Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...

Meteor CTO Henrique Schmaiske led the framework's largest release in over a decade, removing Fibers and migrating to async/await across 2,300 commits while keeping 500,000+ active installations stable ...

Cloudflare acquires VoidZero, bringing Vite’s open source team and tooling, plus $1M ecosystem fund, to unify modern JavaScript development ...

If reinstalling software feels repetitive, these tools have some ideas.

Acquisition brings Vite, the world’s leading JavaScript build tool, and its core open source team to Cloudflare Cloudflare commits $1 million to an independent Vite ecosystem fund to support open sour ...

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...