News

Over 300 npm packages compromised by self-replicating worm0 0

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...
GovInfoSecurity

Shai Hulud Burrows Into NPM Repository

An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
InfoWorld

ECMAScript 2025 JavaScript standard approved

ECMAScript 2025, the latest version of the ECMA International standard for JavaScript, has been officially approved. The specification standardizes new JavaScript capabilities including JSON modules, ...
Developer Tech

JavaScript packages hide ‘protestware’ against Russian users

Security researchers from Socket have stumbled upon a digital booby trap set for Russian-language users within JavaScript packages. The researchers found two npm packages – with the rather innocuous ...
Developer Tech

Package lurking in npm for six years waits to destroy your work

Socket’s threat researchers have uncovered a package lurking in npm for six years that awaits a remote command to wipe projects. The culprit? A package called xlsx-to-json-lh, which mimics the ...
Geeky Gadgets

47 Claude Code Tips, Tricks & Hacks to Improve Your AI Coding

What if you could unlock the full potential of AI to supercharge your productivity, spark creativity, and streamline your daily tasks? With tools like Claude Code, this isn’t just a futuristic fantasy ...
GitHub

Bug: Npm Start not working in react project using either Vite or C-R-A

i donno it's just in my system i donno if this is right place also i don't have stack overflow nor you guys operate a discord server.. npm warn deprecated [email protected]: Use your platform's native ...
TechCrunch

Google begins requiring JavaScript for Google Search

Google says it has begun requiring users to turn on JavaScript, the widely used programming language to make web pages interactive, in order to use Google Search. In ...
InfoQ

vlt Introduces New JavaScript Package Manager and Serverless Registry

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Bleeping Computer

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.