Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...

Picking a JavaScript framework in 2026 is not the casual decision it was a decade ago. The framework you choose today will ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

OpenAI has confirmed the security breach. According to the company, two employee devices were compromised during a large-scale software supply chain attack connected to the TanStack npm ecosystem.

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...

Attackers hijacked a dormant npm maintainer account and pushed malicious node-ipc versions that steal crypto keys, AWS tokens ...

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...

The JavaScript and TypeScript server and bundler Bun will consist of Rust code in the future. Within weeks, Claude Code ...

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.

OpenAI reported no user data compromise after a supply-chain attack targeting the TanStack npm library, part of the broader ...