaller alternatives like date-fns. Key technical highlights include the impact of ESM vs. CommonJS on tree-shaking and the role of transitive dependencies. Click through for more details on shrinking your bundles!
Critical Security Vulnerability in React Server Components – by React Team
This article announces a critical unauthenticated remote code execution vulnerability (CVSS 10.0) in React Server Components, affecting versions 19.0–19.2.0, exploitable via flaws in payload decoding for Server Function endpoints. Immediate upgrades to patched versions are recommended, with specific instructions for frameworks like Next.js, React Router, and others. The fix was disclosed on December 3, 2025, after rapid response from the React team and collaborators. Click through for detailed upgrade steps and mitigation guidance.
How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files – by Alex Schapiro
This article details how Alex Schapiro reverse engineered Filevine, a billion-dollar legal AI tool, and discovered a critical vulnerability in a non-production instance. This exposed over 100,000 confidential files, including HIPAA-protected documents and court-ordered data, posing severe privacy risks. Filevine responded promptly, patched the issue, and confirmed no other clients were impacted. Click through for more details on the responsible disclosure and security implications.
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools – by The Hacker News
This article reveals a malicious npm package, eslint-plugin-unicorn-ts-2, uploaded in February 2024, which uses a hidden prompt to attempt evading AI-driven security scanners by suggesting the code is legitimate. The package, downloaded nearly 19,000 times, includes a post-install hook in version 1.1.3 that exfiltrates environment variables like API keys to a Pipedream webhook. Researchers note this as an emerging tactic to manipulate AI-based analysis in software supply chain attacks. It highlights the growing role of malicious LLMs in cybercrime, making attacks more accessible despite limitations like hallucinations. Click through for more details.
Accessibility with Interactive Components at React Advanced Conf – by Daniel Curtis
This article discusses Aurora Scharff’s presentation at React Advanced 2025 on using ARIAKit, an open-source accessibility library, to build custom UI components that comply with WCAG standards without requiring deep accessibility expertise. ARIAKit provides unstyled, composable primitives that automatically handle keyboard navigation, screen reader support, and ARIA attributes, enabling full styling freedom with tools like Tailwind CSS. Click through for more details on implementing accessible React components.
Brand New Layouts with CSS Subgrid – by Josh Comeau
This article introduces CSS Subgrid, a feature that extends grid layouts through nested elements, enabling semantic HTML like <ul> and <li> to participate in parent grids. It demonstrates how subgrid resolves layout issues in a portfolio design, allowing images and content to align dynamically across cards, and highlights its potential for responsive UIs. Technical aspects include using grid-template-columns: subgrid and grid-row: span to share grid structures, with gotchas like reserving rows and line number resets. Click through for more details!
Small shortcuts that made my Git workflow easier – by Leonardo Rodrigues
This article shares practical Git shortcuts and aliases that streamline daily workflows, such as ga for git add -A, gp for git push, and custom functions for rebasing with upstream or cleaning branches. These tweaks, tested on macOS and Linux, boost efficiency without overcomplicating setups. Click through for the full list of aliases and setup tips to supercharge your Git game!
Getting Started with Go on Nintendo 64 – by Timur Çelik
This article guides readers through building a Nintendo 64 ROM using Go with the newly supported EmbeddedGo target in go1.24.4-embedded. It covers framebuffer output at 320×240, controller polling via joybus in a goroutine, and audio playback using uncompressed mono samples with a mixer. Click through for step-by-step setup, code examples, and hardware insights!
Organizing Files and Modules in Elm: Building an Advent Calendar – by Christian Ekrem
This article discusses organizing files and modules in Elm, emphasizing a shift from JavaScript practices of splitting code by line count to Elm’s strengths: no mutations and safe refactoring. It highlights how Elm allows architecture to emerge naturally around data structures, as advised by creator Evan Czaplicki. The chapter introduces building an Advent Calendar app to demonstrate keeping code in one file initially, with potential splits based on structure rather than size. Key implications include reduced cognitive load and liberated development without fear of refactoring. Click through for more details on implementation and Tasks usage.
Languages, Tools & Framework releases
RubyGems 4.0.0
This article announces the release of RubyGems 4.0.0 and Bundler 4.0.0, packed with new features, performance boosts, and important bug fixes. It highlights enhancements like pattern matching support, improved gem source management, and faster compilation. Dive into the full details to explore everything new, click the article now!
Tinybench 6.0: A Tiny, Simple Benchmarking Library
This article introduces tinybench, a lightweight 10KB (2KB minified and gzipped) JavaScript benchmarking library with no dependencies. It supports accurate timing via process.hrtime or performance.now, concurrency modes, async detection, and detailed statistical analysis including latency, throughput, and percentiles. Click through for more details on usage and examples.
Express v5.2.0
This release includes a critical security fix for CVE-2024-51999 and upgrades body-parser to 2.2.1 to address CVE-2025-13466. It adds deprecation warnings for redirect arguments and replaces deprecated req.connection with req.socket. CI improvements include support for Node.js 24 and 25, along with various dependency updates and code cleanups. New contributors joined the project. Click through for more details.
—
And that’s all for this week! Wish you all a great weekend and happy coding!
We want to work with you. Check out our Services page!
