#security

The latest security news, releases, and analysis for TypeScript and web developers.
28 articles tagged with security
Claude Code Issue #74066: Users Report Cross-Workspace Context Bleed on Sonnet 5, Anthropic Has Not Yet Responded

Claude Code Issue #74066: Users Report Cross-Workspace Context Bleed on Sonnet 5, Anthropic Has Not Yet Responded

An open bug filed against Claude Code on 2026-07-04 by an [Enterprise ZDR](https://docs.anthropic.com/en/docs/build-with-claude/zero-data-retention) user describes a working session on Sonnet 5 that suddenly starts referencing an unrelated Minecraft temple build, then doubles down on the wrong task in its recap. The reporter (GitHub: [@milesrichardson-edb](https://github.com/milesrichardson-edb), issue [anthropics/claude-code#74066](https://github.com/anthropics/claude-code/issues/74066)) is on Enterprise Zero Data Retention, the tier Anthropic specifically advertises as session-isolated. Triage on the reporter's local session JSONL at `~/.claude/projects/<encoded-cwd>/<session-id>.jsonl` finds the leaked text is not in the transcript, ruling out a local context bleed by file overlap. Four other users in the comments (with work histories going back to last year) describe near-identical behavior across Claude Code, Claude Mobile, and Claude deep research. The most plausible architectural fit is shared KV-cache state in inference ([per @yv3nne in the comments](https://github.com/anthropics/claude-code/issues/74066#issuecomment-4880448776)), but no Anthropic engineer has commented on the issue in the 22 hours since it was filed, and the issue reached the top of [Hacker News](https://news.ycombinator.com/item?id=42481789) on 2026-07-04. The tone in the thread is split: half suspecting a real platform cache reuse, half suspecting a [sonnet-5-specific hallucination triggered by a Pygments lexer](https://github.com/anthropics/claude-code/issues/74066#issuecomment-4880334711). Both readings are credible.
Fastify v5.9.0 Adds `request.mediaType` and `onMaxParamLength`, Hardens `forwarded` Header Trust, Chunks Large HTTP/2 Replies, and Moves Type Tests to TSTyche

Fastify v5.9.0 Adds `request.mediaType` and `onMaxParamLength`, Hardens `forwarded` Header Trust, Chunks Large HTTP/2 Replies, and Moves Type Tests to TSTyche

Fastify v5.9.0, published on 2026-06-28 (github.com/fastify/fastify), is the first minor release of the v5 line in 2026 and a substantial 65-PR cycle. The headline features are `request.mediaType` (a typed accessor for the negotiated media type, [#6653](https://github.com/fastify/fastify/pull/6653) by climba03003), `onMaxParamLength` route option ([#6716](https://github.com/fastify/fastify/pull/6716) by climba03003), and a security fix that no longer trusts `X-Forwarded-Host` and `X-Forwarded-Proto` when the incoming socket is missing ([#6684](https://github.com/fastify/fastify/pull/6684) by mcollina). The cycle ships an HTTP/2 buffer-chunking fix for large replies ([#6746](https://github.com/fastify/fastify/pull/6746) by mcollina), three schema-related performance wins (deferred `getSchemaSerializer` content-type parsing #6692, cached `ContentType` objects in `ContentTypeParser` #6694, `typeof` guard before `toString.call` in `send` / `onSendEnd` #6693 by aquie00t), Node.js 26 added to the test matrix ([#6728](https://github.com/fastify/fastify/pull/6728) by Fdawgs) and Node.js 20 dropped from the yarn CI matrix ([#6662](https://github.com/fastify/fastify/pull/6662) by Tony133), the migration of the type-test suite from hand-rolled `expect-type` to [TSTyche](https://github.com/mrazauskas/tstyche) ([#6532](https://github.com/fastify/fastify/pull/6532) by mrazauskas, with follow-ups #6726 and #6727), and a TypeScript-only fastify-plugin v6.0.0 bump. Other notable fixes: trailer `res.end` deduplication (#6676), trailer duplicate-completion guard (#6714), `error.code` on routing errors (#6678), `hasRequestDecorator` / `hasReplyDecorator` catching constructor-assigned built-ins (#6753), `getValidationFunction()` allowed to return `undefined` (#6665), and a socket `_meta` clear that closes a keep-alive leak (#6799).
Deno 2.9 Ships 1.98x Faster Cold Start, 2.2-3.1x Less RSS Under Load, Default-On npm Minimum Release Age, No-Downgrade Trust Policy, and Built-In Snapshot Testing

Deno 2.9 Ships 1.98x Faster Cold Start, 2.2-3.1x Less RSS Under Load, Default-On npm Minimum Release Age, No-Downgrade Trust Policy, and Built-In Snapshot Testing

Deno 2.9 (Bartek Iwańczuk, published 2026-06-25 on deno.com/blog/v2.9) is the largest Deno release of the cycle. Cold start drops from 34.2 ms to 17.3 ms (1.98x), peak RSS on the Deno.serve realworld workload drops 2.2x (142 MB → 64 MB) and 3.1x on 1 MiB bodies (197 MB → 63 MB), and Deno.serve throughput climbs 1.27x realworld (56.8k → 72.4k req/s), 1.11x plaintext, and 1.18x on 1 MiB bodies. Supply chain hardening: npm minimum-release-age is enabled by default with a 24h window (PR #35458), and a new opt-in no-downgrade trust policy (PR #34927) refuses to resolve any version whose trust evidence (staged publish, trusted publishing, provenance attestation) is weaker than the strongest evidence on any earlier-published version of the same package. Test runner parity: built-in t.assertSnapshot() (#35139), Deno.test.each (#34938), --shard for CI fan-out (#35057), retry and repeats (#35053), change-aware --changed and --related (#35199), and coverage thresholds (#35056). Lockfile interop: deno install seeds deno.lock from package-lock.json, pnpm-lock.yaml, yarn.lock, or bun.lock (#34296, #35330, #35346, #35350, #35394), pnpm-workspace.yaml auto-migrates to deno.json / package.json (#34993), and git merge conflict markers in deno.lock auto-resolve (#34726). Plus: deno desktop graduates from experimental (the June 16 PR #33441), deno link / deno unlink / deno list / deno watch subcommands, stable --unsafe-proto (#34738), Web Locks API (#31166), Happy Eyeballs v2 (RFC 8305) (#31726), navigator.userAgentData (#34743), the WebCrypto Modern Algorithms proposal (ML-KEM, ML-DSA, SLH-DSA, ChaCha20-Poly1305, SHA-3 family, KMAC, Argon2) (#34447, #34448, #34914, #35223), Node 26.3.0 compat (#34746, #34747), Node-API v10 (#35270), and CSS module imports under --unstable-raw-imports (#35093). 165+ PRs land in this cycle.
Anthropic Accuses Alibaba of 'Brazen' Industrial-Scale Distillation of Claude: 28.8M Exchanges, ~25,000 Fraudulent Accounts, April 22 to June 5

Anthropic Accuses Alibaba of 'Brazen' Industrial-Scale Distillation of Claude: 28.8M Exchanges, ~25,000 Fraudulent Accounts, April 22 to June 5

Anthropic published a blog post on 2026-06-24 (https://www.anthropic.com/news/detecting-and-preventing-distillation-attacks) accusing Alibaba of an industrial-scale distillation campaign against Claude. Anthropic says the campaign ran from April 22 to June 5, 2026 and produced over 28.8 million exchanges with Claude through almost 25,000 fraudulent accounts. The accusation is the second in Anthropic's public distillation disclosures: the first, on 2026-02-23, named DeepSeek, Moonshot AI, and MiniMax as attackers behind 16 million exchanges across 24,000 fraudulent accounts. Reuters (Krystal Hu, Eduardo Baptista) and Bloomberg (Saritha Rai) reported the new allegation on 2026-06-24; WSJ ran Anthropic Claims Alibaba Ran 'Brazen' Campaign to Access Its Claude AI Model the same day. Alibaba has not yet issued a public statement at time of writing.
Node.js 26.4.0 'Current' Ships node:vfs Subsystem (Matteo Collina), ESM Loader Package Maps (Maël Nison), TLS Certificate Compression, TCP_KEEPINTVL/TCP_KEEPCNT, and argon2 Stable

Node.js 26.4.0 'Current' Ships node:vfs Subsystem (Matteo Collina), ESM Loader Package Maps (Maël Nison), TLS Certificate Compression, TCP_KEEPINTVL/TCP_KEEPCNT, and argon2 Stable

Node.js 26.4.0 (Current), published 2026-06-24 by @aduh95, lands eight SEMVER-MINOR changes: a minimal node:vfs subsystem that mounts user-supplied virtual filesystems (PR #63115, Matteo Collina) plus a follow-up that dispatches node:fs/promises to mounted VFS instances (PR #63537), package maps for ESM loaders that route bare specifiers through the loader hooks (PR #62239, Maël Nison), TLS certificateCompression that wires RFC 8879 zlib and zstd compression through the OpenSSL build config (PR #62217, Tim Perry), TCP_KEEPINTVL and TCP_KEEPCNT support in net.Socket.setKeepAlive (PR #63825, Guy Bedford), caller-supplied buffers in fs.readFile / fs.readFileSync (PR #63634, Matteo Collina), closeIdleConnections that now also drops pre-request sockets (PR #63470, semimikoh), net.BlockList advanced to Release Candidate stability (PR #63050), and crypto argon2 + KEM encap/decap marked stable (PR #63924, Filip Skokan). The release also adds WebCrypto cSHAKE (PR #63988), QUIC listEndpoints (PR #63536) and X509Certificate handles (PR #63191), dgram connectSync / bindSync (PRs #63838 + #63932, Guy Bedford), early-TCP net.BoundSocket (PR #63951), an experimental fast FFI call path for AArch64 and x86_64 (PRs #63068 + #63941, Paolo Insogna), npm 11.17.0 (PR #63857), sqlite 3.53.2, and libffi 3.6.0.
Node.js 24.18.0 'Krypton' LTS Lands Buffer.poolSize at 64 KiB, Web Crypto's TurboSHAKE and KangarooTwelve, and http.writeInformation for Arbitrary 1xx Codes

Node.js 24.18.0 'Krypton' LTS Lands Buffer.poolSize at 64 KiB, Web Crypto's TurboSHAKE and KangarooTwelve, and http.writeInformation for Arbitrary 1xx Codes

Node.js 24.18.0 'Krypton' (LTS), published 2026-06-23, ships the Buffer.poolSize 64 KiB default that landed on Current in 26.3.0, adds RFC 9861's TurboSHAKE and KangarooTwelve to Web Cryptography (PR #62183, 1,521 additions, 13 files), adds http.writeInformation for arbitrary 1xx status codes (PR #63155, 306 additions, 7 files), exposes V8 precise coverage start to the JS inspector runtime (commit 8c989ec4a3), adds JWK import-export for the ML-KEM and SLH-DSA post-quantum key types (PR #62706, 842 additions, 39 files), lands the BoringSSL-side wiring of ML-DSA, ML-KEM, ChaCha20-Poly1305, and AES-KW for Web Crypto (PR #63255), hardens WebCrypto against prototype pollution (PR #63363), aligns crypto.diffieHellman key argument names and accepts key data inputs (PR #62527), reverts the 24.16.0 'noop pause/resume on destroyed streams' behavior (PR #63834), and ships a single-line hotfix on 22.23.1 that backs out an http agent change from the 06-18 security release that triggered an unexpected re-stream.
pnpm 11.8 Ships `install --dry-run`, Node.js Package Maps, and Per-Package SBOM

pnpm 11.8 Ships `install --dry-run`, Node.js Package Maps, and Per-Package SBOM

pnpm 11.8.0 (June 18, 2026) adds a long-requested `--dry-run` for `pnpm install`, experimental Node.js package maps at `node_modules/.package-map.json`, CycloneDX devDependencies scope and per-package SBOM generation, and a macOS Gatekeeper fix that strips quarantine from native binaries. It also closes a configDependencies path-traversal advisory (GHSA-qrv3-253h-g69c) three days after the 11.7 lockfile hardening.
Node.js June 2026 Security Release: 12 CVEs Across v22.23.0, v24.17.0, and v26.3.1, with Two High-Severity TLS and Crypto Fixes

Node.js June 2026 Security Release: 12 CVEs Across v22.23.0, v24.17.0, and v26.3.1, with Two High-Severity TLS and Crypto Fixes

On June 18, 2026, the Node.js project shipped coordinated security releases for the v22 'Jod' LTS, the v24 'Krypton' LTS, and the v26 Current line. The drop fixes 12 CVEs, including two rated High: CVE-2026-48618 (TLS hostname normalization for server identity checks) and CVE-2026-48933 (WebCrypto cipher output length guard). The release also picks up OpenSSL 3.5.7, undici 8.5.0 on v26, llhttp 9.4.2, and nghttp2 1.69.0 (semver-major) on v22 and v24.
OpenAI Codex 0.141 Adds Noise-Encrypted Remote Executors, Cross-OS `PathUri`, a Plugin Marketplace, and a SQLite WAL-Reset Pin

OpenAI Codex 0.141 Adds Noise-Encrypted Remote Executors, Cross-OS `PathUri`, a Plugin Marketplace, and a SQLite WAL-Reset Pin

Codex 0.141.0 (June 18, 2026) makes Noise IK the default transport between orchestrator and exec-server, ships a PathUri / NativePathString layer that round-trips POSIX, Windows-drive, and UNC paths without leaking the URI encoding, opens a `created-by-me-remote` plugin marketplace, raises the MCP tool timeout to 300 seconds, and pins the bundled SQLite to 3.51.3 to keep the WAL-reset corruption fix in place after dependency refreshes.
pnpm 11.7 Adds `frozenStore` for Read-Only Filesystems, Lets pacquet Resolve Dependencies, and Closes a Lockfile Path-Traversal

pnpm 11.7 Adds `frozenStore` for Read-Only Filesystems, Lets pacquet Resolve Dependencies, and Closes a Lockfile Path-Traversal

pnpm 11.7.0 (June 15, 2026) ships four headline changes: a `--frozen-store` install mode for Nix stores, OCI layers, and other read-only mounts; delegation of dependency resolution to the pacquet Rust port (not just materialization); an opt-in `--batch` flag for `pnpm publish --recursive`; and a security fix that rejects path-traversal and reserved aliases (`.bin`, `.pnpm`, `node_modules`, `../../escape`) in lockfile-sourced dependencies.
Playwright v1.61.0 Lands WebAuthn Passkeys, a Real WebStorage API, and Trace-Style Video Modes for the Test Runner

Playwright v1.61.0 Lands WebAuthn Passkeys, a Real WebStorage API, and Trace-Style Video Modes for the Test Runner

Playwright v1.61.0 (June 15, 2026) ships a virtual authenticator for WebAuthn/passkey ceremonies, a first-class page.localStorage / page.sessionStorage API, network security details on API responses, and brings test runner video recording to parity with trace recording. Browser channels: Chromium 149, Firefox 151, WebKit 26.5.
esbuild 0.28.1: First Release in Two Months Ships a High-Severity Deno RCE, a Windows Path Traversal, and a `using` Disposal Bug

esbuild 0.28.1: First Release in Two Months Ships a High-Severity Deno RCE, a Windows Path Traversal, and a `using` Disposal Bug

esbuild v0.28.1 (June 11, 2026) is the first release since April. It fixes a CVSS 8.1 remote code execution in the Deno API via NPM_CONFIG_REGISTRY, a Windows-only dev-server path traversal, and a minifier bug that silently broke `using` and `await using` resource disposal.
US Government Orders Anthropic to Suspend Fable 5 and Mythos 5 Worldwide; Anthropic Pushes Back

US Government Orders Anthropic to Suspend Fable 5 and Mythos 5 Worldwide; Anthropic Pushes Back

On June 12, 2026 at 5:21pm ET, Anthropic received an export control directive from the US government requiring it to disable Fable 5 and Mythos 5 for every user, including foreign nationals inside the United States. Anthropic is complying while publicly disputing the technical basis of the order.
Anthropic, the Export Control Directive, and the Anatomy of a Fable 5 Pull: A Deep Dive

Anthropic, the Export Control Directive, and the Anatomy of a Fable 5 Pull: A Deep Dive

On June 12, 2026, the US government ordered Anthropic to suspend Fable 5 and Mythos 5 for every foreign national worldwide. The directive did not target a country, and it did not target a capability. It targeted a class of person. This long read unpacks the legal mechanism, the 'US person' concept that decides who keeps access, why Anthropic chose to disable for everyone, what Project Glasswing loses, and what precedent this sets for the rest of the frontier model industry.
Anthropic Claude Fable 5 Launches, Then Apologizes for Invisible Distillation Guardrails

Anthropic Claude Fable 5 Launches, Then Apologizes for Invisible Distillation Guardrails

Fable 5 is the first widely-available Mythos-class model, with state-of-the-art results on software engineering, knowledge work, and vision, priced at $10/$50 per million tokens. Two days later, Anthropic reversed course on its stealth distillation throttling.
npm Supply Chain Attack: Red Hat Compromised via Mini Shai-Hulud

npm Supply Chain Attack: Red Hat Compromised via Mini Shai-Hulud

Wiz Research uncovers Miasma, a new supply chain attack abusing trusted-publishing to inject credential-stealing malware into 32+ Red Hat npm packages.
Node.js 26.3.0: Buffer Pool Doubles, Permission API Gains drop(), Intel Macs at Risk

Node.js 26.3.0: Buffer Pool Doubles, Permission API Gains drop(), Intel Macs at Risk

Node.js 26.3.0 lands with a doubled default Buffer.poolSize to 64 KiB, a new permission.drop() method for granular capability surrender, macOS universal binary warnings, and hardened WebCrypto. npm is bumped to 11.16.0.
Astro 6.1.8 Patches Critical Netlify Deploy Bug and Image Endpoint Security Flaw

Astro 6.1.8 Patches Critical Netlify Deploy Bug and Image Endpoint Security Flaw

Astro 6.1.8 fixes a regression where build output filenames containing special characters caused deploy failures on Netlify and Vercel, and patches a content-type confusion vulnerability in the built-in image endpoint that could serve non-SVG content as SVG.
Node.js 25.9: The stream/iter API Finally Lands as Experimental

Node.js 25.9: The stream/iter API Finally Lands as Experimental

Node.js 25.9 adds an experimental stream/iter module for async iteration over streams, a --max-heap-size CLI flag, AsyncLocalStorage with using scopes, TurboSHAKE crypto, and an upgraded npm 11.12.1. Here's what each change means for your code.
Google's JSIR: An MLIR-Based Intermediate Representation for JavaScript Analysis

Google's JSIR: An MLIR-Based Intermediate Representation for JavaScript Analysis

Google has open sourced JSIR, a next-generation JavaScript analysis tool built on MLIR. It supports both high-level dataflow analysis and lossless source-to-source transformation, used internally for Hermes bytecode decompilation and AI-powered JavaScript deobfuscation.
State of TypeScript 2026: GitHub's #1 Language, Project Corsa, and the Supply Chain Reckoning

State of TypeScript 2026: GitHub's #1 Language, Project Corsa, and the Supply Chain Reckoning

A look back at the major events that reshaped TypeScript's position in the JavaScript ecosystem, from surpassing JavaScript on GitHub to npm supply chain compromises and the Go-based compiler rewrite targeting 10x faster builds.
Anthropic's Project Glasswing: When AI Finds Zero-Days Faster Than Humans Can Count Them

Anthropic's Project Glasswing: When AI Finds Zero-Days Faster Than Humans Can Count Them

In one month, Claude Mythos Preview found thousands of zero-day vulnerabilities that survived decades of human review, in OpenBSD, the Linux kernel, FFmpeg, and every major browser. We dug into the technical details, the industry coalition, and what it means for every security team on the planet.
EmDash: Cloudflare's TypeScript-Based WordPress Successor with Sandboxed Plugins

EmDash: Cloudflare's TypeScript-Based WordPress Successor with Sandboxed Plugins

Cloudflare has built EmDash, a new open-source CMS written entirely in TypeScript and powered by Astro. Plugins run in isolated Dynamic Workers, solving WordPress's decades-old plugin security crisis where 96% of security issues originate.
Node.js March 2026: Six Security Patches Land Across All Active Branches

Node.js March 2026: Six Security Patches Land Across All Active Branches

Node.js shipped emergency security releases for v25, v24, v22, and v20 on March 24, 2026, patching two high-severity CVEs including a TLS SNICallback crash and an HTTP header prototype pollution risk. Here's what each fix does and which versions are affected.
GitHub Copilot's Quiet Policy Shift: Your Code Will Train Their Models Unless You Opt Out

GitHub Copilot's Quiet Policy Shift: Your Code Will Train Their Models Unless You Opt Out

Starting April 24, 2026, GitHub will use interaction data from Free, Pro, and Pro+ Copilot users to train AI models, unless they manually opt out. Business and Enterprise tiers are unaffected. Here's what changes and how to protect your code.
Rivet Agent OS: The In-Process OS That Runs AI Agents 500x Cheaper Than Sandboxes

Rivet Agent OS: The In-Process OS That Runs AI Agents 500x Cheaper Than Sandboxes

YC and a16z-backed Rivet built an agent runtime on V8 isolates and WebAssembly that cold-starts in 4.8ms, 92x faster than E2B, at 1/17th the cost. We deeply researched the architecture, the benchmarks, and what it means for every agent framework.
Axios npm Supply Chain Attack: Malicious Versions Drop Remote Access Trojan

Axios npm Supply Chain Attack: Malicious Versions Drop Remote Access Trojan

Two poisoned releases of axios, one of the most widely-used Node.js HTTP client libraries, were published and pulled from npm within hours. Here's what happened, how the attack worked, and what you need to do right now.
Claude Code Source Map Leak Exposes Hidden Agent OS, Chrome Automation, and Privacy Gaps

Claude Code Source Map Leak Exposes Hidden Agent OS, Chrome Automation, and Privacy Gaps

On March 30–31 2026, developers discovered that the npm package @anthropic-ai/claude-code@v2.1.88 included a production source map file that exposed the full TypeScript source code, revealing undocumented multi-agent orchestration, a hidden Chrome MCP server, an internal query engine, a tool permission system, and a three-tier telemetry system.