Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
GitHub

Fetch: decoding of non-ASCII characters issue in JavaScript-only runtime of Outlook

Our implementation of bundled JavaScript file for use with launch events in JavaScript-only runtime of Outlook uses fetch API to retrieve JSON files from the server. This implementation worked well in ...
GitHub

WebAuthn JavaScript library does not include credentials by default to send cookies across domains

When using the Javascript provided by the WebAuthn extension, if a request is coming from another domain / port it does not include credentials/cookies by default. I had to modify the Javascript fetch ...
InfoWorld

DataStax’s new JSON API targets JavaScript developers

The addition of the new JSON API will eliminate the need for developers trained in JavaScript to have a deep understanding of Cassandra Query Language (CQL) in order to work with Astra DB as the ...