This Supply Chain Hack Proves One Maintainer Can Break Everything
This Supply Chain Hack Proves One Maintainer Can Break Everything - Data Security - Information Security Newspaper | Hacking News| Information Security Newspaper | Hacking News
This Supply Chain Hack Proves One Maintainer Can Break Everything - Data Security - Information Security Newspaper | Hacking News| Information Security Newspaper | Hacking News
JSer.info #749 - Safari 26.0がリリースされました。 WebKit Features in Safari 26.0 | WebKit CSSではCSS Anchor Positioning、Scroll-driven animations、text-wrap: pretty、progress()などが追加されています。 JavaScriptでは、Digital Credentials API、Trusted Types API、URLPattern APIのサポートが追加されています。 また、SVGアイコン、WebGPU、WebSockets over HTTP/2のサポートも含まれています。 そのほかの変更として、User Age...| JSer.info
Today: Workday jostles for position in the race to bring agents to the enterprise, a new type of software supply-chain attack is spreading, and the latest funding rounds in enterprise tech.| Runtime
This is our classic paradox: the metrics and targets that are intended to drive improvement can create a powerful set of incentives that actually work against the very innovation and risk-taking we need to strive for.| Paul Taylor
On September 8, 2025, attackers compromised a set of 18 widely used npm packages—including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions containing obfuscated JavaScript designed to intercept cryptocurrency transactions. Any organization pulling these versions into builds risked […]| Qualys Security Blog
JSer.info #747 - Zod 4.1.0がリリースされ、新しいCodecs APIが追加されました。 Release v4.1.0 · colinhacks/zod Introducing Zod Codecs スキーマの定義に加えて、データのencode/decodeを定義できるCodecs APIが新たに追加されています。また、.safeExtend()メソッド、z.has()やz.hex()の新しいバリデーション関数も追加されています。 --- debugやchalkなどの著名なnpmパッケージが侵害され、マルウェアを含...| JSer.info
The recent npm compromise incident was bad—but it could have been much worse. In the real event, the malicious changes primarily targeted browser environments and [...]| IPConfig.in – What is My IP Address?
On Sept 8, a maintainer’s npm account was phished and attackers pushed malicious updates to 18 popular packages (including chalk and debug). The payload targeted browser environments and could hijack Web3 wallet interactions. Collectively, the impacted packages see billions of weekly downloads, so even short-lived exposure has a big blast radius.| IPConfig.in - What is My IP Address?
JSer.info #744 - Node.js v22.18.0がリリースされました。 Node.js — Node.js v22.18.0 (LTS) このリリースでは、--experimental-strip-typesフラグなしに、TypeScriptの型を取り除いて実行できるようになりました。フラグで無効化したい場合は--no-experimental-strip-typesを指定します。 --- TypeScript 5.9がリリースされました。 Announcing TypeScript 5.9 - TypeScript tsc --initで生成する設定の変更、import deferのサポ...| JSer.info
When I work on multi-lingual projects, it always takes a lot of time to estimate and prioritize the localization process. Even if you use machine translation, you can't just translate all languages in the world, since it takes a long time, and LLM will spend all your money on garbage generations like chars "aa" repeated thousands of times in a row. I built the NPM package langstats to solve this problem.| vitonsky.net
yarn pnpm run thing npm run thing are types of run commands we run all the time when working in node.js. But, how does that actually all work? What about monorepos?| Jonathan Creamer
Nix is a general purpose package manager that can be used to automate the deployments of a variety of systems -- it can deploy components written in a variety of programming languages (e.g. C, C++, Java, Go, Rust, Perl, Python, JavaScript) using various kinds of technologies and frameworks, such as Django, Android, and Node.js.| Sander van der Burg's blog
| Thomas Hunter II
| Thomas Hunter II
| Thomas Hunter II
This article describes how to use yarn instead of npm when deploying an Elastic Beanstalk Node.js app.| mifi.no Blog
| pspaul's blog
JSer.info #724 - Bun 1.2がリリースされました。| JSer.info
Sometimes we don't want to use a full-blown SPA. And sometimes when we don't want that full-blown SPA, we do want some SPA-like features likes maybe state management attached to some small element of the User Interface. I ran into this kind of situation at Red Hat last year, and I want to share howRead More| Frank M Taylor
Publishing an NPM package with TypeScript has never been easier with the help of tsdx , a wonderful package from Jared Palmer , who also happens to be the creator of Formik for easily building forms in React. With tsdx, without ever having…| Leigh Halliday's RSS Feed
Recently, we overhauled our shared ESLint config, and I needed to release an alpha version. Thankfully, it turns out to be straightforward, once you know how to do it.| Cloud Four
JSer.info #714 - Node.js v22.11.0がリリースされました。| JSer.info
Over the past six months more than 890,000 new packages (as opposed to updates for existing packages) were […]| DEVCLASS
A report sponsored by DevOps company JFrog suggests that executives over-estimate the extent to which developers within their […]| DEVCLASS
Пакет wp-now упрощает процесс создания локальной среды WordPress.| PHP Portal
Folks who get to know me usually (and regrettably) discover that I am a language nerd. I like learning languages and I like learning about languages. There's all sorts of things that are fascinating about languages: where they come from, why they sound a certain way, why grammar is what it is. But lately, I'veRead More| Frank M Taylor
On couple of my projects, I started using GitHub Actions. I also wanted to use it for pentest-tool-lite, where I want to run TypeScript lint after each push and publish it to npm after release is created. I had some problems which I recently solved, so I am sharing my solution.| Matej Jelluš Blog
Electric UI is a framework to build user interfaces for your hardware products.| Electric UI
How many programmers does it take to filter out 36 characters? You may think this is an opening to a joke, but it’s not.| solid-snail blog
I’ve compiled a list of my favorite npm packages that I use on a daily basis.| S.Bistrović
A journey to the world of Python packaging, a visit to the competition, a hopeful look at the future, and highlights from a disappointing discussion.| Chris Warrick
