A heads up to anyone attending the upcoming JSConf in October and locals to the Maryland state area. We're hosting the Node.js Collab Summit next October 17 and registration is now open for in-person participation: github.com/openjs-found...

Just released @nodejs.org 22.20.0. nodejs.org/en/blog/rele...

🚀 BIG NEWS: We just open-sourced the Intelligent Command Center (ICC) for Node.js! After years of watching teams struggle with Node.js on Kubernetes, we're changing the game. The problem? K8s was built for Java/.NET, not Node.js's async model. The cost? 40% overprovisioning. 🧵

Seeing the recent supply-chain attacks made me prioritize this item from our backlog as I wanted a quick way to know if any of my local projects have been affected. Meet the new vlt client `:host()` Query selector: blog.vlt.sh/blog/host-co... #javascript #nodejs #packages

Early npm and Node.js design decisions resulted in the biggest software ecosystem in existence, for the most used programming language in the world. We shouldn't pretend this is a net bad thing. But yes, it came with tradeoffs. A more competent current steward could have mitigated these tradeoffs.

Alright, let's make it official… I am super-proud to tell you that I have finally published the print version of my book: "Legacy Code: First Aid Kit" 🎉 📕 🥲

ℹ️ Don't know who needs to hear this but npm has had a --before=<date> flag since v6.9.0 (02/2019): github.com/npm/cli/blob/v… Setting a relative date is easy w/: $ npm install --before="$(date -v -7d)" # & only get registry deps that are over a week olddocs.npmjs.com/cli/v11/usin...re

Y'all this is non-stop. 😰 Woke up to another npm supply chain attack this morning. This malware is identical to the one that hit 40+ packages yesterday: cc: @campuscodi.risky.biz

These attacks used to be more rare, but now we're seeing popular packages getting compromised every week. Check your dependencies. cc: @campuscodi.risky.biz

Honestly serious: JUST DON'T UPDATE PACKAGES RIGHT NOW. It is unclear to me yet, but this is looking pretty wide spread. Better be safe than sorry, just go touch some grass.

Node.js v24.8.0 (Current) is out 💥 Details: nodejs.org/en/blog/rele...

🚨 Breaking: npm author Qix compromised. Malicious package versions published in projects that typically see hundreds of millions of downloads each week. Details: socket.dev/blog/npm-aut...

⚡ Point. Click. Discover. 🚀 We're excited to unveil a new Query Builder to @vlt.sh's UI. It's now dead simple to visually navigate complex dependency graph filters without typing a thing. No need to memorize our selector syntax (if you don't want to).

🔥 Just your yearly reminder that the JS ecosystem could be much worse off... stuck in the *first level* of "Dependency Hell" like many other ecosystems with minimal options/diversity... lucky for us, we get to face much hotter problems 😉

Node.js v20.19.5 is out 🎉 Changelog: nodejs.org/en/blog/rele...

🌐 Reminder from the Node.js TSC meeting today: We're having a Collaborator Summit next October 17th! github.com/openjs-found...

🔥 Today we're shipping something special at @platformatic: Next-generation flamegraph visualization for Node.js! We've built a complete profiling ecosystem that makes performance optimization intuitive and actionable. Let me show you what we've cooked up 🧵

Node.js v22.19.0 is out now. ✨ Details: nodejs.org/en/blog/rele...

🚨 If you think you might be effected by the nx compromise please revoke the GitHub CLI Authorized OAuth App: github.com/settings/con... Notably, this is the only way to revoke/rotate the tokens made by/known to that app. The next time you `gh login` you can reauth.

A great example of why provenance is useless without 2fa: github.com/nrwl/nx/issu...

Node.js v24.7.0 is out 💚 Featuring: - Post-Quantum Cryptography in node:crypto - Modern Algorithms in Web Cryptography API - Node.js execution argument support in single executable applications And more details in our blog: nodejs.org/en/blog/rele...

Attackers are now experimenting with weaponizing AI developer tools to accelerate reconnaissance and data theft. By expressing goals in prompts, they skip writing custom code and tap into cross-platform expertise instantly, cutting development time for supply chain attacks.

Looking forward to hanging with the @dmno.bsky.social crew again tomorrow! Come hang as we dig into Varlock with @astro.build! www.youtube.com/watch?v=AG9r...

🚀 New query-powered @vlt.sh commands just dropped! See how to release subsets of your packages with the new version, pack, and publish commands, all backed by the powerful dependency selector syntax.

Node.js v24.6.0 is out💚 Highlights: * Use your system’s trusted certificates with NODE_USE_SYSTEM_CA=1 * crypto: ML-DSA (KeyObject/sign/verify) * http: server.keepAliveTimeoutBuffer * zlib: Zstd dictionary support * fs: Utf8Stream (from SonicBoom) Changelog: nodejs.org/en/blog/rele...

🚀 Dependency Selector Syntax can now be used across @vlt.sh commands like run, exec, and pkg! This enables precise filtering when running scripts, executing commands, or getting package info. You have access to the whole graph! Read more about how it works and some example use cases:

Live right now! I'm chatting with @nodeland.dev and Luca about AsyncContext and @nodejs.org tracing in general. www.youtube.com/live/NieU87M...

I'm going to be speaking at JSConf US in October ⭐️ jsconf2025.sched.com/event/26Ubg

Last week @vercel.com just made it a lot simpler for JS devs to give it a try to our @vlt.sh CLI in their builds: vercel.com/changelog/vl... #javascript #nodejs #packages #vltpkg

🚀 @vercel.com now supports vlt in builds with zero config: vercel.com/changelog/vl... @vlt.sh

🚀 Excited to announce another major addition to the @vlt.sh client: Graph Modifiers! Graph Modifiers enable fine-grain customization of your install using our powerful Dependency Selector Syntax ⚡️ Read more about it here: blog.vlt.sh/blog/introdu... #javascript #nodejs #packages

JS Conf US is happening again! This is a big deal, it has not occurred for some time. I'm thrilled to keynote and speak alongside folks I deeply admire: @devdevcharlie.com @evanyou.me @aysegul.bsky.social, more My talk is on fundamentals! We'll go deep into plaforms and systems, using my drawings

I hear it all the time from developers: "My app has a memory leak!" 🗣️ But often, the real story is: "Its memory consumption reaches a limit we imposed, and we kill it." 🤯 This isn't a crash, it's a choice! I explain this common scenario in my full talk here: www.youtube.com/watch?v=_OnT...

Type stripping is enabled by default 🔥🔥🔥🔥 You can just run `node file.ts` without `--experimental-strip-types` flag. This is a huge milestone

PSA.. the @nodejs.org TSC just had a leadership vote. @nodeland.dev is the new TSC chair. @ruyadorno.com and I will be serving as the Co-Vice Chairs.

Node.js 22.18.0 is out and enables type stripping by default – that’s right, Node.js LTS can now run TypeScript files. Shout out to @marcoippolito.dev for championing that effort! Download links and full changelog available at nodejs.org/en/blog/rele...

Node.js 24.5.0 is out: built-in proxy support for `node:http(s)`, experimental WASM modules, upgraded OpenSSL version and so much more. Full changelog and download links at nodejs.org/en/blog/rele...

Friends in the 6, sorry you have the misfortune to live in Toronto, but there is a Ruy of hope: some great people are looking for a new teammate 😁

🚀 We just shipped catalog support to @vlt.sh! If you go grab the latest version you can now install & manage dependencies with pnpm-like catalog definitions (ex. `vlt i typescript@catalog:dev`). You can read more here: blog.vlt.sh/blog/catalog...

Toronto friends!! 🇨🇦 We’re hiring someone to join us building the backend stack for an awesome open source platform for JavaScript developers! You can read more / apply here: www.vlt.sh/backend-engi... #nodejs #javascript

We're looking for a Senior Backend Engineer to join our team at @vlt.sh based here in Toronto 🇨🇦 at our HQ. If you love JavaScript & open source this may be right up your alley. Please share if you know anyone who would be a great fit. www.linkedin.com/posts/darcyc... #javascript #nodejs #packages

New varlock vite integration is now live. More vite-based framework integrations coming shortly, and works already with qwik! Your env vars deserve a little more magic in their lives 🧙‍♂️✨ varlock.dev/integrations...

fun news! I was laid off from Twilio. going to take this weekend to chill out, and will start looking for roles next week. if you or someone you know is looking for staff/principal level Developer Advocacy, OSPO, dev infra, or similar roles pass them along! reposts from tech folks appreciated <3

learning to program in the late 90s and early 00s, you’d inevitably run across classic works like Goto Considered Harmful and No Silver Bullet, even if you weren’t particularly bookish, and there was tons of discourse about HCI as well, all grounded in decades of research i’m afraid that’s all gone

I'm looking for a speaker for the Aug 13 event of the React Montréal Meetup (IRL) Could be a 40min or a 20min presentation French or English. Any level, as long as it's relevant to React devs 😉 Just ping me! If you have contacts in Montréal, you can help me spread the word 📢 Thank you!

🔥 My friends at DMNO have a new devtool: varlock. It’s a drop-in replacement for dotenv, and adds a bunch of cool stuff like validation and type safety. It stores the secrets themselves in password managers or encrypted vaults. The landing page also has a very cool RPG vibe 😄 varlock.dev

We recently launched varlock.dev. Similar to DMNO but built on top of the .env files you're already using. The early feedback has been really positive. Check it out, ⭐ star us on GitHub and let us know what you think!

Node.js v24.4.0 is out! 💚 What's new? • crypto.hash() supports outputLength (XOF) • fs.mkdtempSync() gets disposable mode • --watch-kill-signal lands • permission.has('addon') is now supported • spawn() propagates permission flags • sqlite adds readBigInts More in: nodejs.org/en/blog/rele...

Counterscale v3.1.0 is out: 🆕 now pick which Cloudflare org to deploy to if your user belongs to multiple orgs (thanks @sergical on GitHub) 🆕 now uses Wrangler v4

Thanks to @mhdawson.bsky.social I was able to get access to the project Youtube account again 💚 Here's the recording of today's meeting if you'd like to catch up with the Node.js Release Working Group: youtu.be/czGUdi6HNMg?... #nodejs