The Hacker News

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js released updates fixing a critical DoS flaw caused by async_hooks stack crashes, tracked as CVE-2025-59466, impacting ...
Blockonomi

Pi Network Unveils Developer Library Reducing Payment Integration Time to 10 Minutes

Pi Network launches developer library enabling payment integration in under 10 minutes, supporting JavaScript, React, and ...
Live Bitcoin News

Pi Network Launches New Library for Fast Pi Payment Integration

Pi Network introduces a new developer library enabling faster Pi payments, improving app utility, developer efficiency, and ...
InfoQ

TanStack Releases Framework Agnostic AI Toolkit

Introducing TanStack AI: a revolutionary, framework-agnostic toolkit empowering developers with unparalleled control over ...
Arabian Post

Web Awesome aims to reshape open-source UI development

Web Awesome has entered the front ranks of open-source front-end projects with an explicit ambition: to make modern, high-quality user interface components available without locking developers into ...
InfoWorld

10 JavaScript-based tools and frameworks for AI and machine learning

But there’s plenty of room in the AI revolution, and JavaScript developers have their pick of tools for integrating AI into their software. The tools and libraries in this article are all excellent ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
SD Times

Chainguard launches trusted collection of verified JavaScript libraries

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
CoinTelegraph

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...
CoinTelegraph

Largest NPM attack in crypto history stole less than $50: SEAL

Hackers broke into the node package manager (NPM) account of a well-known software developer and added malware to popular JavaScript libraries, targeting crypto wallets. Hackers have only managed to ...
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...