typescript.news

#security

No articles are currently tagged with 'security'.
3 articles tagged with security
Node.js March 2026: Six Security Patches Land Across All Active Branches

Node.js March 2026: Six Security Patches Land Across All Active Branches

Node.js shipped emergency security releases for v25, v24, v22, and v20 on March 24, 2026, patching two high-severity CVEs including a TLS SNICallback crash and an HTTP header prototype pollution risk. Here's what each fix does and which versions are affected.
Axios npm Supply Chain Attack: Malicious Versions Drop Remote Access Trojan

Axios npm Supply Chain Attack: Malicious Versions Drop Remote Access Trojan

Two poisoned releases of axios β€” one of the most widely-used Node.js HTTP client libraries β€” were published and pulled from npm within hours. Here's what happened, how the attack worked, and what you need to do right now.
Claude Code Source Map Leak Exposes Hidden Agent OS, Chrome Automation, and Privacy Gaps

Claude Code Source Map Leak Exposes Hidden Agent OS, Chrome Automation, and Privacy Gaps

On March 30–31 2026, developers discovered that the npm package @anthropic-ai/claude-code@v2.1.88 included a production source map file that exposed the full TypeScript source code β€” revealing undocumented multi-agent orchestration, a hidden Chrome MCP server, an internal query engine, a tool permission system, and a three-tier telemetry system.
View all tags