Malicious JavaScript

How Cloudflare’s client-side security made the npm supply chain attack a non-event

2025年10月24日

A recent npm supply chain attack compromised 18 popular packages. This post explains how Cloudflare’s graph-based machine learning model, which analyzes 3.5 billion scripts daily, was built to detect and block exactly this kind of threat automatically....

How Cloudflare’s client-side security made the npm supply chain attack a non-event

Improving the trustworthiness of Javascript on the Web

2025年10月16日

Security Malicious JavaScript JavaScript Deep Dive Cryptography Research

There's no way to audit a site’s client-side code as it changes, making it hard to trust sites that use cryptography. We preview a specification we co-authored that adds auditability to the web....

Michael Rosenberg
Michael Rosenberg

Safe in the sandbox: security hardening for Cloudflare Workers

2025年09月25日

Cloudflare Workers Birthday Week Attacks Engineering Linux Malicious JavaScript Security Vulnerabilities

We are further hardening Cloudflare Workers with the latest software and hardware features. We use defense-in-depth, including V8 sandboxes and the CPU's memory protection keys to keep your data safe....

The Cloudflare Blog

Malicious JavaScript

How Cloudflare’s client-side security made the npm supply chain attack a non-event

Improving the trustworthiness of Javascript on the Web

Safe in the sandbox: security hardening for Cloudflare Workers

How we train AI to uncover malicious JavaScript intent and make web surfing safer