Every developer should be paying attention to the local-first architecture movement and what it means for JavaScript. Here’s ...

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface ...

Version 2.7 of the runtime for JavaScript and TypeScript stabilizes the Temporal API, introduces npm overrides, and ...

Warper 7.2 is a cutting-edge open-source React virtualization library utilizing Rust and WebAssembly for unmatched ...

A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...

NPM, the Node Package Manager, hosts millions of packages and serves billions of downloads annually. It has served well over the years but has its shortcomings, including with TypeScript build ...

Porch piracy isn’t a minor inconvenience anymore. Practically everyone has experienced it, and it’s a nuisance that turns convenient online shopping into a gamble. If you’re tired of replacing things ...

Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to ...

North Korean hackers continue to poison npm packages with malicious JavaScript libraries targeting developers in the ongoing Contagious Interview campaign. One month after October 10, 2025, the ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...

As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...