As we highlighted in our post on False Positives in Vulnerability Scanning,1 output of vulnerability assessment tools like npm audit can be cumbersome because it lacks context. VEX (Vulnerability EXchange) is a new standard developed by the NTIA to exchange information about which vulnerabilities are actually exploitable in a product.
It's about darn time someone went head-to-head with the JavaScript ecosystem. Someone who knew what they were doing, and had a vision for how good things could be.
As far as I can tell, Bun started as a JavaScript webserver and scope-creeped it's way into being a complete rewrite of the JavaScript ecosystem.
ctx and Phpass, compromisedIn this post we'll be reviewing the malicious code that was introduced to both ctx and phpass.
