Every developer should be paying attention to the local-first architecture movement and what it means for JavaScript. Here’s ...

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface ...

North Korean hackers target crypto developers using 26 malicious npm packages. Learn how this supply chain attack steals wallet keys and SSH data.

NuScale Power is facing class-action lawsuits after a critical report by Guggenheim Securities questioned its partnership with ENTRA1 Energy.

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

The plaintiff is represented by Robbins Geller, which has extensive experience in prosecuting investor class actions including actions involving financial fraud. You can view a copy of the complaint ...

Abstract: Modern JavaScript development relies heavily on using Node Package Manager (NPM) modules. These modules are related by dependency relationships, possibly ...

A new malware is circulating in the npm ecosystem, stealing credentials and CI secrets and spreading autonomously.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

A self-replicating npm worm dubbed SANDWORM_MODE hits 19+ packages, harvesting private keys, BIP39 mnemonics, wallet files and LLM API keys from dev environments.

NuScale and ORNL will collaborate to use an AI-enabled nuclear design framework to explore fuel management across multiple reactors at a single site.

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...