Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.

Three popular plugins served malicious JavaScript through a compromised CDN.

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...

Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

OpenAI’s Codex now gains controlled access to Chrome DevTools, letting it profile JavaScript and modify site elements in its in-app browser mode.

作为桌面上的 Electron 应用程序，在 VSCode 内部执行任意 JavaScript 无异于完全的远程代码执行。这就是 VSCode 实施一些沙盒化方法的原因，我们将重点讨论的是 VSCode 的 Webview。

Google has shared the results of the latest Chrome performance benchmarks, including record scores on tests running on an M5 ...

Security researcher Ammar Askar disclosed a critical vulnerability in Visual Studio Code on June 2, 2026, revealing that attackers could steal GitHub OAuth tokens through a deceptively simple ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...