InfoWorld

Is your Node.js project really secure?

Node.js does not need more theatrical security output. It needs better developer workflow infrastructure. It needs tools that ...
InfoWorld

The best JavaScript certifications for getting hired

Earn these JavaScript certs to demonstrate mastery of the most in-demand skills for the world’s most-used programming ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

Rsbuild 2.0: Faster bundling, ESM-first and Node 20

Rsbuild 2.0 relies on Rspack 2.0, modernizes defaults (ESM-first, Node 20) and reduces dependencies. New APIs enhance ...
TechJuice

GlassWorm Escapes JavaScript Sandbox to Silently Spread Across Developer Tools

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

Anthropic bakes memory fixes into Bun 1.1.13 as developers complain of leaks

But perhaps most important is the attention to memory issues in this release. Bun inventor Jared Sumner claims that the ...
Bleeping Computer

Latest Node.js news

Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it ...
The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...