Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
GitHub

AWS SDK for JavaScript v3

The AWS SDK for JavaScript v3 is a rewrite of v2 with some great new features. As with version 2, it enables you to easily work with Amazon Web Services, but has a modular architecture with a separate ...
InfoQ

Next.js 16.2: 400% Faster Dev Startup, Faster Rendering, and Deeper Tooling for AI Agents

Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...
GitHub

Simple Statistics

A JavaScript implementation of descriptive, regression, and inference statistics. Implemented in literate JavaScript with no dependencies, designed to work in all modern browsers (including IE) as ...