Strip the types and hotwire the HTML—and triple check your package security while you are at it. JavaScript in 2026 is just getting started. I am loath to inform you that the first month of 2026 has ...

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...

GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, ...

A year after a glitch at cybersecurity company CrowdStrike triggered a global computer outage affecting millions of computers, the software vendor is being forced to contain a new threat: a swarm of ...

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...