Javascript stories

Chainguard expands its rebuilt-from-source Libraries to Python, Java and JavaScript, targeting malware risks in AI-driven software supply chains.

Meta hands React and React Native to a new Linux Foundation-backed React Foundation, promising neutral, community-led governance.

ActiveState launches a 79m-component secure open source catalogue to centralise software supply chains and cut enterprise vulnerability risk.

Developers granting AI agents broad, unsupervised access to code and systems are creating new software supply chain and data exposure risks.

OpenSilver 3.3 lets developers embed native Blazor components in XAML apps, uniting WPF-style UI with the Blazor ecosystem.

Cloudflare snaps up the Astro web framework, vowing to keep it open source while tying it closer to its performance and developer platform.

MongoDB bakes Voyage 4 AI models into Atlas and automates vector search, targeting scalable, production-grade retrieval applications.

Intruder finds over 42,000 sensitive tokens hidden in JavaScript bundles, exposing a major blind spot in modern web app security tools.

Progress launches agentic AI tools in Telerik and Kendo UI to auto-generate production-ready screens and boost developer productivity.

Socket launches a beta Ruby analysis engine to reduce false alerts by identifying truly exploitable vulnerabilities in Ruby applications.

OpenAI's AI models lead secure code generation with up to 72% pass rate, outpacing rivals who show little progress despite ongoing sector development.

UK developer salaries hit record highs, with AI specialists earning up to GBP £122,000 as demand for advanced tech skills surges amid industry growth.

Reflectiz has raised $22 million in Series B funding to expand its AI-driven web risk platform and establish a global HQ in Boston.

The Linux Foundation is launching the React Foundation to govern React and React Native, with Meta and firms like Amazon and Microsoft among its founding members.

Microsoft details how its AI-driven tools detected and blocked a sophisticated SVG phishing campaign that mimicked PDFs and used AI-generated code.

UK's AI growth may stall as ageing developer workforce, with average age 39 and fewer new entrants, risks slowing innovation despite strong investment.

A Stack Overflow survey finds 84% of developers use AI tools, yet 46% mistrust AI output, highlighting a growing trust gap despite rising adoption.

Harness launches AI Test Automation to speed up DevOps testing, cutting test creation time by 90% and boosting automation coverage for faster releases.

A malware attack has hit 16 React Native npm packages, putting around 1 million weekly downloads at risk of Remote Access Trojan infection.

Datadog reveals updated DevSecOps report showing Java's vulnerabilities and announces Metaplane acquisition to boost data observability and AI monitoring.