SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

What tracking data and satellites can tell us about the US military build-up in the Gulf

Our verification and open-source specialists are tracking the ongoing deployment of US military assets around the Gulf. The ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
GitHub

MapGrab - a tool to test MapLibre GL and Mapbox GL maps

MapGrab is a tool to e2e testing MapLibre GL JS and Mapbox GL JS maps by Playwright, Cypress and Selenium ...
GitHub

Versioned typings for the (internal) JavaScript APIs of Nextcloud used in higher level packages.

The TypeScript compiler will translate the code above to OC.L10N.translate("app", "text"); and throws an error if any of the Nextcloud versions in use for the union ...