Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.

A lightweight, browser-native Node.js runtime environment. Run Node.js code, install npm packages, and develop with Vite or Next.js - all without a server. Built by the creators of Macaly.com — a tool ...

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...

Feature bloat, or added value for this JavaScript toolkit? The Bun team has released version 1.2.21 of its JavaScript bundler and runtime, written in Zig, adding features including built-in drivers ...

OpenAI has disabled the leaked chat model we were previously using, so we're now defaulting to text-davinci-003, which is not free. We've found several other hidden, fine-tuned chat models, but OpenAI ...

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Ankit here - 8y in frontend + backend. Full-stack dev who loves building, debugging, and sharing stories that help other ...