JavaScript
Coverage of JavaScript in the Nexus archive.
- Show HN: Homegames. An open-source game platform I've been making for 8 years
Homegames is an open-source game platform developed over 8 years, featuring JavaScript-based games with accessible source code and an in-browser editor for creating and publishing games. The project's code is hosted on GitHub, and the creator seeks feedback on games, studio features, and the platform.
- The Birth and Death of JavaScript (2014)
The article titled 'The Birth and Death of JavaScript (2014)' discusses the origins and challenges of JavaScript. It references a talk available on Destroy All Software's website and includes Hacker News comments and engagement metrics.
- Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Cybersecurity researchers identified six vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers, which could allow remote code execution (RCE) and denial-of-service (DoS) attacks in Node.js applications through malicious schemas or payloads.
- Show HN: Kyushu – A self-hostable WASM sandbox for JavaScript workers
Kyushu is a self-hostable WebAssembly (WASM) sandbox designed for JavaScript workers, showcased on Hacker News. The project provides a secure execution environment for running JavaScript code in isolated environments.
- Ableton is letting musicians build browser-style extensions for Live
Ableton introduces an Extensions SDK that allows users to build features for Live using JavaScript, expanding beyond its existing Max for Live tool which focuses on MIDI and audio processing. The new system enables modifications to nearly any part of the DAW via right-clicking, with example extensions for tasks like bulk track renaming, song arrangement sketching, and sample slicing.
- Websites Can Now Spy on You Through Your Hard Drive
Websites can now track SSD activity through browsers using the FROST technique, which employs JavaScript to measure telltale drive behavior.
- Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A coordinated supply chain attack has compromised eight packages on Packagist, injecting malicious code that executes a Linux binary hosted on GitHub Releases. The attack targeted JavaScript projects by inserting malicious content into package.json, bypassing composer.json in Composer packages.
- Deno 2.8
Deno released version 2.8, a JavaScript and TypeScript runtime. The release announcement was posted on the official Deno blog with minimal initial engagement on Hacker News.
- Google accidentally exposed details of unfixed Chromium flaw
Google accidentally disclosed details about an unfixed security vulnerability in Chromium that allows JavaScript to execute in the background after the browser is closed, enabling remote code execution on affected devices. The leaked information about this critical flaw poses a significant security risk to users until a patch is developed and released.
- Anza - Solana Kit 6.9 Is Out
Anza has released Solana Kit 6.9, which adds support for fixed-point numbers and a first-class Sol type, enabling exact decimal and binary math in JavaScript. This release also includes updates such as Agave v3.x vote-account and simulateTransaction fields. The kit is available at solanakit.com.
- vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been found in the vm2 Node.js library, which could allow bad actors to escape the sandbox and execute arbitrary code on susceptible systems. The vm2 library is used to run untrusted JavaScript code inside a secure sandbox. This vulnerability puts systems using the library at risk of arbitrary code execution.
- How I made $350K from an open-source JavaScript library using dual licensing
The article discusses how an individual made $350K from an open-source JavaScript library using dual licensing, a strategy that allows for both free and paid usage of the software. The library was shared on platforms like GitHub, allowing for widespread adoption and revenue generation. This approach highlights the potential for monetizing open-source projects.
- Show HN: Browser Harness – Gives LLM freedom to complete any browser task
Browser Harness is a new tool that grants LLMs maximum freedom to perform browser tasks by removing restrictive frameworks. It uses Chrome's CDP websocket with self-correction and dynamic tool creation, enabling LLMs to handle edge cases like file downloads and cross-origin iframes autonomously. Examples include playing Stockfish, setting Tetris records, and generating JavaScript to draw a heart.
- Show HN: FluidCAD – Parametric CAD with JavaScript
FluidCAD is a parametric CAD tool developed using JavaScript, designed to streamline 3D modeling with features like live rendering, interactive modes, and implicit coding. The project, still in early development, aims to reduce mental effort for CAD designers while maintaining familiar workflows.