A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, ...

LONDON--(BUSINESS WIRE)--Bentley Systems, Incorporated, the leading global provider of comprehensive software solutions for advancing the design, construction, and operations of infrastructure, today ...

Google’s popular gtag.js library makes collecting data for Google Analytics 4 and Google Ads straightforward. However, it also ties you into Google’s ecosystem. You lose control and flexibility when ...

A new Javascript library for Liquid could allow external developers to build a complete ecosystem around the heavily upgraded Bitcoin sidechain. Blockstream’s Liquid Network is now featuring its own ...

Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address. The JavaScript-based software development kit (SDK) that allows developers to ...

A malicious actor used a compromised Ripple dev account to publish commits to NPM The commits would grant access to people's crypto wallets They were downloaded around 450 times before being pulled ...

Node.js is an open source, cross-platform runtime environment for building server side and networking applications using JavaScript. Node.js provides an asynchronous, event driven framework to build ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...