npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

AI now generates more than 50% of the world’s code, and growing. The tooling that catches what that code breaks in production was not made to keep up with that speed of delivery. NodeSource, the ...

We are a weekly podcast and newsletter made to deliver quick and relevant JavaScript updates in just under 4 minutes. We are a weekly podcast and newsletter made to deliver quick and relevant ...

Version 2.7 of the runtime for JavaScript and TypeScript stabilizes the Temporal API, introduces npm overrides, and significantly improves Node.js compatibility. With Deno 2.7, the team releases an ...

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account for billions of weekly downloads. In a massive attack on the JavaScript ...

Malicious actors have found a way to hide open-source malware in Ethereum smart contracts, as per a recent report. On Sep. 3, the software security firm ReversingLabs released a report as per which ...

This module provides source map support for stack traces in node via the V8 stack trace API. It uses the source-map module to replace the paths and line numbers of source-mapped files with their ...