Posts Tagged ‘security’

Ryan Dahl’s Node.js regrets lead to Deno

What might the Node.js server-side JavaScript runtime look like today if founder Ryan Dahl could build it all over again? With his Deno project, a secure TypeScript runtime built on the same Google V8 JavaScript engine as Node.js, we get an idea.

Posted in nodejs

Continue Reading

May 2018 Git Security Vulnerability

CVE 2018-11235 is a new industry-wide security vulnerability in Git that can lead to arbitrary code execution when a user operates in a malicious repository. In the announcement, Edward Thomson describes the vulenerability: A remote repository may contain a definition for a submodule, and also bundle that submodules repository data, checked in to the parent repository as a folder.

Posted in php

Continue Reading

Node.js 8 brings sanity to native module dependencies

Node.js, the popular server-side JavaScript platform, has been upgraded with improvements related to the runtime, buffer security, URL parsing, and preserving dependencies on native modules across major Node.js upgrades. On the module dependencies front, Node.js 8.0.0, released today by the Node.js Foundation, introduces the Node.js API, or N-API, albeit still behind an experimental flag.

Posted in nodejs

Continue Reading

Composer v1.6.4 is Released With a Security Fix

Today, the Composer team released v1.6.4 and it includes a security fix so all users are encouraged to upgrade. According to Jordi Boggiano, it also includes triaging/merging/fixing for almost 200 issues and you can see everything that changed from the release page on Github.

Posted in php

Continue Reading

Yarn 1.0 simplifies JavaScript dependency management

Facebooks Yarn, an alternative JavaScript package manager to NPM, has reached a 1.0 release, which features a workspaces capability to ensure the latest code is being used on engineering projects. With workspaces, users transition their code base into a mono-repository to ensure that the most recent code gets used.

Posted in nodejs

Continue Reading

What’s new in Node.js 8 and Node.js 9

Node.js 8 is graduating to Long Term Support (LTS) release status, which is intended to signify a level of stability for use in enterprise deployments. Accompanying this new designation for Node.js 8 is the debut of Node.js 9, with asynchronous resource tracking, as the current release line.

Posted in nodejs

Continue Reading