Will JavaScript type annotations kill TypeScript?
The creators of Svelte and Turbo 8 both dropped TS recently saying that "it's not worth it".
Yes: If JavaScript gets type annotations then there's no reason for TypeScript to exist.
No: TypeScript remains the best language for structuring large enterprise applications.
TBD: The existing user base and its corpensource owner means that TypeScript isn’t likely to reach EOL without a putting up a fight.
I hope they both die. I mean, if you really need strong types in the browser then you could leverage WASM and use a real programming language.
I don’t know and I don’t care.

Major Git Security Vulnerability Discovered Causing GitHub to Encourage Update to Git Clients

Dec 18th, 2014 2:11pm by
Featued image for: Major Git Security Vulnerability Discovered Causing GitHub to Encourage Update to Git Clients

A major Git security vulnerability has been discovered and has forced GitHub to issue a warning and request for users to update their Git clients.

According to a GitHub blog post, the vulnerability affects “all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. ”

Due to the vulnerability, GitHub is encouraging all of its users of GitHub and GitHub Enterprise to update their Git clients and be “particularly careful when cloning or accessing Git repositories hosted on unsafe or untrusted hosts.”

Here’s how the vulnerability works:

Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

Bryan Helmkamp, CEO and Founder of CodeClimate said the attacks are significant for a number of reasons:

The blog post explains that Github verifies and blocks malicious trees that trigger the vulnerability. They say that means repositories on are protected. To further address the issue, GitHub has done a scan of existing content on  in search of “malicious content that might have been pushed to our site before this vulnerability was discovered.”

Updated versions of GitHub for Windows and GitHub for Mac are available for download.

According to GitHub, more details on the vulnerability can be found in the official Git mailing list announcement and on the git-blame blog.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.