The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

North Korean hackers compromised the widely used Axios JavaScript library to infiltrate US companies and steal cryptocurrency ...

整理 | 屠敏出品 | CSDN（ID：CSDNnews）在 AI 写代码这件事上，争议从来没有真正停过。但这一次，战火烧到了最核心的基础设施之一——Node.js。近日，一份致 Node.js ...

Researchers who identify and report bugs in open-source software will no longer be rewarded by the Internet Bug Bounty team.

Axios is published and maintained on npm, the default package registry for JavaScript and Node.js projects. It is used to ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Wasm, PGlite, OPFS, and other new tech bring robust data storage to the browser, Electrobun brings Bun to desktop apps, ...

作者 | Daniel Curtis译者 | 张卫滨2025 年 JavaScript 现状调查报告（调查于 2025 年 11 月开启并于 2026 年 2 月发布结果）收集了来自 JavaScript 生态系统开发者的反馈。这项由 Devographics 运营、谷歌 Chrome、JetBrains 等企业赞助的年度调查显示，历经多年快速迭代，JavaScript 生态已趋于稳定，工具、框架 ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

开发者广泛使用的Axios HTTP客户端库这一Java组件最近遭到黑客攻击，通过被入侵的账户分发恶意软件。

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...