Hey guys,
Welcome to another edition of Import React by Cosden Solutions!
AI is kind of consuming more and more of developers’ lives whether we want it to or not 😅
I’m curious where everyone stands because I know this topic is very divisive.
What balance do you want in this newsletter?
Let’s get into it.
Your docs are being read by AI. Is yours ready?
Over 50% of traffic across Mintlify's customer base is now AI agents, not humans. If your docs aren't structured for agents, your product is invisible to AI. Mintlify just raised a $45M Series B to build the knowledge layer for the agent era.
⚡️ The Latest In React
🚨 Malicious npm Package Impersonated TanStack to Steal .env Secrets
Socket uncovered a supply-chain attack targeting the unscoped tanstack npm package, which posed as the real @tanstack/ ecosystem and silently exfiltrated .env files during install via malicious postinstall scripts. Versions 2.0.4–2.0.7 targeted API keys, tokens, and database credentials, sending them to an attacker-controlled endpoint.
⚛️ Finally realized how much I was abusing useEffect, and deleting them is the best feeling ever..
One of the most relatable React threads in a while: a dev describes escaping “useEffect spaghetti” after finally internalizing React’s You Might Not Need an Effect guidance. The comments turn into a broader discussion about derived state, LLMs overusing hooks, and why modern React codebases are slowly becoming “delete useEffect” codebases.
✨ Josh Comeau’s “Whimsical Animations” Course Is Finally Live
Josh Comeau just launched Whimsical Animations, a massive new course focused on building delightful UI interactions with CSS, SVG, Canvas, JavaScript, and React. The course dives deep into particle systems, advanced cursor interactions, procedural effects, animation design principles, and performance techniques — essentially a full playbook for creating the kind of polished, personality-filled interfaces usually associated with companies like Stripe or Apple. If you’ve ever wondered how Josh builds the interactive magic on his site, this is basically the vault opening.
🌳 Tanner Linsley Says RSC Should Be a Protocol, Not Your Entire Architecture
Tanner Linsley argues that most React frameworks treat React Server Components as a server-owned architecture, when they’re really just a protocol for streaming React output between server and client.
☁️ Cloudflare’s Agentic Inbox
Cloudflare open-sourced a surprisingly ambitious “AI-native” email client built with React 19, Workers, Durable Objects, R2, and the Agents SDK. The standout idea is that every mailbox gets its own AI agent that can search threads, draft replies, and interact over MCP, all running entirely on Cloudflare’s edge stack.
Quick Links
Node.js 26 Has Arrived - Node 26 ships with the Temporal API enabled by default, bringing a long-awaited modern replacement for JavaScript’s notoriously painful
DateAPIs.I Am Worried About Bun - A thoughtful critique of Bun’s future after its acquisition by Anthropic.
How React streams UI out of order and still manages to keep order - A deep dive into how React streams and renders UI out of order using Suspense boundaries
The 20 Software Engineering Laws - Why software projects fail, systems rot, and teams slow down.
When Everyone Has AI and the Company Still Learns Nothing - A sharp piece on the “messy middle” of AI adoption, where every employee has AI tools but the organization still struggles to turn individual wins into shared systems, reusable workflows, and real learning.
Three Inverse Laws of AI - A thoughtful essay proposing three simple rules for interacting with AI systems.
🧠 AI & General Programming
🤯 A Startup Claims It Broke the AI Context Window Ceiling
Startup Subquadratic unveiled a new architecture called Subquadratic Selective Attention (SSA), claiming it can scale AI context windows to 12 million tokens while outperforming GPT-5.5 on long-context retrieval benchmarks. The key idea is replacing traditional quadratic attention costs with a system that selectively attends to relevant information in linear time, potentially making ultra-long prompts dramatically cheaper and faster. The claims are huge, including strong SWE-Bench and retrieval scores, but so is the skepticism, since many “transformer replacement” architectures have struggled to prove themselves outside benchmarks.
🏃 Agile in the Age of AI
Miren’s Evan Phoenix argues that AI hasn’t killed Agile, it’s changed who the “author” is. Developers are increasingly acting as editors/directors while coding agents generate implementation details, making communication loops, sync points, and review discipline even more important. The piece also warns that giant AI-generated PRs create shallow “review theater,” where humans approve changes they can’t realistically reason about.
🎵 How Shazam Identifies Songs in Seconds
This fantastic interactive deep dive explains how Shazam turns noisy audio into a compact “fingerprint” using FFT spectrograms, constellation maps, and hash matching. The clever part is that it throws away almost everything, keeping only the loudest frequency peaks, which makes matching incredibly fast and surprisingly resistant to background noise.
🤝 What to Say When Your Product Doesn’t Have the Answer
This piece explores a surprisingly important product skill, how to respond when customers ask for something your product can’t do. Instead of awkward deflection or feature-theater.
💾 Microsoft open-sources the oldest DOS source code ever found
Microsoft just released the earliest known DOS source code, dating back before MS-DOS branding even existed. The code for 86-DOS 1.00 had to be reconstructed from paper printouts by preservationists, offering a fascinating look at the software foundation that eventually powered the entire IBM PC era.
See you next week,
Darius Cosden