Node JS

[ follow ]
#deno #performance-improvements #ecmascript #websocket #npm #webcam #developer-tools #language-server #cron-jobs
Node JS
fromnews.bitcoin.com
1 day ago

822K Downloads at Risk: Malicious node-ipc Versions Spotted Stealing AWS and Private Keys

Three tainted node-ipc releases automatically steal developer and cloud credentials via DNS tunneling, affecting projects that installed or updated them.
Node JS
fromThe Cyber Express
1 day ago

Node-ipc Npm Package Hit By Credential Stealer Attack

Malicious node-ipc npm releases used obfuscated code to fingerprint systems, steal files, encrypt data, and exfiltrate via DNS, with prior versions also compromised.
Node JS
fromDEV Community
2 days ago

The Tiny Proxy That Fixed Local Development for Our Multi-Repo Frontend

A local HTTPS reverse proxy with path-based routing and API proxying enables micro-frontends to run like a monolith on one domain.
#npm
Node JS
fromInfoQ
1 month ago

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.
Node JS
fromBleepingComputer
1 month ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.
Node JS
fromTheregister
1 month ago

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.
Node JS
fromInfoQ
1 month ago

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.
Node JS
fromBleepingComputer
1 month ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.
Node JS
fromTheregister
1 month ago

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.
more#npm
Node JS
fromInfoQ
4 days ago

AdonisJS v7 Ships End-to-End Type Safety, Reworked Starter Kits and Zero-Config OpenTelemetry

AdonisJS v7 adds end-to-end type safety via codegen, typed routing, serialization, and type-safe API clients, alongside new starter kits and improved observability and docs.
fromTanstack
3 days ago

Postmortem: TanStack npm supply-chain compromise | TanStack Blog

The malicious versions were detected publicly within 20 minutes by an external researcher ashishkurmi working for stepsecurity. All affected versions have been deprecated; npm security has been engaged to pull tarballs from the registry. We have no evidence of npm credentials being stolen, but we strongly recommend that anyone who installed an affected version on 2026-05-11 rotate AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials reachable from the install host.
Node JS
fromNew Relic
4 days ago

OpenTelemetry Collector Configuration for New Relic Language Agent Error Filtering | New Relic

NR language agents can therefore be configured to ignore certain errors by HTTP status code or error class. The result is that errors are still sent to New Relic, but are prevented from affecting error rate or appearing in errors inbox.
Node JS
Node JS
fromBleepingComputer
1 week ago

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in vm2 allows escaping the sandbox and executing arbitrary code on the host system.
#nodejs
more#nodejs
#javascript
Node JS
fromSubstack
2 weeks ago

Friday Links #37 - Dev Tools, AI & JS Updates

JavaScript updates focus on significant performance improvements, new tools, and AI-driven workflows that impact real-world projects.
Node JS
fromFrontendmasters
1 month ago

What To Know in JavaScript (2026 Edition)

JavaScript's ECMAScript 2025 introduces new iterator methods and improved set functionalities, enhancing performance and usability for developers.
Node JS
fromAlex MacArthur
1 month ago

Your options for preloading images with JavaScript

Preloading images in JavaScript can be achieved through various methods, with the best choice depending on specific circumstances.
Node JS
fromInfoQ
1 month ago

State of JavaScript 2025: Survey Reveals a Maturing Ecosystem with TypeScript Cementing Dominance

TypeScript continues to dominate the JavaScript ecosystem, with 40% of developers using it exclusively, while Vite surpasses Webpack in satisfaction.
Node JS
fromSubstack
2 weeks ago

Friday Links #37 - Dev Tools, AI & JS Updates

JavaScript updates focus on significant performance improvements, new tools, and AI-driven workflows that impact real-world projects.
Node JS
fromAllthingssmitty
3 weeks ago

Why I don't chain everything in JavaScript anymore - Matt Smith

Chaining methods in JavaScript can complicate readability and debugging, making step-by-step coding often clearer and easier to manage.
Node JS
fromCSS-Tricks
4 weeks ago

A Well-Designed JavaScript Module System is Your First Architecture Decision | CSS-Tricks

JavaScript modules enable private scopes and controlled global access, essential for managing large programs and avoiding conflicts.
Node JS
fromFrontendmasters
1 month ago

What To Know in JavaScript (2026 Edition)

JavaScript's ECMAScript 2025 introduces new iterator methods and improved set functionalities, enhancing performance and usability for developers.
Node JS
fromAlex MacArthur
1 month ago

Your options for preloading images with JavaScript

Preloading images in JavaScript can be achieved through various methods, with the best choice depending on specific circumstances.
Node JS
fromInfoQ
1 month ago

State of JavaScript 2025: Survey Reveals a Maturing Ecosystem with TypeScript Cementing Dominance

TypeScript continues to dominate the JavaScript ecosystem, with 40% of developers using it exclusively, while Vite surpasses Webpack in satisfaction.
more#javascript
Node JS
fromInfoQ
2 weeks ago

NestJS v12 Roadmap: Full ESM Migration, Standard Schema Validation and Modernised Toolchain

NestJS v12.0.0 will fully migrate to ESM, introduce Standard Schema support, and modernize the toolchain with Vitest and oxlint.
Node JS
fromEngadget
2 weeks ago

It runs Doom: AI chatbot edition - Engadget

AI chatbots can now run a playable version of Doom using Model Context Protocol.
Node JS
fromInfoQ
2 weeks ago

npmx Reaches Alpha: Community Driven Alternative Browser for the npm Registry

npmx is an open-source package browser for npm that offers a faster, feature-rich experience compared to npmjs.com.
Node JS
fromInfoWorld
3 weeks ago

Is your Node.js project really secure?

Dependency security workflows in JavaScript and Node.js lack actionability, leading to late awareness of risks and ineffective responses.
Node JS
fromInfoQ
3 weeks ago

pnpm 11 Release Candidate: ESM Distribution, Supply Chain Defaults and a New Store Format

pnpm 11 RC introduces significant changes in performance, security, and configuration, including a new SQLite-backed store and isolated global installs.
#bun
Node JS
fromTheregister
3 weeks ago

Bun 1.1.13 out with memory fixes as dev complain of leaks

Bun JavaScript runtime 1.1.13 improves testing support and memory management, addressing critical issues like memory leaks in production environments.
Node JS
fromhowtocenterdiv.com
1 month ago

Bun vs Node.js Performance: Why Your Event Loop Is the Real Bottleneck

Bun outperforms Node.js in specific benchmarks, but real-world performance issues often stem from database and CPU bottlenecks, not runtime choice.
Node JS
fromTheregister
3 weeks ago

Bun 1.1.13 out with memory fixes as dev complain of leaks

Bun JavaScript runtime 1.1.13 improves testing support and memory management, addressing critical issues like memory leaks in production environments.
Node JS
fromhowtocenterdiv.com
1 month ago

Bun vs Node.js Performance: Why Your Event Loop Is the Real Bottleneck

Bun outperforms Node.js in specific benchmarks, but real-world performance issues often stem from database and CPU bottlenecks, not runtime choice.
more#bun
Node JS
fromgithub.com
3 weeks ago

webllm/webblackbox: A Web Blackbox

WebBlackbox records web app interactions and errors, allowing for detailed session replay and debugging.
Node JS
fromTheregister
3 weeks ago

Linux 7.1 will have an optional new NTFS driver

Linux kernel 7.1 introduces a new read-write NTFS driver, emphasizing clean and maintainable code over significant performance improvements.
Node JS
fromDEV Community
3 weeks ago

I got tired of wiring the same caching stack every project, so I built LayerCache

LayerCache simplifies caching by stacking multiple layers and handling cache misses efficiently.
Node JS
fromInfoQ
4 weeks ago

Pulumi Adds Full Bun Runtime Support

Bun is now a fully supported runtime for Pulumi, allowing developers to execute infrastructure programs without Node.js installation.
Node JS
fromRaymondcamden
4 weeks ago

Summarizing Docs with Built-in AI

On-device summarization of various document types, including Office formats, is achievable using libraries like officeParser and Chrome's Summary API.
Node JS
fromInfoQ
1 month ago

Using AWS Lambda Extensions to Run Post-Response Telemetry Flush

Lambda extensions enable post-response work, improving API response times by managing telemetry flushing without impacting request handling.
#axios
Node JS
fromNist
1 month ago

NVD

Axios library versions prior to 1.15.0 are vulnerable to Prototype Pollution, leading to Remote Code Execution and Full Cloud Compromise.
Node JS
fromSecurityWeek
1 month ago

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.
Node JS
fromAxios
1 month ago

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.
Node JS
fromThe Hacker News
1 month ago

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.
Node JS
fromNist
1 month ago

NVD

Axios library versions prior to 1.15.0 are vulnerable to Prototype Pollution, leading to Remote Code Execution and Full Cloud Compromise.
Node JS
fromSecurityWeek
1 month ago

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.
Node JS
fromAxios
1 month ago

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.
Node JS
fromThe Hacker News
1 month ago

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.
more#axios
Node JS
fromRaymondcamden
1 month ago

Testing OCR with Chrome Built-in AI

Chrome's built-in AI can perform OCR on images, enabling text extraction and bounding box identification.
Node JS
fromNist
1 month ago

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.
Node JS
fromYcombinator
1 month ago

Show HN: I rewrote my 2012 self-signed cert generator in Go - cert-depot.com | Hacker News

A new certificate generation tool was built in Go, eliminating external dependencies and improving security features.
Node JS
fromSecurityWeek
1 month ago

Guardarian Users Targeted With Malicious Strapi NPM Packages

A supply chain attack targeting the Strapi ecosystem involved 36 malicious NPM packages delivering various harmful payloads.
#cybersecurity
Node JS
fromThe Hacker News
1 month ago

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

36 malicious npm packages disguised as Strapi CMS plugins facilitate exploitation and credential harvesting.
Node JS
fromInfoQ
1 month ago

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.
Node JS
fromThe Hacker News
1 month ago

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

36 malicious npm packages disguised as Strapi CMS plugins facilitate exploitation and credential harvesting.
Node JS
fromInfoQ
1 month ago

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.
more#cybersecurity
Node JS
fromTreehouse Blog
1 month ago

How to Build Your First Full Stack App as a Beginner

Building a simple full stack project enhances understanding of front end, back end, and database interactions beyond theoretical knowledge.
Node JS
fromhowtocenterdiv.com
1 month ago

Database Performance Bottlenecks: N+1 Queries, Missing Indexes, and Connection Pools

Database issues, like missing indexes and N+1 queries, are often overlooked in software engineering, leading to persistent performance problems.
fromZDNET
1 month ago

How this strange little distro can boost your Linux skills

Peropesis is a command-line-only OS that can only be run as a live instance. Users log in with the root user and should change the password immediately.
Node JS
Node JS
fromInfoQ
1 month ago

Inside Netflix's Graph Abstraction: Handling 650TB of Graph Data in Milliseconds Globally

Netflix engineers developed Graph Abstraction to manage large-scale graph data in real time, enabling fast queries and supporting various internal services.
Node JS
fromInfoQ
1 month ago

QCon London 2026: Running AI at the Edge - Running Real Workloads Directly in the Browser

Running AI in the browser enhances privacy, reduces latency, and lowers costs by eliminating reliance on third-party cloud services.
Node JS
fromThe Hacker News
1 month ago

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean threat actors use StoatWaffle malware via malicious VS Code projects to steal data and execute commands on infected systems.
Node JS
fromDEV Community
1 month ago

I Scanned 10 Popular GitHub Actions Workflows for Undocumented Environment Variables. Here's What I Found.

Many popular JavaScript projects have undocumented environment variables in their GitHub Actions workflows, leading to potential issues for developers forking these projects.
Node JS
fromInfoWorld
1 month ago

Edge.js launched to run Node.js for AI

Edge.js is a WebAssembly-based JavaScript runtime that safely executes Node.js applications with faster startup times by sandboxing workloads through WASIX.
Node JS
fromDEV Community
1 month ago

Why I Stopped Maintaining .env.example by Hand

A new tool automatically discovers environment variables used in Node.js code to prevent stale .env.example files from causing deployment failures.
Node JS
fromgithub.com
1 month ago

zahhar/ghcp-dashboard: Dashboard with Github Copilot Metrics

A lightweight Node.js dashboard aggregates GitHub Copilot usage metrics via REST API to display team adoption patterns, user engagement, and model/IDE preferences through a browser-based leaderboard interface.
Node JS
fromAllthingssmitty
2 months ago

Native JSON modules are finally real - Matt Smith

Import attributes enable native JSON module support in JavaScript, eliminating the need for bundler transforms by allowing explicit type declaration with the `with { type: "json" }` syntax.
Node JS
fromInfoWorld
2 months ago

TypeScript 6.0 reaches release candidate stage

TypeScript 6.0 reached release candidate stage with improved type checking for function expressions in generic calls, scheduled for general availability on March 17.
Node JS
fromTechzine Global
2 months ago

New npm browser npmx addresses shortcomings of npmjs

Npmx, an open-source alternative interface to npm's official website, addresses widespread developer dissatisfaction with the current package registry's user experience and presentation of package information.
Node JS
fromInfoWorld
2 months ago

Why local-first matters for JavaScript

JavaScript innovation accelerates through local-first SQL datastores, universal isomorphic JavaScript via WinterTC, reactive signals adoption, NPM alternatives, Java-JavaScript bridges, and Deno's resurgence.
fromTheregister
2 months ago

npmx alternative to npmjs released to fix pain of rpm

npmx is about speed and simplicity. It gives you useful data like install size, module format and outdated dependencies ... we're also building social features into npmx because open source is better when it's easier to connect with the people behind the packages.
Node JS
Node JS
fromDevOps.com
2 months ago

Malicious NPM Package Gets Downloaded 50K Times Before Discovery - DevOps.com

A malicious npm package downloaded 50,000 times used naming deception and preinstall script hooks to evade detection and compromise Windows, Linux, and macOS systems.
Node JS
fromMedium
2 months ago

Why your Vitest test suite is slow (and how to fix it)

A team successfully migrated their large React project from Jest to Vitest and optimized performance to exceed Jest speeds through configuration and strategic improvements.
Node JS
fromTheregister
2 months ago

Feel the burn: Open source developers decide to take a break

Open source culture incentivizes sustained overwork, making developer burnout structural, so intentional rest and balance are necessary for long-term OSS sustainability.
Node JS
fromkrasimirtsonev.com
2 months ago

Nice try dear AI. Now let's talk about production.

AI-assisted code generation remains a tool that cannot fully replace senior software engineers; programming fundamentals and human oversight remain essential.
Node JS
fromInfoWorld
2 months ago

WinterTC: Write once, run anywhere (for real this time)

Unified JavaScript runtime standard WinterTC creates a consistent guaranteed API surface across browsers, servers, and edge runtimes to reduce fragmentation.
[ Load more ]