CSOonline

Flaw in React Native CLI opens dev servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems before a fix in version 20.0.0. A critical remote-code execution (RCE) flaw ...
TechRadar

Millions of developers could be open to attack after critical flaw exploited - here's what we know

CVE-2025-11953 allows OS command injection via Metro server in React Native CLI Affects versions 4.8.0–20.0.0-alpha.2; patched in 20.0.0; exploit requires no authentication No confirmed exploitation ...
Visual Studio Magazine

Microsoft Gets 'Real' on Native TypeScript Remake

Microsoft is progressing on its effort to port the TypeScript compiler and language service from TypeScript/JavaScript to native Go code, a project aligned with the upcoming TypeScript 7.0 release.