A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

JavaScript’s low bar to entry has resulted in one of the richest programming language ecosystems in the world. This month’s ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

JavaScript is a sprawling and ever-changing behemoth, and may be the single-most connective piece of web technology. From AI ...

ModStealer 不仅针对 macOS，还能在 Windows 和 Linux 系统运行，其核心目的是窃取数据，尤其是加密货币钱包、账号凭证、配置文件和证书。研究人员发现，该恶意软件内置针对 56 种浏览器钱包扩展（包括 ...

A lightning-fast crash course on JavaScript, the world’s most popular programming language. From its 1995 origins as Mocha in ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

作者 | Bruno Couriol译者 | 平川Node.js 团队 最近发布了 Amaro v1.0.0，向稳定支持 TypeScript 迈出了重要一步。Amaro 是 Node 官方提供的类型剥离加载器，也是官方.ts 加载的重要基础。长期以来，Node.js 一直缺乏对 TypeScript 的支持，开发者不得不依赖第三方工具链或使用像 Deno 这样的 JavaScript 运行时替代 ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

IT之家 9 月 12 日消息，科技媒体 9to5Mac 昨日（9 月 11 日）发布博文，报道称苹果设备管理与安全公司 Mosyle 最新披露名为“ModStealer”的跨平台信息窃取恶意软件， 自一个月前出现在 VirusTotal ...

近日，安全研究机构Mosyle发布报告，披露了一种名为“ModStealer”的新型跨平台信息窃取型恶意软件。该恶意软件自首次出现在VirusTotal平台至今已近一个月，但仍未被主流杀毒引擎识别。ModStealer具备在macOS、Windo ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...