Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
eWeek

Node.js Foundation Adds Security Project

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. In a move that aims to help improve security vulnerability ...
InfoQ

Node Security Project Aims at Making Node.js More Secure

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Jinsong Yu shares deep architectural insights ...
InfoQ

A Conversation about ZipSlip, NodeJS Security, and BBS Hacking

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
InfoWorld

Why Node.js waited for OpenSSL security update before patching

Node.js Foundation fixed two critical vulnerabilities in its open source server-side JavaScript platform and addressed the newly patched OpenSSL As promised, the Node.js Foundation updated all ...
Security Boulevard

FAQ About Sha1-Hulud 2.0: The “Second Coming” of the npm Supply-Chain Campaign

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to ...
InfoWorld

Node.js is the latest security risk for developers

With Node.js having become a critical cog at places such as PayPal and Wal-Mart, developers need to be mindful of securing their Node.js applications, technologists are advising. The server-side ...