Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Visual Studio Magazine

TypeScript 5.9 RC Brings Deferred Imports, Node.js 20 Module Target

TypeScript 5.9 has reached the release candidate (RC) stage with enhancements for modern module behavior, hover tooltips, and deferred module evaluation. Microsoft announced the RC on July 25, ahead ...
GitHub

Stone.js - Node HTTP Adapter

The Node HTTP Adapter enables your Stone.js application to run in any Node.js HTTP environment. It provides a low-level bridge between raw Node HTTP events and the internal event system of Stone.js, ...
GitHub

Let's code a web server from scratch with NodeJS Streams!

In this guide, we'll explore the fundamentals of HTTP by creating a basic web server from scratch using Node.js. Along the way, we'll break down how HTTP requests and responses work and get hands-on ...
The Hacker News

Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it ...
PV Tech

The top 10 PV module suppliers in 2024

Can anything stop China’s domination of the PV sector? That’s the question that was debated hotly throughout 2024; how would the PV manufacturing eco-systems in China – from silver paste to solar ...
Forbes

15 Reasons To Choose Node.js For Product Development In 2025

Staying ahead of the curve is no longer a choice. It has become a necessity. As of November 2024, Node.js powers 3.9% of websites globally, according to Web Technology Surveys. That includes giants ...
InfoWorld

Intro to Node’s built-in SQLite module

Relational databases are a key component of the software landscape. SQLite is a simple but versatile implementation with a variety of use cases. Node 22.5 introduces a node:sqlite module that ships ...
www.cs.cmu.edu

NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities

As it has become more popular, the Node.js ecosystem has turned into an attractive target for attackers and prior work has shown that many packages in the Node.js ...