Eleven Minutes to Mayhem

News includes Elixir 1.20.0-rc.6 arriving as likely the final release candidate before v1.20.0 ships, completing a ~15-week roadmap and delivering full type inference across applications and dependencies. The EEF 2026 election results are in with 3 returning and 1 new board member, LiveStash v0.3.0 lands with a Redis adapter and auto-stashing for Phoenix LiveView state recovery on WebSocket reconnects, a call goes out for BEAM ecosystem companies to step up and support the EEF’s critical security work, and GitHub suffered a significant breach when a hijacked VS Code extension quietly exfiltrated ~3,800 internal repositories in just 11 minutes, and more!

Show Notes online - http://podcast.thinkingelixir.com/305

Elixir Community News

• https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.
• https://elixirforum.com/t/elixir-v1-20-0-rc-6-released/75448 – Elixir v1.20.0-rc.6 released on the ElixirForum - the likely final release candidate before v1.20.0 final, completing the ~15 week type inference roadmap. Includes tips for profiling compile times before and after upgrading.
• https://github.com/elixir-lang/elixir/releases/tag/v1.20.0-rc.6 – GitHub release page for Elixir v1.20.0-rc.6. Highlights include full type inference across applications and type inference across deps.
• https://erlef.org/blog/eef/election-2026-results – EEF 2026 election results - David Bernheisel, Francesco Cesarini, Amos King, and Alistair Woodman were elected.
• https://x.com/swmansionelixir/status/2054945784148201684 – Software Mansion announces LiveStash v0.3.0, featuring a new Redis Adapter and Auto-Stashing for Phoenix LiveView state recovery on WebSocket reconnects.
• https://github.com/software-mansion-labs/live-stash – GitHub repo for LiveStash - a library providing a reliable API to stash and recover Phoenix LiveView assigns when socket connections are interrupted or re-established.
• https://x.com/ZachSDaniel1/status/2057517360060522872 – A call to action for companies generating revenue on the BEAM ecosystem to support the EEF. The EEF maintains a CNA and coordinates security across the ecosystem including hex.pm, but the current effort is no longer sustainable.
• https://hauleth.dev/post/writing-tests/ – A solid blog post on writing better Elixir tests. Covers using a @subject module attribute, grouping tests with describe, preferring dependency injection over mocking, avoiding factory libraries in favor of calling context functions directly, and using property-based testing with StreamData.
• https://x.com/github/status/2056884788179726685 – GitHub's official tweet confirming unauthorized access to their internal repositories. No confirmed evidence of impact to customer data outside GitHub's internal repos at time of posting.
• https://x.com/intcyberdigest/status/2056970677668770117 – Report that GitHub was compromised by TeamPCP via a poisoned VS Code extension on an employee device, resulting in ~3,800 internal repositories being exfiltrated and sold on a cybercrime forum.
• https://x.com/star_knight12/status/2056977944334266428 – Detailed breakdown of the GitHub hack - the Nx Console VS Code extension (2.2M installs) was hijacked with a credential stealer hidden in an orphan commit. It harvested tokens from GitHub, npm, AWS, Kubernetes, and 1Password. The poisoned version was live for only 11 minutes before detection.

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Find us online

• Message the show - Bluesky
• Message the show - X
• Message the show on Fediverse - @ThinkingElixir@genserver.social
• Email the show - show@thinkingelixir.com
• Mark Ericksen on X - @brainlid
• Mark Ericksen on Bluesky - @brainlid.bsky.social
• Mark Ericksen on Fediverse - @brainlid@genserver.social
• David Bernheisel on Bluesky - @david.bernheisel.com
• David Bernheisel on Fediverse - @dbern@genserver.social