Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
Visual Studio Magazine

Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem

Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.
GitHub

npx Confusion Vulnerability Scanner

This tool automates the discovery process described in that research — scanning local codebases, GitHub organizations, and web assets for unclaimed npm package names that are exploitable via npx ...
LinkedIn

TypeScript 7.0 Beta Released with Go Compiler, 10x Faster

In 2023, it was stable. In 2026, it is the fastest JavaScript runtime you can run in production. That's why I'll be using it to give JavaScript and TypeScript a fair fight against Java. Here's how it ...
GitHub

bamzc/claude-skills-frontend

前端开发通用 Claude Skills 集合. Contribute to bamzc/claude-skills-frontend development by creating an account on GitHub.