Vercel has launched "react-best-practices," an open-source repository featuring 40+ performance optimization rules for React and Next.js apps. Tailored for AI coding agents yet valuable for developers ...

AI-generated. Cursor AI, Replit Agent, GitHub Copilot let non-devs build apps. Pricing, pitfalls, UK data protection rules — ...

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.

Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their ...

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.

JFrog Ltd. (NASDAQ:FROG) Q4 2025 Earnings Call Transcript February 12, 2026 JFrog Ltd. beats earnings expectations. Reported EPS is $0.22, expectations were $0.19. Operator: Ladies and gentlemen, ...

Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets. According to the report, some open source packages published on the npm and PyPi ...