Tag: JavaScript
Attackers Testing New Strain of Shai-Hulud on npm: Aikido
Jeff Burt | | Aikido Security, GitHub repositories, information stealing, JavaScript, leaked secrets, npm registry, Shai-Hulud wormThreat actors behind the virulent Shai-Hulud worm that wreaked havoc in open npm repositories toward the end of 2025 apparently are trying out a new strain that comes with slight modifications. Security ...
Anthropic Acquires Bun to Accelerate AI Coding Tools
Jon Swartz | | AI coding, Anthropic, Bun, Claude Code, Enterprise AI, github, JavaScript, microsoft, Netflix, node.js, NVIDIA, open source, OpenAI, Salesforce, spotifyAnthropic says it has acquired Bun, a high-performance JavaScript toolkit, to turbocharge its artificial intelligence (AI) coding capabilities -- further underscoring a significant push into developer tooling as it scales Claude Code, ...
Second Coming of Shai-Hulud Cyberattack Ravages JavaScript Repositories
A major expansion of the self-propagating Shai-Hulud cyberattack aimed at popular node package managers (npms) used by JavaScript application developers is creating a major headache for DevSecOps teams around the globe. Based ...
Microsoft Engineers Highlight Git Repository Bloat Flaw
A Git functionality shortcoming means Git calculates changes between different versions of the same file, which ultimately creates repository bloat through the excess storage requirements that result ...
Open-Source Software Community Riled by Yet Another CVE
Another maintainer of an open-source software project has decided to no longer actively update IP address parsing utilities used widely by JavaScript developers ...
Polyfill Becomes a Supply-Chain Risk to 100,000 Websites
A Chinese company in February bought the domain and GitHub account for Polyfill, a popular open-source library used by more than 100,000 websites to deliver JavaScript code ...
Steady On. We Still Have a Job to Do
Don Macvittie | | ai, app development, appsec, Generated code, generative AI, java, JavaScript, LLM, ml, security, testing, XMLAI-generated change is not significantly different than the last couple decades where change has become IT’s constant companion ...
Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
Richi Jennings | | core-js, Denis Pushkarev, JavaScript, open source, PyPi, Russia, Software Supply Chain, Software Supply Chain Security, softwaresupplychain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI ...
A DevSecOps Process for Node.js Projects
Node.js is an open source development platform for running JavaScript code on the server side. Node is useful for developing applications that require a persistent browser-server connection and is often used for ...
Best of 2022: We Must Kill ‘Dinosaur’ JavaScript | Microsoft Open Sources 3D Emoji
Richi Jennings | | Douglas Crockford, E, emoji, github, JavaScript, microsoft, MIT license, The Devil hath power to assume a pleasing shape, The Long View, TypeScript, Wasm, WebAssemblyIn this week’s The Long View: JavaScript is a bloated barrier to progress, and Microsoft’s emoji are on GitHub ...
AppSmith Adds Git Support to Low-Code App Dev Framework
Mike Vizard | | application development, AppSmith, Git repository, JavaScript, low-code applicationsAppSmith has added support for Git repositories to an open source framework for building custom applications using a low-code platform based on the JavaScript programming language. Rishabh Kaul, head of marketing for ...
Stytch Launches New, Flexibility-First SDK
Passwordless solutions have been a trend for a while now, improving user experience (UX) while reducing exposure to common attack vectors. Now, Stytch’s new JavaScript SDK aims to make password-free authentication a ...
