Microsoft’s new winapp CLI simplifies Windows app development with one-command setup, faster testing, and easier packaging.

Chrome, Edge, and Firefox are more bloated than ever, with AI are other features most of us don't want. This free tool is your ticket back to the good old days.

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized ...

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...

Web3 founder Akshit Ostwal lost $20K to North Korea's BeaverTail malware in a sophisticated crypto scam targeting developers.

Introducing TanStack AI: a revolutionary, framework-agnostic toolkit empowering developers with unparalleled control over ...

North Korean threat actors behind the Contagious Interview campaign have deployed 197 new malicious packages on the npm registry since last month. These packages have been downloaded over 31,000 times ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...

A major NPM supply-chain attack has compromised ENS-linked libraries and 490 packages with 132 million monthly downloads, deploying malware that steals developer credentials across crypto platforms. A ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...