The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

May 4, 2026: Surprise! Kaiju Unleashed - the new name for Project Universe - is back a little early. Given it's in testing, though, we don't have any new Kaiju Unleashes codes for the Final wars ...

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not laced with malicious code. In 2025, those odds got significantly worse.

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.

SAP embedded n8n inside Joule Studio to connect its 200 AI agents to non-SAP systems. The Berlin-based workflow automation startup is now Germany's most valuable AI company.

Google is encouraging its database developers to lean "heavily" on AI coding tools as it ramps up contributions to open ...

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.