Welcome to Hot Web Dev November 2025, featuring the latest technology, web development news and articles. This month features the NPM worm, learning programming slowly, JavaScript and dependency update tool for all of your projects.
Table of contents
In November 2025, a self-replicating npm worm, Shai-Hulud 2.0, backdoored 796 npm packages, targeting developer environments and cloud workloads. Malware immediately conducts credential discovery across multiple sources, including GitHub tokens, cloud credentials, npm tokens, and filesystem scanning for API keys and passwords.
Malware infiltrates systems through a multi-stage loading process, using a modified package.json with a preinstall script pointing to setup_bun.js. This script downloads the Bun runtime and executes the bundled, obfuscated bun_environment.js payload.
This creates a dangerous situation. If GitHub deletes the malware’s repositories or revokes compromised tokens, thousands of infected systems could simultaneously destroy user data. The distributed nature of the attack means each infected machine monitors access and deletes user data when a takedown is detected.
NPM packages have been a common target over the past few months. As reported in September’s edition, when attackers gained access to a developer’s account, it led to a supply chain attack targeting cryptocurrency wallets.
To improve security, NPM is implementing changes to its token management system to enhance security. New NPM classic tokens can no longer be created, and existing ones were revoked on the 19th November 2025. Users are advised to migrate to npm granular access tokens, which now enforce 2FA by default and have a 90-day maximum lifetime for write permissions.
Source
Dr David J. Malan, Harvard computer science professor, discusses the importance of learning C programming, his approach to teaching coding fundamentals, and the future of self-paced learning in software engineering. FreeCodeCamp published several new courses, including cryptography, 3D game development, Event-Driven Architecture, and guitar. They also highlighted the winner of the JS13k competition, Cat Strike.
JavaScript is the most popular programming language worldwide, used by 62.3% of all developers. It powers 95% of all websites, from small blogs to major platforms like Netflix, PayPal, LinkedIn, and Facebook. JavaScript handles user interactions on webpages, such as button clicks, live updates, and form validation.
JavaScript’s vast ecosystem, with over 2.4 million npm packages, offers libraries for nearly any feature, saving development time. The rich framework landscape, including React, Vue.js, and Svelte, provides options for various use cases, while TypeScript enhances code maintainability. If you haven’t contemplated learning JavaScript, perhaps this comprehensive article may change your mind.
Github is a magical source for finding information. Checkout the following list of handy JavaScript goodies.
PocketBase is an open-source, self-hosted backend solution written in Go. It provides a complete backend with database, authentication, file storage, and real-time updates, all in a single executable file. PocketBase is ideal for developers seeking a simple, fast, and customisable backend for their web or mobile apps. Learn how to get started over at FreeCodeCamp.
Mend Renovate automates dependency updates for developers by detecting newer package versions and pushing updates directly into the application code. It offers various deployment options, including self-hosted and cloud, with different features and pricing. Mend Renovate integrates with repositories, creates pull requests for updates, and provides merge confidence workflows. There is an open-source CLI version, a free community version and an enterprise version available for self-hosting, cloud hosting.
Welcome to Hot Web Dev October 2025, featuring the latest technology, web development news and… Read More
Welcome to Hot Web Dev September 2025, featuring the latest technology, web development news and… Read More
Welcome to Hot Web Dev August 2025, featuring the latest technology, web development news and… Read More
Welcome to Hot Web Dev July 2025, featuring the latest technology, web development news and… Read More
Welcome to Hot Web Dev June 2025, featuring the latest technology, web development news and… Read More
If you have been following the monthly Hot Web Dev magazine, you will find at… Read More