PodRocket

This month's panel digs into the SpaceX Cursor acquisition rumor and what a $60 billion valuation means for AI coding tools. They debate Bun's million-line Rust rewrite generated entirely by AI, the tradeoffs of agentic coding at scale, and a sophisticated CI/CD cache poisoning attack targeting TanStack. Plus: practical takes on Claude token optimization, session forensics, local AI models, and why most Claude Code skills work best when tailored, not pulled off the shelf.

Resources

SpaceX/Cursor deal, CNBC: https://www.cnbc.com/2026/04/21/spacex-says-it-can-buy-cursor-later-this-year-for-60-billion-or-pay-10-billion-for-our-work-together.html

Fortune, Cursor's uncertain future: https://fortune.com/2026/03/21/cursor-ceo-michael-truell-ai-coding-claude-anthropic-venture-capital/

GitHub Copilot usage-based billing announcement: https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/

Developer backlash, Visual Studio Magazine: https://visualstudiomagazine.com/articles/2026/04/27/devs-sound-off-on-usage-based-copilot-pricing-change-you-will-get-less-but-pay-the-same-price.aspx

"The IDE Is Dead, Long Live the ADE", Indie Hackers: https://www.indiehackers.com/post/the-ide-is-dead-long-live-the-ade-0d81e9da3d

Companies spending crazy money on AI coding tools, Medium: https://medium.com/@Reiki32/companies-are-spending-crazy-money-on-ai-coding-tools-while-developers-burn-out-efe5908f3dda

The PR: https://github.com/oven-sh/bun/pull/30412

The Register writeup: https://www.theregister.com/devops/2026/05/14/anthropics-bun-rust-rewrite-merged-at-speed-of-ai/5240381

The 13,000 unsafe blocks piece: https://byteiota.com/bun-rust-rewrite-merged-the-13000-unsafe-block-problem/

TanStack postmortem: https://tanstack.com/blog/npm-supply-chain-compromise-postmortem

TanStack hardening follow-up: https://tanstack.com/blog/incident-followup

StepSecurity writeup (the researcher who caught it): https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem

SOC Prime writeup: https://socprime.com/active-threats/active-supply-chain-attack-compromises-node-ipc-package

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey! https://t.co/oKVAEXipxu

Let us know by sending an email to our producer, Elizabeth, at [email protected], or tweet at us at PodRocketPod.

Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/

Follow us. Get free stickers.

Follow us on Apple Podcasts, fill out this form, and we’ll send you free PodRocket stickers!

What does LogRocket do?

LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today.

Chapters

00:00 Introduction

01:00 The $60B SpaceX Cursor deal

08:00 Token costs rising — the rug pull is real

09:30 Local models and sub-agent routing

12:00 Session forensics — cutting Claude token waste

15:00 Bun's AI-generated Rust rewrite

18:00 Should AI rewrite core infrastructure?

23:00 Does runtime choice even matter anymore?

29:00 The TanStack supply chain attack explained

33:00 How the GitHub Actions cache poisoning worked

36:00 Is GitHub Actions too flexible?

39:30 Ad break

40:00 Hot take — you'll be okay (local models and hardware)

42:30 Hot take — "They Will Kill You" (Jack's movie rec)

43:30 Hot take — stop hoarding Claude Code skills

46:00 Wrap-up
Special Guest: Jack Herrington.

pnpm lead maintainer Zoltan Kochan joins PodRocket to unpack pnpm 11's biggest shifts: a new minimum release age default that blocks npm registry packages under 24 hours old, a cleaner allow builds config replacing scattered post-install script settings, and the experimental global virtual store that slashes install times with Git worktrees. Zoltan also shares why a Rust rewrite of pnpm's engine is now underway, and how AI-assisted development made it possible far sooner than expected.

Links

Website: https://www.kochan.io/

Github: https://github.com/zkochan

LinkedIn: https://www.linkedin.com/in/zkochan

X: https://x.com/zoltankochan

Mastodon: https://fosstodon.org/@zkochan

Bluesky: https://bsky.app/profile/kochan.io

Resources

pnpm release blog post: https://pnpm.io/blog/releases/11.0

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey! https://t.co/oKVAEXipxu

Let us know by sending an email to our producer, Elizabeth, at [email protected], or tweet at us at PodRocketPod.

Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/

Follow us. Get free stickers.

Follow us on Apple Podcasts, fill out this form, and we’ll send you free PodRocket stickers!

What does LogRocket do?

LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today.

Chapters

00:00 Introduction

01:00 The 24-Hour Minimum Release Age Default

03:30 Community Pushback and the Polling Shift

05:00 Trusted Policy and OIDC Provenance Checking

07:00 Performance Trade-offs of Full Metadata Fetching

08:00 The New Allow Builds Configuration

10:30 Global Installs and the Virtual Store Explained

13:00 Which Packages Break with the New Layout

14:30 Global Virtual Store for Local Dev and Worktrees

16:30 TypeScript Go and the Golden Age of Development

17:30 AI Agents Influencing pnpm's Design Decisions

19:00 The Rust Rewrite — and Why Now

20:00 Dropping Node 18 and the Standalone Executable

22:00 Installing Node.js via pnpm and the New GitHub Action

24:00 Moving Config from npmrc to pnpm-workspace.yaml

26:00 Upgrade Smoothness and Common Migration Pain Points

28:30 pnpm v12 Roadmap — Frozen Installs in Rust

31:00 Contributing to pnpm and the Open Source PR Tsunami

33:00 Wrap-up

Google Chrome engineer Adam Argyle breaks down why AI is bad at frontend development and CSS in particular. From LLM training data problems to the fact that LLMs can't see, the issues run deep. But it's not all doom! Adam shares a game-changing technique for getting creative AI generated UI by asking for low probability outputs, introduces tools like Impeccable and V0 for AI assisted CSS editing, and dives into agentic loop engineering with auto research, an overnight AI workflow he uses to ship improvements while he sleeps.

Links

Website: https://nerdy.dev/

YouTube: https://www.youtube.com/channel/UCBGr3ZMcV5jke40_Wrv3fNA

Twitter: twitter.com/argyleink

Github: github.com/argyleink

Linkedin: https://www.linkedin.com/in/adamargyle

Resources

Why AI sucks at frontend: https://nerdy.dev/why-ai-sucks-at-front-end

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey! https://t.co/oKVAEXipxu

Let us know by sending an email to our producer, Elizabeth, at [email protected], or tweet at us at PodRocketPod.

Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/

Follow us. Get free stickers.

Follow us on Apple Podcasts, fill out this form, and we’ll send you free PodRocket stickers!

What does LogRocket do?

LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today.

Chapters
Special Guests: Adam Argyle and Jack Herrington.

Jimmy Lai, manager of the Next.js team at Vercel, joins the podcast to explain the adapters API, why it exists, how it fixes Next.js self-hosting pain across platforms like Cloudflare, AWS Amplify, and Netlify, and what it unlocks for partial pre-rendering. He also shares where the team is headed: server components, feature flags at request time, and building the best agentic developer experience for a world where agents write most of the code.

Links

Website: https://jimmyl.ai/

X: https://x.com/feedthejim

Bluesky: https://bsky.app/profile/feedthej.im

Resources

Adapters API: https://nextjs.org/docs/app/api-reference/adapters

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey! https://t.co/oKVAEXipxu

Let us know by sending an email to our producer, Elizabeth, at [email protected], or tweet at us at PodRocketPod.

Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/

Follow us. Get free stickers.

Follow us on Apple Podcasts, fill out this form, and we’ll send you free PodRocket stickers!

What does LogRocket do?

LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today.

Chapters

The panel digs into the Cloudflare vs Vercel turf war over Next.js, breaking down what it really means that one engineer vibe coded a full framework rewrite in a week for $1,100 using Claude Code. Then things get spicy: from the Lovable data breach to an early Anthropic model escaping its sandbox, the crew debates whether the wave of AI security incidents is systemic, and what the build vs buy collapse means for developers rolling their own tools in the AI agent era.

Resources

One Engineer, One AI, One Week: Cloudflare Just Rebuilt Next.js: https://bytesizedbets.com/p/one-engineer-one-ai-one-week-cloudflare

Cloudflare's vibe-coded Next.js replacement starts a turf war: https://cybernews.com/security/hackers-find-critical-flaws-in-cloudflares-nextjs-alternative/

How we rebuilt Next.js with AI in one week: https://blog.cloudflare.com/vinext/

JavaScript survey reveals gripes against Next.js: https://www.devclass.com/development/2026/02/10/javascript-survey-reveals-gripes-against-date-handling-webpack-and-nextjs-and-that-typescript-has-won/4090262

Claude Code's source code appears to have leaked — here's what we know: https://venturebeat.com/technology/claude-codes-source-code-appears-to-have-leaked-heres-what-we-know

Anthropic accidentally exposes Claude Code source code: https://www.theregister.com/2026/03/31/anthropic_claude_code_source_code/

Claude Mythos Preview (Anthropic Red Team blog): https://red.anthropic.com/2026/mythos-preview/

Claude Mythos Preview — BBC coverage: https://www.bbc.com/news/articles/crk1py1jgzko

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey! https://t.co/oKVAEXipxu

Let us know by sending an email to our producer, Elizabeth, at [email protected], or tweet at us at PodRocketPod.

Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/

Follow us. Get free stickers.

Follow us on Apple Podcasts, fill out this form, and we’ll send you free PodRocket stickers!

What does LogRocket do?

LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today.

Chapters

00:00 Introduction & Panelist Welcome

02:00 Cloudflare Rewrote Next.js for $1,100 — Does It Matter?

06:30 Vercel Lock-In, Open Next & the Adapter Debate

09:00 AI Security Incidents — Lovable, Anthropic Source Code Leak & More

12:30 Is the Security Crisis Systemic or a People Problem?

16:00 Rolling Your Own Stack With AI Is a Terrible Idea

18:30 Mythos, Zero-Day Bugs & Anthropic's Security Credibility

22:00 Is Anthropic's "Safety First" Framing Just Marketing?

26:00 Fleet Management, Agent Burnout & Brain Fry

28:30 Hot Take — Noel: Software Is Getting Worse and AI Is to Blame

32:30 Hot Take — Paul: The Second Internet & Claude Code's Future

36:30 Hot Take — Jack: The Highlander Reboot Is Going to Slap

37:30 Hot Take — Paige: Think Before You Grant OAuth Permissions

40:00 Wrapping Up
Special Guest: Jack Herrington.