The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
GitHub

rav2040/json-stringify-lite

These functions prioritize performance at the expense of certain features. The serialized JSON output of these functions is identical to that of JSON.stringify() with the following exceptions: ...