TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Focus on the code, not the side work.

Try these extensions and you'll wonder how you ever lived without them!

Peter looks at Knockout, one of the MVC environments for writing client-side JavaScript, and wonders if we're on the wrong path. The typical interweaving of code and presentation logic in JavaScript ...

Mark Michaelis walks you through the Visual Studio tooling and project setup you'll need to get the most out of your JavaScript unit testing. As I detailed in my recent article "A TypeScript Primer," ...

If you are building a simple dashboard or a form-based application, the traditional JSON API (REST or GraphQL) approach is ...

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...