Welcome to GigaElixir Gazette, your 5-minute digest of Elixir ecosystem news that actually matters.

This week in Elixir: Elixir v1.20 ships with gradual typing, no annotations required, a $10 Claude experiment at ElixirConf EU surfaced critical CVEs in decimal and other widely-used Hex packages - faster than the disclosure process could keep up.

Also: Bond 1.0.0 locks in Design by Contract with SemVer stability. CouncilEx puts multi-model LLM deliberation in your supervision tree. A gen_statem walkthrough shows why state machines beat conditional dispatch for bot logic.

Elixir v1.20 delivers the first milestone of its type system without requiring a single type annotation. The compiler now performs type inference across every program, reporting dead code and verified bugs - code guaranteed to fail at runtime if executed. The implementation uses the dynamic() type, which narrows during pattern matching and guard evaluation rather than accepting everything like any(), in the If T benchmark, Elixir passes 12 of 13 type narrowing categories.

Read the release →

Peter Ullrich ran a $10 Claude experiment at ElixirConf EU against the most-downloaded Hex packages and found a critical vulnerability in decimal - used by nearly every database and money-handling package - in under 30 minutes with no prior security experience. Since then he's found roughly twice as many CVEs as published. The patterns: String.to_atom/1, binary_to_term/1 enabling atom exhaustion or RCE, and HTTP libraries missing buffer caps on WebSocket connections. EEF's Jonathan Machen explains what the infrastructure currently handles.

Explore the findings →

Bond 1.0.0 is the first stable release of the Design by Contract library for Elixir. Write preconditions, postconditions, and invariants alongside your code; Bond checks them at runtime with messages that identify exactly what was violated. Contracts compile conditionally per environment and the :purge option strips all contract code from production binaries entirely. The invariant system also drives Bond.PropertyTest.invariants_hold/2, running randomized state sequences via StreamData and using your invariants as the oracle.

Read the release post →

CouncilEx runs multiple LLMs through structured deliberation rounds - independent analysis, peer review, and voting - then aggregates results into a single answer. A single adapter behaviour covers OpenAI, Anthropic, Gemini, Ollama, and OpenRouter; switching providers is a config change. Structured output, streaming, tool calls, and per-member confidence scoring are all opt-in per member. Runs are plain pids owned by the calling code, with PubSub events and telemetry available for tracing what the council actually decided. Inspired by Karpathy's llm-council.

Check the docs →

Micael Nussbaumer walks through building a card-game draft bot using gen_statem, the OTP behavior underneath GenServer for explicit state machines. The entire implementation fits in a single .exs file, making it easy to run locally. The walkthrough covers why gen_statem beats handle_cast dispatch for sequential state transitions where the next allowed action depends entirely on the current phase - exactly the constraint a draft round enforces. The bot runs in the game Aether Summon, currently in beta.

Read the walkthrough →

Inertia.js pairs Phoenix with a React frontend without a REST API between them - for hand-written codebases, it works well.

The gap shows at the infrastructure layer. Server-side rendering with React requires a Node.js worker pool running alongside your Elixir app to produce that first HTML paint.

One dependency for application code becomes two runtimes to deploy, monitor, and update.

Daniel Bergholz ran this setup for a year building CourseShelf, then deleted 345 commits and started over with full-stack LiveView. His specific breaking point: AI agents produced broken Inertia Phoenix code consistently.

The Inertia Phoenix port lacks the tooling that the Laravel version has, and no code generation exists for the TypeScript types that every backend resource requires - pure manual sync, every time.

LiveView removes the seam entirely. No TypeScript types folder, no SSR worker pool, no React bundle to reconcile with server state.

Bergholz notes that the React-to-LiveView migration also resolved the AI agent problem - agents write LiveView code correctly because the pattern has wide representation in training data and the mental model maps directly to OTP.

The lesson is not that React is wrong for Elixir - Inertia itself is solid - it is that the Phoenix port trades the simplicity that drew you to the BEAM in the first place. If you are maintaining two runtimes to add a frontend to an Elixir app, that infrastructure cost compounds with every feature.

Remember, for full-stack Elixir migration:

Read the full story →

Deploy your next Elixir app hassle-free with Gigalixir and focus more on coding, less on ops.

We're specifically designed to support all the features that make Elixir special, so you can keep building amazing things without becoming a DevOps expert.

Keep it simple, keep it functional.

See you next week,

Michael

P.S. Forward this to a friend who loves Elixir as much as you do 💜