With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

AI now generates more than 50% of the world’s code, and growing. The tooling that catches what that code breaks in production was not made to keep up with that speed of delivery. NodeSource, the ...

We are a weekly podcast and newsletter made to deliver quick and relevant JavaScript updates in just under 4 minutes. We are a weekly podcast and newsletter made to deliver quick and relevant ...

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...

Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account for billions of weekly downloads. In a massive attack on the JavaScript ...

A major attack on the supply chain for software packages for the widely used JavaScript runtime environment node.js was discovered on Monday. The attacker has injected obfuscated malicious code into ...

Malicious actors have found a way to hide open-source malware in Ethereum smart contracts, as per a recent report. On Sep. 3, the software security firm ReversingLabs released a report as per which ...