Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

CodeRabbit's $60M funding highlights enterprise need for AI code review platforms, with organizations seeing 25% efficiency ...

The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...

He posted a statement indicating that we should not fantasize about a universal AI tool that can solve all programming problems. A more pragmatic approach would be to construct a structure where ...

Microsoft has published a new post explaining GitHub Spec Kit, clarifying its experimental approach to spec-driven ...

For developers working with ChatGPT’s new developer mode, this means the connectors they create may not just serve one-off integrations — they could be building into a broader ecosystem standard. MCP ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were ...

"Vibe coding" is a phenomenon that curiously differs in definition depending on who you're asking. It's a spectrum of sorts; ...

ReversingLabs researcher Lucija Valentić discovered malicious packages on the Node Package Manager (npm) open source ...

Discover how to navigate Claude Code's Pro and Max 20x plans, manage usage limits, after August 2025. For smoother coding workflows ...