The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Getting started

This guide will cover the basics of installing the Glow JavaScript library, and a few simple examples of using Glow to get you started. We are assuming you have at least a working knowledge of ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
GitHub

Date parsing extensions for the JavaScript JSON parser to provide real JavaScript dates from JSON.parse()

This small JavaScript library provides for automatically parsing JSON date strings to real JavaScript dates as part of regular JSON parsing. You can parse either individual date values or complex ...
GitHub

Slugify a string

Useful for URLs, filenames, and IDs. It handles most major languages, including German (umlauts), Vietnamese, Arabic, Russian, and more. Add your own custom replacements. The replacements are run on ...
Bleeping Computer

Ripple's recommended XRP library xrpl.js hacked to steal wallets

The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing ...
InfoWorld

File handling in server-side JavaScript

In server-side JavaScript, you will most likely use the fs library for dealing with the filesystem. This library is a module in Node and other platforms like Bun. So you don’t need to install it using ...