Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Abstract: One of the more interesting developments recently gaining popularity in the server-side JavaScript space is Node.js. It's a framework for developing high-performance, concurrent programs ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...

System design, programming languages, DevOps, cloud infrastructure, and the craft of writing clean code. From junior devs to principal engineers.

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.