Articles about javascript

kick me sign on man's back

How evil JavaScript helps attackers tag possible victims – and gives away their intent

A honeypot project operated by Japanese comms company NTT has turned up a bunch of new approaches to malware obfuscation. Yuta Takata of NTT's Secure Platform Laboratories has published an analysis at the Asia Pacific Network Information Centre (APNIC) here. In it, he wrote that since JavaScript can be used to identify …

Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders

Updated An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal other developers' NPM login tokens. The open-source utility eslint-scope was altered by hackers so that, when used to analyze source code, it would copy the contents of the user's ~/.npmrc file to …
Shaun Nichols, 12 Jul 2018

Cookie code compromise caper caught and crumbled

NPM, the biz responsible for the Node Package Manager for JavaScript and Node.js, has caught a miscreant trying to tamper with web cookie modules on Wednesday and managed to exile the individual and associated code before significant harm was done. It's a good sign for the code registry which over the past few years has had to …
Ellison with watch photo by drserg via Shutterstock

Oracle demands dev tear down iOS app that has 'JavaScript' in its name

Oracle, claims developer Zhongmin Steven Guo, has demanded that Apple remove an app he created because it contains the trademarked term "JavaScript." The app in question, published by Guo's Tyanya Software LLC – which appears to be more a liability shield than a thriving software business – is titled "HTML5, CSS, JavaScript, …
Thomas Claburn, 18 Apr 2018
Bitcoin, photo via Shutterstock

When SecureRandom()... isn't: JavaScript fingered for poking cash-spilling holes in Bitcoin wallets

Concerns about a flawed crypto library that could allow Bitcoin theft have been revived following a post to a Bitcoin mailing list last week. David Gerard, a UK-based Unix admin and blockchain technology watcher, raised concerns in a blog post on Thursday. "The popular JavaScript SecureRandom() library … isn’t securely random …
Thomas Claburn, 12 Apr 2018
Afraid of the dark, image via Shutterstock

Your code is RUBBISH, says GitHub. Good thing we're here to save you

Last year, GitHub added security scanning to its dependency graph – and this month flicked the lid off a can absolutely crawling with bugs. The code-sharing site kicked off vulnerability scanning in late 2017, focussing on known Ruby and Javascript library vulnerabilities designated CVE numbers by MITRE. GitHub ran the …

Cloudflare pushes Workers out the door – without layoffs

Cloudflare has launched a service that lets its customers run JavaScript at the edge of its cloud. Built on Google's V8 JavaScript engine, "Cloudflare Workers" is pitched as a kind of halfway house between central cloud processing and local execution: in beta since September 2017, it integrated the company's Service Worker API …
Javascript photo via Shutterstock

Unlucky Linux boxes trampled by NPM code update, patch zapped

NPM – the biz behind the Node.js package management software used to wrangle JavaScript code and various related frameworks – on Thursday undid a code update less than 24 hours after it was issued because the software was messing with Linux file permissions. The release of npm 5.7.0 on Wednesday – under the company's pre- …
Thomas Claburn, 23 Feb 2018
Javascript photo via Shutterstock

Next; tech; meltdown..? Mandatory; semicolons; in; JavaScript; mulled;

In what non-technical people might take as an attempt to outdo the absurdity of the tabs vs. spaces debate that continues to divide programmers, the TC39 technical group that advises the development of ECMAScript – the specification from which JavaScript is implemented – has proposed telling web developers to terminate …
Thomas Claburn, 12 Jan 2018
Spam

Wondering where your JavaScript libs went? Spam-detection snafu exiled npm packages

On the defensive after a malware kerfuffle last year, code registry npm shot first before asking questions over the weekend – and is now apologizing for the errant execution. The keeper of hundreds of thousands of Node.js packages and other JavaScript libraries wrongly removed the account "floatdrop" belonging to developer …
Thomas Claburn, 11 Jan 2018
shutterstock_287971118--snake-hero

Language bugs infest downstream software, fuzzer finds

Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use. That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi. As Arnaboldi wrote in his Black Hat Europe paper [PDF]: “software developers may unknowingly include …

When it comes to ML, reports of JavaScript's death are exaggerated

Machine learning is fast becoming one of the high-growth areas for developers – but what language should you employ, given that so many exist? If you believe the statisticians, Python is the default choice for many. 50 per cent of data scientists and developers use Python, with 33 per cent prioritising it for development, …
Maxwell Cooter, 22 Nov 2017
JavaScript/Node code for Google Assistant

Don't put your Node out of joint: Version 8 of JS toolkit now in LTS mode

Node.js 8 on Tuesday goes into long-term support, which sounds like an assisted living plan for elders but in fact marks the maturation of the surprisingly popular JavaScript runtime. The LTS designation, codified a mere two years ago, means businesses can adopt Node 8 with the expectation the code will be supported for 18 …
Thomas Claburn, 31 Oct 2017
Girl and computer, photo via Shutterstock

Here's a gentle guide to building JavaScript AI in web browsers. Totally not a scary thing

Google today popped online something called Teachable Machines, a simple demo for programmers interested in deep learning. The point is, it works directly in your web browser so you can get going tinkering with an educational neural network right away without having to spin up a full machine-learning development stack and …
Chairman Mao exhorting chinese workers to do their utmost for the nation

JS code at the network edge. Oh, you're still here and not running, screaming? Read on

Bit caching biz Cloudflare on Friday teased website publishers with the prospect of being able to run JavaScript at the edge of its content delivery network, a capability that promises performance, security, and reliability improvements. The outfit puts copies of customers' websites and content at various locations around the …
Thomas Claburn, 30 Sep 2017

Facebook performs successful license surgery on React, GraphQL

Facebook on Tuesday freed its React JavaScript library and its GraphQL query language from its unloved license scheme. As promised last week, React 16 underwent licensing replacement surgery to remove Facebook's controversial BSD + Patents license and replace it with the more welcome MIT license. The operation was deemed …
Thomas Claburn, 26 Sep 2017
Specs and code photo via Shutterstock

The power JavaScript: 'Gandalf of JS' Wirfs-Brock on ECMAscript 2017

JavaScript has become the interface to the web thanks to browsers, it's leaked onto servers with Node.js, and is now carving out a small niche in Machine Learning – but JavaScript just wouldn’t be without ECMAScript. ECMAScript is the standard language definition on which JavaScript is based and this summer saw an important …
Danny Bradbury, 26 Sep 2017
Javascript photo via Shutterstock

Facebook ties JavaScript code together with Yarn

Facebook, known for telling tales about users it doesn't have, has spun another sort of yarn. The ad gavage network on Thursday released Yarn 1.0, the latest update to the open source JavaScript package manager introduced last year with the help of Google, Exponent and Tilde. Yarn is an alternative to npm (Node Package …

Create a news alert about javascript, or find more stories about javascript.

Biting the hand that feeds IT © 1998–2018