Osmond Van Hemert

A single developer deliberately corrupted two widely-used npm packages, exposing the fragility of the open source supply chain.

Node.js had a year of steady progress in 2021: Node 16 went LTS, the test runner landed, and the ecosystem continued its TypeScript migration.

After six months in the GitHub Copilot technical preview, here’s what AI pair programming actually looks like in day-to-day development work.

A week after Log4Shell, the patching chaos continues. But the bigger lesson is about software supply chain security and why we need SBOMs now.

A critical remote code execution vulnerability in Apache Log4j has sent the entire industry scrambling. Here’s what you need to know and do right now.

AWS re:Invent 2021 delivered a clear message: the cloud is moving toward higher-level abstractions, and developers should pay attention.

AWS re:Invent 2021 is underway in Las Vegas, and the announcements already hint at where cloud infrastructure is headed next.

CentOS Stream 9 has arrived as the successor to both CentOS 8 and the traditional CentOS model — and the enterprise Linux community is still adapting.

Popular npm packages coa and rc were hijacked to distribute malware, impacting thousands of projects and raising urgent questions about supply chain security.

With .NET 6 approaching release at .NET Conf, Microsoft finally delivers on its promise of a single unified platform — and it’s genuinely impressive.

Facebook’s rebrand to Meta signals a massive infrastructure bet on the metaverse — here’s what it means for developers and platform engineers.

The popular ua-parser-js npm package was hijacked to deliver cryptominers and credential stealers, affecting millions of weekly downloads.