PC World

Joyent polishes Node.js with commercial support package

Recognizing the growing popularity of Node.js for building distributed Web applications, cloud provider Joyent will soon offer a commercial support package for managing the platform, wherever it is ...
TechCrunch

npm Raises $2.6M Seed Round To Support Node.js Developers

Relatively easy to learn and highly scalable, Node.js has become a very popular platform for developing apps. Now npm, a package manager that installs, publishes and manages node programs, has raised ...
ZDNet

GitHub tackles severe vulnerabilities in Node.js packages

GitHub has resolved numerous vulnerabilities in Node.js packages tar and @npmcli/arborist, with the worst allowing file overwrites and arbitrary code execution. On Wednesday, GitHub said the company ...
SiliconANGLE

Snyk tackles security risk in open-sourced Node.js libraries

In modern web applications based on open-sourced libraries, often times developers are not aware of just how much dependency there is on risky third-party software packages. Guy Podjarny (pictured), ...
MyBroadband

Researchers discover rogue Node.js packages stealing data

Security researchers from ReversingLabs discovered that 25 software packages available through the node package manager (NPM) have been stealing end-user data. NPM is the world’s largest open-source ...
ZDNet

Show-stopping bug appears in npm Node.js package manager

Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported ...
CSOonline

Malicious code in the Node.js npm registry shakes open source trust model

Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...