Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

Supply chain attacks feel like they're becoming more and more common.

Abstract: Detecting front-end JavaScript libraries in web applications is essential for website profiling, vulnerability detection, and dependency management. However, bundlers like Webpack transpile ...

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...

Critical React Server Components flaw enables remote code execution, prompting urgent crypto industry warnings as attackers exploit CVE-2025-55182 to drain wallets and deploy malware across vulnerable ...

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...

React, a popular open source JavaScript library for web and native user interfaces, will be transferred from Meta to the React Foundation, a new organization being formed under the Linux Foundation.

Chainguard, a trusted foundation for software development and deployment, is launching Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript ...

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...