PC World

Joyent polishes Node.js with commercial support package

Recognizing the growing popularity of Node.js for building distributed Web applications, cloud provider Joyent will soon offer a commercial support package for managing the platform, wherever it is ...
ZDNet

GitHub tackles severe vulnerabilities in Node.js packages

GitHub has resolved numerous vulnerabilities in Node.js packages tar and @npmcli/arborist, with the worst allowing file overwrites and arbitrary code execution. On Wednesday, GitHub said the company ...
Bleeping Computer

npm packages caught serving TurkoRAT binaries that mimic NodeJS

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...
SiliconANGLE

NodeSource’s newest tool aims to make the Node.js ecosystem more secure

NodeSource Inc. has taken it upon itself to help the thousands of organizations that use Node.js make their applications more secure. The startup, which was founded three years ago to commercialize ...
CSOonline

Malicious code in the Node.js npm registry shakes open source trust model

Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...