A recent study has found that 37% of Alexa top 75K websites has at least one vulnerability and almost 10% at least two. Maybe even more shockingly, 26% of Alexa top 500 websites use vulnerable libraries.
The browser vendors working on WebAssembly have reached a "consensus" on an initial implementation set, allowing browsers to ship it on by default. While this is an important milestone, the initial implementation won't immediately result in significant uptake by developers as important features such as DOM integration and garbage collection are not yet part of the spec.
Node.js 7.6 has shipped with official support for async/await enabled by default and better performance on low-memory devices.
Apple has proposed a new GPU API for the browser, called WebGPU. Google has another solution called NXT in the development.
Twitter recently switched all of their mobile web traffic over to their new web stack, running Node.js on the back end, and a React-based Progressive Web App in the browser. The ability for this technology set to handle large traffic and data proves the capabilities of the chosen stack.
Scheduled to be released sometime in February, TypeScript 2.2 has reached RC status. Besides a new JSX emit mode for React Native, it also includes a new object type to represent non-native types, better support for mixins and composable classes, and more.
Following its monthly release cycle, Microsoft Visual Studio Code has reached version 1.9, which includes support for multiple-command tasks, synchronized markdown preview, faster terminal, and more.
Oracle has recently published a new post in the series “Moving to a Plugin-Free Web,” advising developers to find replacement solutions if they still have Java applets running in production. Firefox is going to stop supporting them soon.
The Rust core team has released the stable version of 1.15, bringing with it the highly anticipated custom derive.
Starting with Chrome 56 and Firefox 51, browsers will start warning users if they browse a non-HTTPS site that contains a password or credit card input field.