A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

9 月 8 日，Node.js 生态链遭遇前所未有的冲击。资深 npm 维护者 Qix（Josh Junon） 因一封钓鱼邮件泄露了账户，攻击者趁机在多个热门包里植入了恶意代码。这次事件迅速引爆社区，成为开源史上下载量最大的供应链攻击之一。

The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, ...

JavaScript’s low bar to entry has resulted in one of the richest programming language ecosystems in the world. This month’s ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

JavaScript is a sprawling and ever-changing behemoth, and may be the single-most connective piece of web technology. From AI ...

IT之家 9 月 12 日消息，科技媒体 9to5Mac 昨日（9 月 11 日）发布博文，报道称苹果设备管理与安全公司 Mosyle 最新披露名为“ModStealer”的跨平台信息窃取恶意软件，自一个月前出现在 VirusTotal ...

作者 | Bruno Couriol译者 | 平川Node.js 团队 最近发布了 Amaro v1.0.0，向稳定支持 TypeScript 迈出了重要一步。Amaro 是 Node 官方提供的类型剥离加载器，也是官方.ts 加载的重要基础。长期以来，Node.js 一直缺乏对 TypeScript 的支持，开发者不得不依赖第三方工具链或使用像 Deno 这样的 JavaScript 运行时替代 ...

A lightning-fast crash course on JavaScript, the world’s most popular programming language. From its 1995 origins as Mocha in ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.