Matteo Collina has proposed a Virtual File System (VFS) for Node.js core through the node:vfs module. The proposal includes about 19,000 lines of code and addresses common workflow challenges. While ...

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

AI now generates more than 50% of the world’s code, and growing. The tooling that catches what that code breaks in production was not made to keep up with that speed of delivery. NodeSource, the ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Attackers hijacked a dormant npm maintainer account and pushed malicious node-ipc versions that steal crypto keys, AWS tokens ...

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

Cloud-native, done for the enterprise – not the demoContainers and micro-services are not the hard part. Making them work alongside the core systems that already run your business is – and that is ...

Experts say Arizona has pulled in 70 semiconductor projects and $214 billion in investment. But can the industry hire fast ...

The Glassworm botnet, a global operation targeting software developers through the open-source supply chain, was disrupted ...

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...