Cloudflare boasted about a single engineer with just $1,100 in AI tokens building “a drop-in replacement for Next.js” in a week. This kicked off a beef with Vercel, which maintains Next.js, a popular ...

Cloudflare's engineer rebuilt Next.js in under a week, creating an alternative called 'vinext'. Vinext achieves 4.4x faster production builds and reduces client bundle sizes by 57%. The framework is a ...

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.

Strip the types and hotwire the HTML—and triple check your package security while you are at it. JavaScript in 2026 is just getting started. I am loath to inform you that the first month of 2026 has ...

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...

JavaScript updates in 2026 focus on fixing long-standing issues instead of adding unnecessary complexity. Core features now handle iteration sets, async logic, and dates with fewer workarounds and ...

Note: jsrun is experimental. Expect breaking changes between versions. One of the most compelling use cases for jsrun is building safe execution environments for AI agents. When LLMs generate code, ...

JavaScript is a crucial web component and a building block for many web apps and websites. Sometimes users can accidentally disable JavaScript, but the browser settings can help you enable it again.

Format availability without a JS runtime is expected to worsen as time goes on, and this will not be considered a "bug" but rather an inevitability for which there is no solution. It's also expected ...