InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
GitHub

CommonJS module exports not accessible using ESM import syntax

What is the expected behavior? Why is that the expected behavior? Should not print undefined as Client module exists in raknet-native. Below is the index.js file of raknet package found within ...

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
GitHub

isolated memory leak with mongodb nodejs module

What steps can reproduce the bug? Further information to issue #12117 we have tried to isolate why there is a leak (RSS it seems) with the node-mongodb-native module. We have set up a test environment ...