Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
IEEE

Framework-Agnostic JavaScript Component Libraries: Benefits, Implementation Strategies, and Commercialization Models

Abstract: This study explores the edges, implementation processes, and commercialization standards for framework-agnostic JavaScript element libraries, concentrating on their role in making ...
GitHub

Modern JavaScript runtime in Python

Note: jsrun is under development. Expect breaking changes between minor versions. One of the most compelling use cases for jsrun is building safe execution environments for AI agents. When LLMs ...
GitHub

jsdotlua/LEGACY-luau-polyfill

A JavaScript environment polyfill for Luau, used by translated Lua packages. TODO: Rest of the README.
Indiatimes

What is the parsley trick for kidney support and why people still use it

“Kidneys”, however, are easily overlooked until we notice that something just doesn’t feel right or until a medical professional brings it up. Our kidneys are working silently behind the scenes every ...
InfoWorld

Back to the future: The most popular JavaScript stories and themes of 2025

Artificial intelligence and its promise to revolutionize programming—and possibly overthrow human sovereignty—is a central story of the post-Covid world. But for JavaScript developers, it is only one ...