Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Computerworld

Industry

Apple’s AI plans show promise, but proof of success still to come — analysts Apple is promising AI today, not tomorrow — so how is the tech industry reacting to Monday’s keynote announcements? With a ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have ...
GitHub

A collection of Agent Skills for Rstack.

Rspack best practices for config, CLI workflow, type checking, CSS, bundle optimization, assets and profiling. Use when writing, reviewing, or troubleshooting Rspack projects. Comprehensive guide and ...
GitHub

modest natural language processing

compromise/three is a set of tooling to zoom into and operate on parts of a text. .numbers() grabs all the numbers in a document, for example - and extends it with new methods, like .subtract(). When ...
LinkedIn

Node.js Architecture: V8, libuv, and C++ Bridge

So what is libuv? It’s a C library under Node.js that manages asynchronous work and the Event Loop. Think of it as the bridge between your JavaScript code and the operating system. It handles tasks ...