AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Explore Homebrew Statistics to uncover key usage trends, installs, and growth insights that help developers make smarter ...

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...