Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
InfoWorld

AI makes JavaScript programming fun again

What if AI-assisted development is less of a threat, and more of a jetpack? This month’s report tackles vibe coding, along ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
Fireship on MSN

How Fresh changes the way Deno powers modern websites

The Fresh framework, built on Deno, is redefining how developers create fast, secure, and lightweight web applications.

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here ...

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the npm (Node Package Manager) ecosystem to install JavaScript and Node.js ...
InfoWorld

Agentic coding with Google Jules

Jules performs better than Gemini CLI despite using the same model, and more like Claude Code and OpenAI Codex.

Oracle“锁”住JavaScript? Deno公司诉讼维权,JS商标之争再起波澜

近日,关于 Java 商标权的争议再次引发行业关注。 尽管 Java 作为世界上最流行的编程语言之一,其商标却长期被 Oracle 掌控,这不仅引发了社区的广泛讨论,也促使 Deno 公司采取法律行动,试图挑战 Oracle 对 Java 商标的独占权。 这场持续发酵的商标之争,不仅关乎技术社区的自由发展,也映射出知识产权在技术领域中的复杂博弈。