vm2 Node.js Sandbox Escape: 13 Critical CVEs, Two Unpatched
vm2 — the Node.js library with 1.5 million weekly downloads used to run untrusted JavaScript safely — just had 13 critical vulnerabilities disclosed. ...
Deno 2.8: Node.js Compat Hits 76%—Ahead of Bun Now
Deno 2.8 ships with 76.4% Node.js compatibility, outpacing Bun at 40.6%. Installs 3.66x faster, six ...
WebMCP: Chrome Just Turned Your Website Into an AI Agent Tool
Google announced WebMCP at I/O 2026: expose structured tools to AI agents instead of DOM ...
Expo SDK 55: Legacy Architecture Is Gone — Migrate Now
Expo SDK 55 dropped the Legacy Architecture entirely. SDK 54 is your last escape hatch. ...
Mini Shai-Hulud Hits @antv npm: 16M Downloads Poisoned
TeamPCP’s Mini Shai-Hulud worm poisoned 637 npm packages across the @antv ecosystem on May 19. ...
Bun v1.3.14: HTTP/3, Built-in Images, Faster Installs
Bun v1.3.14 ships built-in image processing to replace Sharp, experimental HTTP/3 server support, and a global package store with 7x faster warm installs.
HTML-in-Canvas API: Draw Live DOM Inside WebGL (Chrome 2026)
Chrome's HTML-in-Canvas API lets you render live DOM elements directly inside a WebGL or 2D ...
Node.js 26 Released: Temporal API Is Finally Here
Node.js 26 ships the Temporal API by default, removes legacy stream modules, and upgrades V8 ...
TypeScript 6.0: Breaking Changes and Migration Guide
TypeScript 6.0 changes nine defaults, removes AMD/UMD support, and is the last JS-based compiler before ...
Rolldown 1.0 Is Stable: What Vite Developers Need to Know
Rolldown 1.0 is now stable — the Rust bundler powering Vite 8. Here’s what the ...