Made some progress in my hobby project 🎄 Moving single executable application building into Node.js core for better UX/DX, currently works on macOS and Linux and open for feedback! (No Windows yet because I don't take another laptop with me on vacation 😅) github.com/nodejs/node/...

Every time I need to step out of the npm ecosystem, I immediately "you live like this?"

To recap, NPM allows 2FA TOTP token reuse within the token’s validity window. I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.” So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week. These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.

Node.js v24.12.0 (LTS) is out 💚 nodejs.org/en/blog/rele...

Working in an enterprise setup with corporate proxies or custom CAs? Node.js has native support for that. No external dependency required, just configure and continue 👍 Details: https://nodejs.org/en/learn/http/enterprise-network-configuration

🧨 “Gaps in design and implementation with the new OIDC Trusted Publisher workflows leave maintainers open to novel and increasingly difficult to detect gaps in their publishing setups. We do not recommend critical projects move to this new workflow..." - @notwes.bsky.social

🔥 NEW BANTER: "The Node.js (R)evolution Started: AWS Just Made It Official" AWS re:Invent just unlocked multi-concurrency for Lambda Node.js. 64 concurrent requests per vCPU. Up to 90% cost reduction at scale. Lambda finally caught up with Node.js 🧵 📅 Dec 10th 🔗 streamyard.com/watch/RMrhyz...

Things we're thankful for? OUR COMMUNITY 🤍 JSConf was a blast, and our friends at HeroDevs captured it ✨ flawlessly ✨

The top licenses published on #npm . Number #2 is interesting because it's not really a well-known one, but it's the default choice when running `npm init`, so it likely represents all the people that just pressed enter without having an opinion. [1/2]

Node.js v20.19.6 is out 🥳 Release notes: nodejs.org/en/blog/rele...

Introducing Phased Package Installations blog.vlt.sh/blog/vlt-build

🚀 Here is @vlt.sh take on running lifecycle scripts on installs, adding another powerful capability to our query language syntax: blog.vlt.sh/blog/vlt-build #javascript #nodejs #packages

Launch Week Day 3: We're announcing beta support for @bun.sh and @vlt.sh package managers in Socket! 🎉 Developers using emerging JavaScript package managers can now rely on Socket for full supply chain security, dependency graph analysis, and accurate SBOMs.

Node.js 25.2.1 is out, an out-of-band release to revert a change on the experimental Web Storage API that ended up being more breaking than anticipated: nodejs.org/en/blog/rele...

Took a bit, but we finally put together the Lego Polaroid. Thanks again @vlt.sh for the raffle!

After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together. Here is that guidance 👇

Type stripping is now stable. Enjoy 🌞

Node.js v24.11.1 LTS is out 💚 Notable changes + updates here: nodejs.org/en/blog/rele...

Ever wonder why @nodejs.org drops new versions like clockwork? Here’s the scoop. ⏱️ @rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.

Okay folks, it's time: I'm hiring! Looking for 5(!) developer relations engineers across the world! Our company is remote-first but this role involves in-person appearances at events so although you don't need to work in a specific office we are focusing our search in specific metro areas:

I knew speaking at @jsconf.bsky.social 2025 would be hard, because so much of what I had to talk about I learned from Mikeal Rogers – and am still learning even now. The goal of the talk was to tell part of that story, a story about how the web isn't finished, yet 💡 all-docs.talks.charlie.dev

I am looking for a full-time job. Being independent in open source for 3.5+ years has been wonderful. I've gotten done most of the high-level goals I wanted to, and miss having people & structure around me. If you know of a role for a staff-level TypeScript+web developer, let me know! 🙂

New @nodejs.org 24.11.0 release. nodejs.org/en/blog/rele... This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.

📺 The recording for the morning sessions of the Node.js Collab Summit 2025 is up on Youtube! Thanks @vlt.sh for sponsoring my participation and sending in the whole crew! #nodejs #javascript youtu.be/ppi87YjU9x0

I’m looking for my next opportunity 👨‍💻, short/long contracts or part/full time. My experience is 15 years across the stack and architecture often focused on open source and next generation developer tooling, libraries, frameworks in the TypeScript space. If your company or project is ...

My JSConf talk is up 📺 it's mostly a recap of new features that landed in the Node.js runtime last year, watch it here: youtu.be/1XFWACCrL5I?... #nodejs #javascript

Missed #JSConf 2025? No worries, we’ve got you. 🎬 All the talks are now on YouTube. Watch them here: hubs.la/Q03PNmCK0

🚀 Noop Functions vs Optional Chaining: A Performance Deep Dive I ran benchmarks comparing `noop()` vs `obj?.fn?.()` and the results surprised me. Spoiler: Noop functions are 5.5x to 8.8x faster. Here's what you need to know 🧵

If you think npm's architecture is good, go watch @darcyclarke.me's talk. The dependency graph is complex and @vlt.sh is reinventing it in a smart and unique way. www.youtube.com/watch?v=o8nG...

Seriously, @npmjs.bsky.social, delay this. Timelines and messaging, at a minimum, are insufficient.

Built-in HTTP proxies are now on v22 😇 (Going to update the version mentions in a WIP guide on using Node.js in enterprise network environments)

🚀 New blog post: "From curl Commands to Type-Safe API Clients" Ever copied curl commands from DevTools to reverse-engineer an API? What if you could turn those into production-ready, type-safe HTTP clients automatically? Here's how 👇

Fantastic talk by @joyeecheung.bsky.social, a must watch to package authors that want to stay up-to-date on how to ship packages in this post require(esm) era: youtu.be/I0jvOJW7NaI #nodejs

Node.js v22.21.0 is out 🙌 Check out the notable changes here: nodejs.org/en/blog/rele...

Huge thanks to the @vlt.sh team for building something new and refreshing in the world of package managers and taunting me with LEGO to try it out. Join me and check them out: www.vlt.sh

Starting the day at the Node.js Collab Summit #nodejs #javascript

Here are the slides for my Node.js year in review talk: speakerdeck.com/ruyadorno/no... #nodejs #javascript #JSConf

I’m beyond thrilled to be the recipient of this year’s #JavaScriptLandia “Outstanding Contribution from a New Arrival” award! This award is truly a testament to the fact that anyone, with faith and effort, can make a meaningful impact in #OpenSource. Thank you, @openjsf.org

Node.js 25 is here! We have upgraded V8 to 14.1, bringing major JSON.stringify performance improvements and JIT pipeline optimizations. This release introduces the permission model --allow-net, Web Storage is enabled by default, and more! nodejs.org/en/blog/rele...

⚡️ All set up for #JSConf ! Stop by to talk with the @vlt.sh team if you’re around!

Node.js v24.10.0 is out. * Per-stream inspectOptions support in console * Removal of util.getCallSite (in favour of util.getCallSites) * Upgraded OpenSSL to 3.5.4 and npm to 11.6.1 * Various src and benchmark optimizations https://nodejs.org/en/blog/release/v24.10.0

👋🏻 If you're at @jsconf.bsky.social NA this week, come say hi to our team @vlt.sh ⚡📦 @ruyadorno.com, @lukekarrys.com & our Design Engineer (Jason Korol) will be there for both the conf & Node.js Collab Summit 🚀🐢

Do anyone knows if there's a JS conference happening in Mexico City around spring time next year? 🤔

🚀 BIG NEWS: We just shipped @platformatic/python - run Python ASGI apps INSIDE your Node.js process! This changes everything for AI/ML + Node.js apps 🧵 youtu.be/8eAAP9IF4xA

So cool to be in the room at React Conf when the new React Foundation was announced 💙 with its new home at the Linux Foundation. At @openjsf.org we’re celebrating this big win for JavaScript communities.

Igalia's @joyeecheung.bsky.social will be speaking about "Shipping Node.js packages in 2025,” focused on migrating dual/faux/CJS packages to ESM-only at Nordic.js on Friday, 3rd October at 10:30 CEST nordicjs.com/2025/speaker... Come say hi!

I've come to accept AI will write the majority of code. So earlier this year I started exploring other ways AI could help developers. That turned into this company, Modem. We're building an agent that does PM triage work for you and delivers product context to your IDE. More here: modem.dev 🙏

Just tested and it works with varlock.dev!

Weekend project fixing up this playhouse on the back alley for the neighborhood kids