North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...
GitHub

GitHub - nodejs/amaro: Node.js TypeScript wrapper

Amaro is a wrapper around @swc/wasm-typescript, a WebAssembly port of the SWC TypeScript parser. It's used as an internal in Node.js for Type Stripping but can also be used as a standalone package.