Bun's rust rewrite, the TanStack hack, and the $60B Cursor deal | Panel episode artwork

EPISODE · May 21, 2026 · 46 MIN

Bun's rust rewrite, the TanStack hack, and the $60B Cursor deal | Panel

from PodRocket · host LogRocket

This month's panel digs into the SpaceX Cursor acquisition rumor and what a $60 billion valuation means for AI coding tools. They debate Bun's million-line Rust rewrite generated entirely by AI, the tradeoffs of agentic coding at scale, and a sophisticated CI/CD cache poisoning attack targeting TanStack. Plus: practical takes on Claude token optimization, session forensics, local AI models, and why most Claude Code skills work best when tailored, not pulled off the shelf. Resources SpaceX/Cursor deal, CNBC: https://www.cnbc.com/2026/04/21/spacex-says-it-can-buy-cursor-later-this-year-for-60-billion-or-pay-10-billion-for-our-work-together.html Fortune, Cursor's uncertain future: https://fortune.com/2026/03/21/cursor-ceo-michael-truell-ai-coding-claude-anthropic-venture-capital/ GitHub Copilot usage-based billing announcement: https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/ Developer backlash, Visual Studio Magazine: https://visualstudiomagazine.com/articles/2026/04/27/devs-sound-off-on-usage-based-copilot-pricing-change-you-will-get-less-but-pay-the-same-price.aspx "The IDE Is Dead, Long Live the ADE", Indie Hackers: https://www.indiehackers.com/post/the-ide-is-dead-long-live-the-ade-0d81e9da3d Companies spending crazy money on AI coding tools, Medium: https://medium.com/@Reiki32/companies-are-spending-crazy-money-on-ai-coding-tools-while-developers-burn-out-efe5908f3dda The PR: https://github.com/oven-sh/bun/pull/30412 The Register writeup: https://www.theregister.com/devops/2026/05/14/anthropics-bun-rust-rewrite-merged-at-speed-of-ai/5240381 The 13,000 unsafe blocks piece: https://byteiota.com/bun-rust-rewrite-merged-the-13000-unsafe-block-problem/ TanStack postmortem: https://tanstack.com/blog/npm-supply-chain-compromise-postmortem TanStack hardening follow-up: https://tanstack.com/blog/incident-followup StepSecurity writeup (the researcher who caught it): https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem SOC Prime writeup: https://socprime.com/active-threats/active-supply-chain-attack-compromises-node-ipc-package We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at [email protected], or tweet at us at PodRocketPod. Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form, and we’ll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. Chapters 00:00 Introduction 01:00 The $60B SpaceX Cursor deal 08:00 Token costs rising — the rug pull is real 09:30 Local models and sub-agent routing 12:00 Session forensics — cutting Claude token waste 15:00 Bun's AI-generated Rust rewrite 18:00 Should AI rewrite core infrastructure? 23:00 Does runtime choice even matter anymore? 29:00 The TanStack supply chain attack explained 33:00 How the GitHub Actions cache poisoning worked 36:00 Is GitHub Actions too flexible? 39:30 Ad break 40:00 Hot take — you'll be okay (local models and hardware) 42:30 Hot take — "They Will Kill You" (Jack's movie rec) 43:30 Hot take — stop hoarding Claude Code skills 46:00 Wrap-upSpecial Guest: Jack Herrington.

This month's panel digs into the SpaceX Cursor acquisition rumor and what a $60 billion valuation means for AI coding tools. They debate Bun's million-line Rust rewrite generated entirely by AI, the tradeoffs of agentic coding at scale, and a sophisticated CI/CD cache poisoning attack targeting TanStack. Plus: practical takes on Claude token optimization, session forensics, local AI models, and why most Claude Code skills work best when tailored, not pulled off the shelf. Resources SpaceX/Cursor deal, CNBC: https://www.cnbc.com/2026/04/21/spacex-says-it-can-buy-cursor-later-this-year-for-60-billion-or-pay-10-billion-for-our-work-together.html Fortune, Cursor's uncertain future: https://fortune.com/2026/03/21/cursor-ceo-michael-truell-ai-coding-claude-anthropic-venture-capital/ GitHub Copilot usage-based billing announcement: https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/ Developer backlash, Visual Studio Magazine: https://visualstudiomagazine.com/articles/2026/04/27/devs-sound-off-on-usage-based-copilot-pricing-change-you-will-get-less-but-pay-the-same-price.aspx "The IDE Is Dead, Long Live the ADE", Indie Hackers: https://www.indiehackers.com/post/the-ide-is-dead-long-live-the-ade-0d81e9da3d Companies spending crazy money on AI coding tools, Medium: https://medium.com/@Reiki32/companies-are-spending-crazy-money-on-ai-coding-tools-while-developers-burn-out-efe5908f3dda The PR: https://github.com/oven-sh/bun/pull/30412 The Register writeup: https://www.theregister.com/devops/2026/05/14/anthropics-bun-rust-rewrite-merged-at-speed-of-ai/5240381 The 13,000 unsafe blocks piece: https://byteiota.com/bun-rust-rewrite-merged-the-13000-unsafe-block-problem/ TanStack postmortem: https://tanstack.com/blog/npm-supply-chain-compromise-postmortem TanStack hardening follow-up: https://tanstack.com/blog/incident-followup StepSecurity writeup (the researcher who caught it): https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem SOC Prime writeup: https://socprime.com/active-threats/active-supply-chain-attack-compromises-node-ipc-package We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at [email protected], or tweet at us at PodRocketPod. Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form, and we’ll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. Chapters 00:00 Introduction 01:00 The $60B SpaceX Cursor deal 08:00 Token costs rising — the rug pull is real 09:30 Local models and sub-agent routing 12:00 Session forensics — cutting Claude token waste 15:00 Bun's AI-generated Rust rewrite 18:00 Should AI rewrite core infrastructure? 23:00 Does runtime choice even matter anymore? 29:00 The TanStack supply chain attack explained 33:00 How the GitHub Actions cache poisoning worked 36:00 Is GitHub Actions too flexible? 39:30 Ad break 40:00 Hot take — you'll be okay (local models and hardware) 42:30 Hot take — "They Will Kill You" (Jack's movie rec) 43:30 Hot take — stop hoarding Claude Code skills 46:00 Wrap-upSpecial Guest: Jack Herrington.

NOW PLAYING

Bun's rust rewrite, the TanStack hack, and the $60B Cursor deal | Panel

0:00 46:49

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

The Monster Inside

May 10, 2023 ·27m

The Art of Lie Spotting!

May 5, 2023 ·15m

Launching the Podrocket!

May 4, 2023 ·10m

Frequently Asked Questions

How long is this episode of PodRocket?

This episode is 46 minutes long.

When was this PodRocket episode published?

This episode was published on May 21, 2026.

What is this episode about?

This month's panel digs into the SpaceX Cursor acquisition rumor and what a $60 billion valuation means for AI coding tools. They debate Bun's million-line Rust rewrite generated entirely by AI, the tradeoffs of agentic coding at scale, and a...

Can I download this PodRocket episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!