Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

Anthropic has accidentally exposed Claude Code's full 512,000-line TypeScript source via an npm source map, revealing ...

As AI has upended the way students learn, academics worry about the future of the humanities – and society at large Lea Pao, a professor of literature at Stanford University, has been experimenting ...

NPM, the Node Package Manager, hosts millions of packages and serves billions of downloads annually. It has served well over the years but has its shortcomings, including with TypeScript build ...

Researchers have published the recipe for an artificial-intelligence model that reviews the scientific literature better than some major large language models (LLMs) are able to, and gets the ...

Strip the types and hotwire the HTML—and triple check your package security while you are at it. JavaScript in 2026 is just getting started. I am loath to inform you that the first month of 2026 has ...

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...

Security researchers at Aikido on Sunday uncovered an apparently new Shai Hulud variant, uploaded to npm through a GitHub repository called @vietmoney/react-big-calendar. Shai Hulud is the moniker for ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...