Founded by Evan You, VoidZero was created with the goal of building a unified, high-performance JavaScript toolchain. Rather than focusing on a single framework, the ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...

Abstract: This paper first introduces what Node.js is. Then it analyzes several commonly used Node.js frameworks at present, such as Express, Koa, Hapi.js, Meteor, Nest.js and Egg.js. With some simple ...

JavaScript and Node.js teams do not lack security tools. What they still lack is a dependency security workflow that developers will actually use before release. That is the real gap. A package gets ...

If you are a JavaScript developer, you’re likely familiar with Axios, the popular library with over 80 million weekly downloads. Developers use Axios to make network requests, handle form submissions, ...

“Stay close, my tiny little noodles,” the mother spaghetti strand says, desperately clinging to her two adorable pasta daughters as a disembodied fist grips them over a boiling pot of water. “My sweet ...

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

What happens when a innovative AI research company acquires one of the fastest JavaScript runtimes on the market? The tech world is abuzz with the news that Anthropic has acquired Bun, a move that ...

A never-before-seen comet that shares some minor similarities with the infamous interstellar object 3I/ATLAS is about to make its closest approach to our planet just a few days after it was first ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...