Socket
フィード

Malicious npm Packages Target BSC and Ethereum to Drain Crypto Wallets
Socket
Socket uncovered four malicious npm packages that exfiltrate up to 85% of a victim’s Ethereum or BSC wallet using obfuscated JavaScript.
8時間前

TC39 Advances Array.fromAsync, Error.isError, and Explicit Resource Management to Stage 4
Socket
TC39 advances 9 JavaScript proposals, including Array.fromAsync, Error.isError, and Explicit Resource Management, which are now headed into the ECMAScript spec.
21時間前

Vite Releases Technical Preview of Rolldown-Vite, a Rust-Based Bundler
1

Socket
Vite releases Rolldown-Vite, a Rust-based bundler preview offering faster builds and lower memory usage as a drop-in replacement for Vite.
3日前

Malicious npm Package Wipes Codebases with Remote Trigger
Socket
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
3日前

Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
Socket
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.
4日前

OpenJS Foundation Is Now a CNA for 40+ JavaScript Projects Under Its Umbrella
Socket
New CNA status enables OpenJS Foundation to assign CVEs for security vulnerabilities in projects like ESLint, Fastify, Electron, and others, while leaving disclosure responsibility with individual maintainers.
5日前

Secure Your AI-Generated Code with Socket MCP
Socket
Socket MCP brings real-time security checks to AI-generated code, helping developers catch risky dependencies before they enter the codebase.
5日前

NIST Under Federal Audit for NVD Processing Backlog and Delays
Socket
As vulnerability data bottlenecks grow, the federal government is formally investigating NIST’s handling of the National Vulnerability Database.
6日前

60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign
Socket
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
11日前

TypeScript Native Previews: 10x Faster Compiler Now on npm for Public Testing
Socket
TypeScript Native Previews offers a 10x faster Go-based compiler, now available on npm for public testing with early editor and language support.
11日前