A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...

A massively popular JavaScript library (npm package) was hacked today and modified with malicious code that downloaded and installed a password stealer and cryptocurrency miner on systems where the ...

DevOps security firm Sonatype has uncovered crypto-mining malware hidden inside three JavaScript libraries uploaded on the official npm package repository. The three files, disguised as user-agent ...

Chainguard, a trusted foundation for software development and deployment, is launching Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript ...

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...

SlideReveal.js is a lightweight, flexible, and dependency-free JavaScript class for creating responsive side panels (drawers/slide menus). It supports overlays, push-body effects, filters, keyboard ...

We are a weekly podcast and newsletter made to deliver quick and relevant JavaScript updates in just under 4 minutes. byThis Week in JavaScript@thisweekinjavascript byThis Week in ...

The Foundation said an updated software package has already been published to remove the security breach. The XRP Ledger Foundation has identified a “serious vulnerability” in the official JavaScript ...

With the rise in popularity of mobile phones for both personal and professional purposes, there is also a greater demand for fast, efficient and scalable web applications that come with flexible and ...