Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

An NPM supply chain attack has prompted Ledger Chief Technology Officer Charles Guillemet to urge crypto users to pause on-chain transactions.

A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

This “connector,” specially designed for shadcn/ui v4, organizes information such as component documentation, source code, examples, and installation methods into a format that models can understand, ...

Software supply chain attacks are exploiting a dangerous blind spot - the difference between the code developers review and ...

Learn how to create apps easily using Claude Code. This beginner-friendly guide shows you how to build a to-do list app fast.

Developed by Anysphere, Cursor is a deeply customized AI programming tool based on VS Code. It seamlessly integrates AI ...

A widely used Node.js utility called fast-glob is being maintained by a single Russian developer, prompting debate about the risks of solo maintainers and potential geopolitical influence.

There are trends in software, and in software development, that everyone deplores… but for many people, it is terribly bad manners to point fingers at the projects doing it. We find it refreshing to ...

Bun.secrets, also new in this release, is a native secrets manager for CLI (command-line interface) tools and local development. On macOS, it uses the Keychain, on Linux it uses libsecret, and on ...