Tech Bytes Logo Tech Bytes

Tech Pulse Daily - November 29, 2025 (Black Friday)

Dillip Chowdary

Dillip Chowdary

Tech Entrepreneur & Innovator

November 29, 2025 | 6 min read

Today's Top Highlights

  • CRITICAL: React RCE vulnerability CVE-2025-55182 affects Server Components - patch immediately
  • Next.js 16: Released with Turbopack stable and improved App Router performance
  • npm Attack: "Shai-Hulud" supply chain attack discovered affecting 500+ packages
  • Black Friday extended deals still available for dev tools
  • Deno 2.2 released with improved Node.js compatibility

🚨 CRITICAL: React Server Components RCE Vulnerability

URGENT: A critical Remote Code Execution vulnerability (CVE-2025-55182) has been discovered in React Server Components affecting all React 19.x versions.

  • CVE-2025-55182: CVSS 9.8 - Remote code execution via malformed RSC payload
  • Affected Versions: React 19.0.0 through 19.2.3
  • Fixed Version: React 19.2.4 released with patch
  • Exploit: Active exploitation observed in the wild

⚠️ Immediate Action Required:

  • Update React to 19.2.4 immediately
  • Audit server logs for suspicious RSC payloads
  • Next.js apps: Update to 15.0.4 or 16.0.0
  • Review all deployed React Server Components applications

Read React security advisory →

Next.js 16 Released: Turbopack Stable

Vercel has released Next.js 16 with Turbopack now stable for production builds, delivering significant performance improvements over webpack.

  • Turbopack Stable: 10x faster dev server, 5x faster production builds
  • App Router: 35% faster page transitions with improved prefetching
  • React 19: Full React 19 support with Server Actions improvements
  • Edge Runtime: Enhanced edge function support with 50% lower cold starts

Read Next.js 16 release notes →

🚨 npm Supply Chain Attack: "Shai-Hulud"

Security researchers have discovered a coordinated npm supply chain attack dubbed "Shai-Hulud" affecting over 500 popular packages.

  • Attack Vector: Typosquatting and compromised maintainer accounts
  • Affected Packages: 500+ packages with combined 50M weekly downloads
  • Payload: Credential harvesting and cryptocurrency mining
  • Detection: npm has removed affected packages and notified maintainers

⚠️ Action Required:

  • Run `npm audit` on all projects
  • Review package-lock.json for unfamiliar packages
  • Enable 2FA on npm accounts
  • Consider using npm provenance for critical packages

Read GitHub security analysis →

Deno 2.2: Improved Node.js Compatibility

Deno has released version 2.2 with significantly improved Node.js compatibility, making it easier to migrate existing Node.js projects.

  • Node Compat: 98% npm package compatibility, up from 90% in 2.1
  • Performance: 25% faster cold starts for compiled binaries
  • Workspaces: Full npm/pnpm workspace support
  • TypeScript: Native TypeScript 5.6 support

Read Deno 2.2 release notes →

Other Notable Updates

Black Friday Extended: Many developer tools extending deals through Cyber Monday. JetBrains, Raycast, and Linear deals still active.

pnpm 9.0: Package manager releases major version with improved workspace support and 20% faster installations.

Remix 3.0 Preview: Shopify-backed framework announces preview with Vite-first architecture.

Share this article:

Twitter LinkedIn