The Hacker News

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js released updates fixing a critical DoS flaw caused by async_hooks stack crashes, tracked as CVE-2025-59466, impacting most production apps.
ZDNet

Disgruntled developer breaks thousands of JavaScript, Node.js apps

Thousands of applications were broken on Tuesday after a programmer unpublished a critical module in npm, a package manager for widely-used JavaScript projects. Countless projects were left in limbo ...

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
SignalSCV

Top 5 Companies to Hire Node.js Developers: An Expert Guide for 2026

Finding the right talent in the tech industry is rarely a simple task, but sourcing high-quality Node.js developers can feel like searching for a needle in a haystack. I have spent years working with ...
CSOonline

Malicious code in the Node.js npm registry shakes open source trust model

Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...
ZDNet

Deno 1.0: Node.js makers have new JavaScript runtime for TypeScript programming language

The makers of the widely used JavaScript server-side runtime, Node.js, have released Deno 1.0, a new runtime for JavaScript and TypeScript that addresses "design mistakes" in Node.js. The Deno ...