Bleeping Computer

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
GitHub

GitHub - nodejs/amaro: Node.js TypeScript wrapper

Amaro is a wrapper around @swc/wasm-typescript, a WebAssembly port of the SWC TypeScript parser. It's used as an internal in Node.js for Type Stripping but can also be used as a standalone package.