Node.js 26.3.1, 24.17.0, 22.23.0: Four CVEs to Patch Now
Node.js shipped security patches for all active release lines today. Two HIGH-severity CVEs — TLS bypass and WebCrypto DoS — plus HTTP/2 memory ...
144 Mastra npm Packages Backdoored: What to Check Right Now
144 @mastra npm packages were compromised today via a hijacked contributor account and typosquatted easy-day-js ...
That LinkedIn Job Offer Hid a Backdoor in npm install
A developer almost got owned by a LinkedIn recruiter's GitHub repo. The backdoor was in ...
Deno 2.8: Six New Subcommands That Replace Your npm Toolchain
Deno 2.8 ships deno transpile, deno ci, deno why, deno audit fix, deno pack, and ...
Proto6: Six protobuf.js Vulnerabilities Expose Node.js to RCE
Cyera Research disclosed 6 CVEs in protobuf.js (Proto6) on June 10, 2026. Two achieve RCE ...
Svelte 5.56 and TypeScript 6: The peerDependency Change That Breaks Your Setup
The June 2026 Svelte update looks like a routine version bump. It is not. TypeScript 6 is now the standard across Svelte’s entire ...
Node.js June 17 Security Patch: HIGH Severity Hits 22.x, 24.x, 26.x
Node.js releases a HIGH severity security patch on June 17 for all active lines (22.x, ...
Node.js 24 Native TypeScript: Drop ts-node for Good
Node.js 24 LTS runs TypeScript natively via type stripping. Learn what works, what breaks (enums, ...
Vercel AI SDK 6: Build Production Agents with MCP and DevTools
Vercel AI SDK 6 ships ToolLoopAgent, first-class MCP support, DevTools, and human-in-the-loop approval. Here is ...
shadcn GitHub Registries: Ship Components from Any Public Repo
shadcn GitHub Registries let you turn any public GitHub repo into a component registry — ...