Dev weekly digest: TypeScript goes Go, pnpm 11 goes SQLite, Zed goes 1.0

A loud week for tooling. The TypeScript compiler shipped its long-rumored Go port in beta, pnpm landed a major release with a SQLite-backed store and supply-chain protection on by default, and Zed finally hit 1.0 after five years and a thousand releases. Add a Node 26 slip, a React Compiler Rust port surfacing inside Meta, and an iOS submission deadline that just bit, and there's plenty here that demands action this week.

1. TypeScript 7.0 Beta lands with a Go-based compiler

Microsoft released TypeScript 7.0 Beta — the public debut of "Project Corsa," a methodical port of the TypeScript compiler from TypeScript to Go. Type-checking logic is structurally identical to 6.0, but build times are roughly 10× faster thanks to native code and shared-memory parallelism. The beta has been validated by Bloomberg, Canva, Figma, Google, Linear, Notion, Slack, Vercel, and others; a stable programmatic API is slated for 7.1.

Source: Announcing TypeScript 7.0 Beta — Microsoft

2. pnpm 11.0 — SQLite-backed store, supply-chain protection on by default

pnpm 11 is a big release. The store gains a SQLite-backed index for faster installs, native package publishing replaces the silent npm publish fallback, and minimumReleaseAge is set to one day by default to block freshly compromised packages. There's also a new pnpm pack-app command that produces a standalone executable via Node's SEA. Note the upgrade footprint: pnpm is now ESM-only, requires Node.js 22+, and the standalone binary needs glibc 2.27+. A Rust port called Pacquet has resumed work in parallel.

Source: pnpm 11.0 release notes

3. Zed 1.0 ships after five years and 1,000+ releases

Zed — the Rust editor from the team behind Atom and Electron — hit 1.0. The headline isn't a feature but the architecture: a custom GPU-accelerated UI framework (GPUI), a CRDT-based sync engine (DeltaDB) for character-level history, and an Agent Client Protocol that plugs in Claude Agent, Codex, OpenCode, and Cursor with parallel agent runs. Available on macOS, Windows, and Linux. If you've been waiting for a stable cut before evaluating, this is it.

Source: Zed is 1.0 — Zed's Blog

4. Node.js 26 slips to May 5 — but Temporal lands by default

Node 26 (Current) was supposed to ship this week. A macOS/Rosetta 2 issue with the Temporal API broke the build, so the official release moved to May 5. RC2 is already on the download server if you want to test today. Once it lands, you get Temporal enabled by default (V8 14.6), Map.getOrInsert, an updated fetch client, and a stack of ES2025/ES2026 niceties. Plan migrations and CI matrix updates accordingly.

Source: Node.js v26.0 release tracking PR

5. React Compiler is being ported to Rust — and tested inside Meta

A WIP port of the React Compiler from JavaScript to Rust has been confirmed as undergoing internal testing at Meta. Sascha Greif also published an 18-month retrospective on the React Compiler covering the design debates, the move from auto-memoization toward more explicit primitives, and what's next. Together they're the strongest signal yet that the compiler is heading for a faster, more production-shaped second act.

Source: The React Compiler at Eighteen Months

6. RFC: Swift Package Manager support for React Native (CocoaPods replacement)

A new RFC proposes replacing CocoaPods with Swift Package Manager as the iOS dependency manager for React Native. CocoaPods has been in maintenance mode for some time, and SPM is now mature enough to act as the default. If accepted, this is a multi-year migration that touches every native module author and template — well worth reading and commenting on now while the design is still in flux.

Source: RFC: Swift Package Manager support in React Native

7. Rspack 2.0 — 10% faster, better tree-shaking, experimental RSC

Rspack 2.0, the Rust webpack-compatible bundler, is out. It's roughly 10% faster than 1.7, performs better static analysis for tree-shaking, and adds experimental React Server Components support. Rsbuild 2.0 dropped alongside it. For projects still on webpack, Rspack remains the lowest-friction path off it; for projects considering Vite or Turbopack, the RSC story is now a real comparison point.

Source: Announcing Rspack 2.0

8. Android Studio Panda 4 stable + Jetpack Compose 1.11

Google promoted Android Studio Panda 4 to stable, with Planning Mode and Next Edit Prediction joining the agent toolset, plus a project assistant and agent skills. Compose 1.11 is also stable: updated test coroutine APIs, shared element debug tooling, and improved trackpad support. Credential Manager now offers verified email as a one-tap replacement for OTP-based email verification, which is worth designing into new auth flows.

Source: Android Weekly #724

9. Xcode 26 required for App Store Connect — deadline already in effect

Apple's previously announced cutover landed this week: starting April 28, 2026, apps uploaded to App Store Connect must be built with Xcode 26 (which targets the iOS 26 SDK). If your CI is still pinned to Xcode 16/17, builds will be rejected. Update your build images, expect Swift 6 strict-concurrency surprises, and re-test third-party native dependencies before pushing your next release.

Source: Apple Developer — Upcoming requirements

10. Intercom npm package compromised in another Shai-Hulud worm attack

The official Intercom npm package was hit by another iteration of the Shai-Hulud supply-chain worm, which propagates by stealing maintainer credentials and republishing infected versions of downstream packages. It's a useful real-world reminder of why pnpm 11 made minimumReleaseAge default to a day — and why audit-locking, lockfile review, and CI provenance checks matter even on packages you've trusted for years. Pin, audit, and keep an eye on Socket and GitHub advisories.

Source: Intercom's npm package compromised in supply-chain attack — Socket