SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
GitHub

GitHub - Shopify/draggable: The JavaScript Drag & Drop library your grandparents warned you about.

Draggable is no longer maintained by its original authors. Maintenance of this repo has been passed on to new collaborators and is no longer worked on by anyone at Shopify. We are still looking for ...
Security Boulevard

Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign

The post Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign appeared first on Tenable Blog. A self-propagating worm has compromised more than 170 npm and ...
GitHub

Enma for Perception · Language Server

Zero-setup VS Code support for Perception.cx's JIT-compiled Enma scripting language. IntelliSense, type checking, hover docs, signature help, refactors, formatter, multi-file bundler and DAP debugger ...