Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
IEEE

Framework-Agnostic JavaScript Component Libraries: Benefits, Implementation Strategies, and Commercialization Models

Abstract: This study explores the edges, implementation processes, and commercialization standards for framework-agnostic JavaScript element libraries, concentrating on their role in making ...
GitHub

AnimText: Letter, Word & Line Text Animation JS Library

AnimText is a lightweight JavaScript enhancer for animating text with letter-by-letter, word-by-word, and line-by-line animations to your projects. It's designed to work seamlessly with {css}animation ...
GitHub

Modern JavaScript runtime in Python

Note: jsrun is under development. Expect breaking changes between minor versions. One of the most compelling use cases for jsrun is building safe execution environments for AI agents. When LLMs ...
InfoWorld

Back to the future: The most popular JavaScript stories and themes of 2025

Artificial intelligence and its promise to revolutionize programming—and possibly overthrow human sovereignty—is a central story of the post-Covid world. But for JavaScript developers, it is only one ...