Bleeping Computer

Heavily used Node.js package has a code injection vulnerability

A heavily downloaded Node.js library has a high severity command injection vulnerability revealed this month. Tracked as CVE-2021-21315, the bug impacts the "systeminformation" npm component which ...
Dark Reading

New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries

Researchers at Johns Hopkins University recently uncovered a startling 180 zero-day vulnerabilities across thousands of Node.js libraries using a new code analysis tool they developed specifically for ...