npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
InfoWorld

Node.js 8 brings sanity to native module dependencies

In addition to runtime, URL parsing, and buffer improvements, the new release promises to preserve native module dependencies across upgrades Node.js, the popular server-side JavaScript platform, has ...
Dark Reading

On Shaky Ground: Why Dependencies Will Be Your Downfall

Software dependencies, or a piece of software that an application requires to function, are notoriously difficult to manage and constitute a major software supply chain risk. If you're not aware of ...