SecurityWeek

North Korean Hackers Target High-Profile Node.js Maintainers

The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. After inviting Saayman to a Slack workspace, the hackers scheduled a ...
Bleeping Computer

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
InfoWorld

Intro to Nest.js: Server-side JavaScript development on Node

Nest’s design is philosophically inspired by Angular. At its heart is a dependency injection (DI) engine that wires together all the components using a common mechanism. If you are familiar with ...
GitHub

Support multiple builds at the same time with Node.js adapter

I have two projects: one provides auth and admin functionality with routes at /login, /register, etc., and the other provides an app using this auth including new routes. Both projects' svelte ...
GitHub

TypeError: resp.toSupervisionResult is not a function at Driver.sendSupervisedCommand

After updating to latest HA version on 2025/11/13, an automation to turn on a zwave ezlo light bulb no longer works. Manual request to turn on the light works. Logger: ...
The Hacker News

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its ...
InfoWorld

8 ways to do more with modern JavaScript

From syntax and features every JavaScript developer needs to higher-level concepts you shouldn't miss, here are eight ways to make the most of JavaScript. JavaScript is an incredibly durable, ...