GIGAZINE

Maintainers add malicious code targeting Russian developers to the open source npm package 'node-ipc'

Vue.js, a JavaScript framework for building UI for web applications developed in open source, that malicious code targeting developers living in Russia and Belarus has been added. Announced by ...
CSOonline

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...