CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

A large-scale campaign impersonates open-source and freeware project portals to redirect users through a gated TDS and ...

Cloudflare acquires VoidZero and with it the team behind Vite, Vitest, and more. The tools are to remain open-source and ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Discover the hidden gem of media players that power users have been quietly enjoying for years, and find out why it's time to ...

VoidZero's toolchain, anchored by Vite, has emerged as the shared substrate for the web ecosystem, capturing over 130 million weekly downloads. The Cloudflare Vite plugin has reached 13.9 million ...

How AI-enabled deception, open-source software dependencies, and social engineering are reshaping enterprise cybersecurity ...

Acquisition brings Vite, the world’s leading JavaScript build tool, and its core open source team to Cloudflare Cloudflare commits $1 million to an independent Vite ecosystem fund to support open sour ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

As search becomes increasingly dominated by AI summaries and commercial content, people are experimenting and coming up with ways to make the web feel more human like it used to, building everything ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.