npm audit passed the event-stream package 847 times before it stole cryptocurrency wallets. A new Rust-based scanner is changing how developers think about dependency safety.
The React ecosystem is fragmenting in interesting ways this week. While Next.js doubles down on flexibility through a new Adapters API, TanStack is betting on a radically different approach to React Server Components—and Axios just got compromised in a major supply chain attack that should scare you.
Open source adoption is skyrocketing, but here's the catch: nearly half of engineering teams are drowning in maintenance work. A new survey reveals the uncomfortable truth behind the hype.