InfoQ

NodeJS Proposes Built-In Virtual File System, Sparking Debate Over AI-Generated Contributions

Matteo Collina has proposed a Virtual File System (VFS) for Node.js core through the node:vfs module. The proposal includes about 19,000 lines of code and addresses common workflow challenges. While ...

118-Point SEO Playbook Targets Electrician Lead Broker Dependency

How a 118-Point Local SEO Playbook Helps Electricians Cut Out Lead Brokers and Own Their Market Lake Elsinore, United ...
kottke.org

What If Lock-In Doesn’t Matter So Much Anymore?

Interesting observation by Mitchell Hashimoto (creator of Vagrant and Ghostty) on how a company’s or product’s choice of programming language matters less in th ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
OSTechNix

JavaScript Timestamp Bugs: How UTC Mistakes Break Web Apps

Learn how a single JavaScript Date() timezone mistake silently corrupts web apps and how to fix timestamp bugs in JS, Python, cron jobs, MySQL, and React SSR.
TechRadar

Top open source AI platform Flowise hit by maximum-level security issue

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 exposed instances urged to update immediately Flowise, a popular open source ...
heise online

Deno 2.7 sharpens Node.js compatibility and stabilizes Temporal

Version 2.7 of the runtime for JavaScript and TypeScript stabilizes the Temporal API, introduces npm overrides, and significantly improves Node.js compatibility. With Deno 2.7, the team releases an ...
CSOonline

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...
heise online

Node.js: Updated versions patch high-risk security vulnerabilities

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime environment Node.js. Updated versions, announced in mid-December, have now been ...
GitHub

MCP Server with sub-workflow based tools hangs when tools have Javascript code nodes (but not Python)

I am building a workflow with an MCP server trigger that uses call-n8n-workflow as a tool, which calls a sub-workflow containing a code node. The code node uses JavaScript as its language. When I ...
TechRepublic

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account for billions of weekly downloads. In a massive attack on the JavaScript ...