TypeScript 6.0 is on the horizon: The last JavaScript-based version

Microsoft has released the beta version for TypeScript 6.0, the last release with the current JavaScript codebase. From ...
InfoWorld

Reactive state management with JavaScript Signals

Learn how frameworks like Solid, Svelte, and Angular are using the Signals pattern to deliver reactive state without the ...
AdExchanger

How Publishers Are Testing Amazon’s Prebid Adapter For Incremental Yield

Amazon opened up its Prebid adapter for beta testing on January 21. Publishers are preparing to test, and we spoke with ...

JavaScript: webpack is unpopular – but most used

In a new study, Vite is the most popular JavaScript tool, nearly surpassing webpack in usage. Only two percentage points separate them.
cryptonews

Major JavaScript Library Breach Puts All Crypto Websites at Risk

Critical React Server Components flaw enables remote code execution, prompting urgent crypto industry warnings as attackers exploit CVE-2025-55182 to drain wallets and deploy malware across vulnerable ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
dbta

Chainguard Libraries for JavaScript Help Organizations Build Software More Safely and Efficiently

Chainguard, a trusted foundation for software development and deployment, is launching Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript ...
SD Times

Chainguard launches trusted collection of verified JavaScript libraries

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
CoinTelegraph

Largest NPM attack in crypto history stole less than $50: SEAL

Hackers broke into the node package manager (NPM) account of a well-known software developer and added malware to popular JavaScript libraries, targeting crypto wallets. Hackers have only managed to ...
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...
GitHub

Add Rule "Avoid using resource-hungry frameworks"

This rule is a variant of one targeting libraries (cf #37) and is meant to check the framework being used by the project Even if it can fill like difficult to fix for already existing big projects, ...
CSOonline

Libraries and Frameworks

React2Shell is the Log4j moment for front end development Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without authentication. By Taryn ...