note

JavaScript: replace() only replaces the first occurrence (an old trap born from history)

When you want to replace all instances of a specific character in a text with another, many people intuitively use the replace() method. However, there is a "historical trap" hidden in JavaScript here ...
IEEE

Rexstepper: a Reference Debugger for JavaScript Regular Expressions

Abstract: Regular expressions are notoriously difficult to get right, with developers often having to resort to trial-and-error approaches. Even so, little attention ...
InfoQ

Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
The Hacker News

Why Secrets in JavaScript Bundles are Still Being Missed

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional ...
The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, ...
Analytics Insight

10 Must-Know Modern JavaScript Features in 2026

JavaScript updates in 2026 focus on fixing long-standing issues instead of adding unnecessary complexity. Core features now handle iteration sets, async logic, and dates with fewer workarounds and ...
GIGAZINE

Finally, to fully utilize the YouTube download function of yt-dlp, a JavaScript runtime such as Deno is required, and the installation procedure is like this

YouTube's specifications are extremely complex and change frequently. The yt-dlp development team previously supported YouTube using a method that heavily relied on regular expressions. However, in ...
TechRadar

An incredibly popular JavaScript library might have some worrying malware issues

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...
InfoWorld

ECMAScript 2025: The best new features in JavaScript

We’ll start with the most far-reaching addition, which the spec describes as “a new Iterator global with associated static and prototype methods for working with iterators.” The most exciting part of ...
GitHub

Regular expression lib; portable across Java variants, including GWT

Java applications using libraries like LibGDX can target multiple platforms with minimal changes to the codebase... most of the time. Targeting HTML via Google Web Toolkit, or GWT, involves using a ...