Astral, the team behind the Rust-based Python toolchain including Ruff and uv, has been acquired by OpenAI. That single move signals where the AI lab thinks the next leverage point is: not models, but the developer tooling layer underneath them.
This week also produced a supply-chain attack on LiteLLM, a new open source coding agent called OpenCode, a public Rust post cataloguing the language's own friction points, WorkOS extending AuthKit to CLI auth via OAuth Device Flow with SSO and MFA support, Ryan Lizza building an open source TurboTax alternative with AI assistance, and a fork of httpx that turns a maintainer conflict into a real dependency decision for thousands of projects.
The full newsletter is worth reading because the details matter here. The LiteLLM attack, the httpx fork, and the Astral acquisition are not separate stories. They are the same story about who controls the tools, who controls the supply chain, and what it costs when that trust breaks.
[READ ORIGINAL →]