BT
JavaScript Follow 383 Followers

JSUI, a UI Toolkit for Managing JavaScript Apps

by Dylan Schiemann Follow 7 Followers on  Jul 06, 2018 2

JSUI introduces a visual tool for creating and managing JavaScript applications. The project provides utilities and features for both front-end and back-end applications, and most of its features are independent of underlying JavaScript frameworks.

JavaScript Follow 383 Followers

Package Containing Malicious Backdoor Makes its Way into NPM

by Sergio De Simone Follow 14 Followers on  May 06, 2018

The NPM security team removed a package masquerading as a cookie parser that actually contained a malicious backdoor, along with three other packages depending on it. The backdoor allowed attackers to inject arbitrary code into a running server and execute it.

JavaScript Follow 383 Followers

Node.js 10.0 and npm 6 Released with Emphasis on Security

by Kevin Ball Follow 3 Followers on  Apr 26, 2018

On April 24 the Node.js project released version 10.0.0 of Node.js and npm, Inc released version 6.0 of npm. Both releases emphasized security improvements, with Node.js updating to OpenSSL version 1.1.0 and npm including new security-focused features such as the automatic alerting of insecure dependencies. The Node.js release also included a new native programming API and stable HTTP2 support.

JavaScript Follow 383 Followers

Last Npm Incident Uncovers Security Vulnerability

by Sergio De Simone Follow 14 Followers on  Jan 15, 2018

Last week, the npm registry had an operations incident that caused a number of highly depended on packages, such as require-from-string, to become unavailable. While the incident was relatively straightforward to solve, it uncovered a major security vulnerability that could have been exploited to inject malicious code in projects using npm.

JavaScript Follow 383 Followers

Yarn 1.0 Adds Workspaces, Auto-Merge and Selective Version Resolution

by Abel Avram Follow 9 Followers on  Sep 08, 2017

Almost a year ago we published the news Facebook Open Sources Yarn, a JavaScript Package Manager, introducing Yarn and the motivation behind its creation. The community has moved the project forward, releasing the first major version with workspaces, automatic merging, selective version resolution and many other features and fixes.

JavaScript Follow 383 Followers

Npm 5.0 Boosts Common Sense Performance

by David Iffland Follow 4 Followers on  May 30, 2017

Npm 5.0 is a highly anticipated release that has been years in coming. The new version of the JavaScript package manager has a completely rewritten cache and has performance that is more in-line with its most direct competitor.

JavaScript Follow 383 Followers

npm 4.0 Deprecates Prepublish Lifecycle Script

by James Chesters Follow 1 Followers on  Oct 26, 2016

Npm has released version 4.0.0, its first semver major release since the release of npm 3 in 2015. The v4 release brings a bevy of breaking changes, including a rewritten npm search, as well as deprecated prepublish and changed behaviour for npm scripts.

JavaScript Follow 383 Followers

Webpack Dashboard Improves UX over Console Output

by David Iffland Follow 4 Followers on  Aug 18, 2016

A new tool, Webpack Dashboard, offers to improve the UX for those that use the popular Webpack module builder.

JavaScript Follow 383 Followers

npm Releases Enterprise Add-ons for Security, Licensing

by James Chesters Follow 1 Followers on  Jul 06, 2016

Npm has released Enterprise add-ons, allowing developers to directly integrate third-party tools for the first time

JavaScript Follow 383 Followers

Node.js 6.0 Supports 93% of ES2015

by Abel Avram Follow 9 Followers on  Apr 27, 2016

Node.js 6.0 has been released, becoming the new current version. It comes with performance improvements, better test and documentation coverage, better security and wide support for ES2015.

JavaScript Follow 383 Followers

Npm Updates Policy on Removing Packages

by David Iffland Follow 4 Followers on  Mar 31, 2016 1

Npm has issued an updated policy on what happens when a user wants to remove one of their packages from the publishing system.

JavaScript Follow 383 Followers

NPM Worm Vulnerability Disclosed

by Alex Blewitt Follow 4 Followers on  Mar 26, 2016 2

The NPM project has formally acknowledged a long-standing security vulnerability in which it is possible for malicious packages to run arbitrary code on developer's systems, leading to the first NPM created worm. With the recent problems with NPM, is it safe to use any more? InfoQ investigates.

JavaScript Follow 383 Followers

NPM was Broken for 2.5 Hours

by Abel Avram Follow 9 Followers on  Mar 24, 2016 5

According to Isaac Z. Schlueter, the creator of npm, two days ago the npm registry started to report hundreds of failed builds per minute. Users worldwide could not install or build certain Node.js packages. Thousands of dependent packages were broken including Babel, Atom, Ember, React Native and many other packages depending on line-numbers. What happened?

JavaScript Follow 383 Followers

Lodash 4.0 Adds Smaller Core and Plenty of Changes

by David Iffland Follow 4 Followers on  Jan 14, 2016

Lodash 4.0.0 has been released. This new version adds a new, smaller core library and includes plenty of new features and breaking changes. Support for IE 6-8 has been dropped and the library is no longer available on Bower.

JavaScript Follow 383 Followers

Node.js 4.2 "Argon" Released Under Long Term Support Plan

by James Chesters Follow 1 Followers on  Oct 20, 2015

The Node.js Foundation have released Argon, the first Node.js release covered under the Long Term Support plan.

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT