Tech Times

Cloudflare Buys VoidZero: Vite’s 130M Weekly Users Get a New Vendor-Neutrality Pledge

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
unite

Cloudflare Acquires VoidZero, Bringing the Team Behind Vite Into Its Developer Platform ...

Founded by Evan You, VoidZero was created with the goal of building a unified, high-performance JavaScript toolchain. Rather than focusing on a single framework, the ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
IEEE

Reasoning about the Node.js Event Loop using Async Graphs

Abstract: With the popularity of Node.js, asynchronous, event-driven programming has become widespread in server-side applications. While conceptually simple, event-based programming can be tedious ...
heise online

JavaScript runtime developed with AI: Edge.js for secure Node.js applications

As the Wasmer team explains the reasons behind the new runtime, Node.js has two difficulties: it is tied to V8 as the only JavaScript engine and cannot securely execute workloads without ...
heise online

JavaScript runtime Deno 2.0 takes on Node.js

After a release candidate, the final release Deno 2.0 is now available. The runtime for JavaScript and TypeScript is now compatible with Node.js and npm and stabilizes the standard library after four ...