Node.js 24: A faster, sleeker JavaScript experience

Greyhound decal on the front of a vehicle Node.js 24 officially arrives bringing a rather tasty selection of improvements to the table and making it even more in tune with the latest JavaScript standards.

Node.js 24 has officially arrived, and it’s bringing a rather tasty selection of improvements to the table.

If you're a developer knee-deep in web apps or wrestling with asynchronous code, this release is one for you. It’s all about making Node.js quicker on its feet, more versatile, and even more in tune with the latest JavaScript standards.

V8 engine revs up to 13.6

So, what’s making Node.js 24 tick? A big part of it is the V8 JavaScript engine – yep, the...

7 May 2025 | Developer

Masquerading payment npm package installs backdoor

Mannequin wearing a masquerade mask as cybersecurity researchers at Socket uncover a malicious npm module disguised as a legitimate package for payments integration that hijacks server control during payment transactions.

Cybersecurity researchers at Socket have uncovered a malicious npm package that hijacks server control during payment transactions.

The package, @naderabdi/merchant-advcash, masquerades as a legitimate integration for the digital payment platform Advcash (now rebranded as Volet). The package embeds a reverse shell activated after successful payments that enables attackers to remotely commandeer systems.

Advcash, though niche compared to mainstream services like PayPal,...

15 April 2025 | Blockchain

Website hijack campaign now impacting 150,000 sites

Skull and crossed swords synonymous with piracy as a sophisticated website hijack campaign initially detected in February has seen a dramatic escalation, with security analysts now estimating that approximately 150,000 websites have been compromised.

A sophisticated website hijack campaign initially detected in February has seen a dramatic escalation, with security analysts now estimating that approximately 150,000 websites have been compromised.

The initial discovery flagged over 35,000 targeted websites. Himanshu Anand, a software engineer and security analyst at c/side, has continued to monitor the threat actor's activities and uncovered new tactics and techniques employed in this expanding operation.

What's new in...

27 March 2025 | Developer

Critical security flaw uncovered in Next.js framework

Caution pattern illustrating the discovery of a critical security flaw discovered in the popular Next.js framework, potentially impacting millions of websites and applications.

A critical security flaw has been discovered in the popular Next.js framework, potentially impacting millions of websites and applications.

Security researchers Rachid Allam, known online as zhero, and Yasser Allam (inzo_) collaborated to uncover the flaw within the framework's middleware functionality.

Next.js, boasting over 130,000 stars on GitHub and nearly 10 million weekly downloads, is a framework built upon React. Its extensive feature set makes it a popular...

24 March 2025 | Developer

Oracle seeks dismissal of fraud claim in JavaScript trademark case

Photo of a gavel as Oracle files a motion to dismiss a fraud claim in the JavaScript trademark dispute case.

Oracle has filed a motion to dismiss a fraud claim in a trademark dispute over its long-standing "JAVASCRIPT" mark.

The motion – submitted to the United States Patent and Trademark Office (USPTO) Trademark Trial and Appeal Board (TTAB) – argues that the petitioner, Deno Land Inc., has failed to state a plausible claim for fraud.

The dispute centres on Oracle's Registration No. 2416017 for the JAVASCRIPT mark, which covers computer programs and related services. Deno...

6 February 2025 | JavaScript

2024 Developer Ecosystem: Shedding AI fears, improving DevEx

Happy person sat at a computer illustrating the release of the 2024 State of Developer Ecosystem Report that highlights a number of key software development trends including the acceptance of AI in tools, split between desktop and mobile programming, growth in DevEx, and expected salaries.

Each year, JetBrains, the maker of developer tools like IntelliJ IDEA and PyCharm, compiles its "State of Developer Ecosystem Report," and the 2024 edition offers plenty of insights for the tech community to dissect.

Based on the input of over 26,000 developers worldwide, this year’s edition highlights key trends in programming languages, tools, and processes—placing a particular focus on AI adoption, career shifts, and the state of developer experience (DevEx). 

AI's...

11 December 2024 | Artificial Intelligence

Web framework Svelte delivers ‘most significant release’ yet

Svelte logo as the team releases Svelte 5 of the web development framework that brings native TypeScript support in addition to existing languages like HTML, CSS, and JavaScript, plus a rank of new features and improvements for developers.

Svelte 5 has been released, marking what the team behind the web framework describes as the “most significant release in the project's history" and follows 18 months of intensive development.

The latest iteration of the web framework arrives as a ground-up rewrite, promising improved performance, reduced bundle sizes, and enhanced reliability. Despite these substantial changes, the framework maintains near-complete backwards compatibility with Svelte 4, ensuring a seamless...

25 October 2024 | Developer

Entry points threaten multiple open-source ecosystems

Sign illustrating how vulnerabilities with entry points can be exploited by hackers to threaten open-source packages of multiple programming ecosystems.

While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points.

Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for immediate system compromise – offers a subtler approach for patient attackers to...

14 October 2024 | Developer

Roblox developers targeted by year-long malware campaign

A sustained malware campaign targeting Roblox developers through malicious npm packages has been uncovered by Checkmarx security researchers. The attackers are impersonating the popular “noblox.js” library, publishing dozens of packages designed to steal sensitive information and compromise systems.

The campaign, which has been active for over a year, exploits trust in the open-source ecosystem. It particularly targets the Roblox platform, a lucrative target due to its massive...

2 September 2024 | Development Tools

North Korean hackers target developers in latest npm attack wave

A fresh offensive by suspected North Korean hacking groups has targeted the open-source software community with a series of malicious packages uploaded to the npm repository.

Identified by cybersecurity firm Phylum, the attacks leverage multiple techniques and appear designed to steal cryptocurrency and sensitive data from unsuspecting developers.

The campaign began on 12th August and involves several distinct publication patterns and attack types, suggesting the...

29 August 2024 | Developer