The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
InfoWorld

TypeScript levels up with type stripping

Say goodbye to source maps and compilation delays. By treating types as whitespace, modern runtimes are unlocking a “no-build” TypeScript that keeps stack traces accurate and workflows clean.
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
Milwaukee Journal Sentinel

Craters & Freighters Transforms Hazmat Shipping Operations with DGIS Software to Support Compliance Across 30+ Locations

Craters & Freighters strengthens compliant dangerous goods shipping across 30+ locations using DGIS software to streamline hazmat operations and reduce risk. Before DGIS, hazmat processes differed ...
GitHub

PHP HTTP Request Handler for Node.js

With @platformatic/php-node you can run PHP applications within the same process as a Node.js application, allowing for communication between Node.js and PHP without any network connection in the ...