GitHub

A fast and flexible JavaScript extraction and regex scanning tool for security research ...

jsxtractor crawls JavaScript files from a target website, applies configurable YAML-based regex groups, and exports structured extraction results.
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...
BBC

Client-side scripting using JavaScript

The client is the computer system (including tablets and mobile devices) that is running the web browser. Client-side scripts are interpreted by the browser and executed on the client system.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...