MEDALHA DE OURO BRASIIIIIIIIILLLLLLLLL Lucas Pinheiro Braathen becomes the first South American ever to win a medal in any Winter Olympic event!!!!!

🤖 An AI agent created a GitHub account 2 weeks ago. It’s already landed PRs in major #OSS projects and is cold-emailing maintainers to offer its services. Maintainers don’t seem to know it’s an agent and the code is getting merged. We’re in new territory! 🤠 socket.dev/blog/ai-agen...

> writing javascript code > ask Brendan Eich if the array is a vector or a hashmap > he doesn't understand > pull out diagram explaining O(1) vs O(n log n) access time > he laughs and says "it's a good data structure sir" > allocate an array > arr[0] and arr["0"] both resolve to the same bucket

✨ Keep up to date with @nodejs.org by watching the #Nodejs #Release Working Group's last meeting on YouTube! www.youtube.com/watch?v=ulMh...

Node.js patch release day! Full changelog and download links at nodejs.org/en/blog/rele... and nodejs.org/en/blog/rele...

🔥 NEW BANTER: "Scaling Node.js with the Right Signals: ELU" CPU utilization is lying to you. Your auto-scaler adds pods while your actual bottleneck gets worse. Luca and I explain why ELU is the metric you should be watching. 📅 Feb 4th

Evert demoed us how to get some registry stats today 🔥 I think I'll soon start publishing random stats like @seldo.com used to do back in the day for our collective amusement

The @vlt.sh benchmark suite has been updated to include the yarn v6 canaries (still a WIP & improving all the time): benchmarks.vlt.sh

Follow up from @vlt.sh regarding my appearance on the Changelog. A new registry is in the works.

Like everyone else, I had to build something over the end-of-year break. Mine was GitHuman: a tool to review AI-generated code before you commit. It was built entirely by Claude Code. I reviewed every commit from my phone.

That and more in v25.5.0, now out! Full changelog and download links in nodejs.org/en/blog/rele...

New blog post on the journey of the new --build-sea flag and how SEA injection works joyeecheung.github.io/blog/2026/01...

This just landed! Thanks @addaleax.bsky.social and @legendecas.bsky.social for the reviews! It will be out in the next semver-minor release of 25, and likely backportable to older LTS - the new workflow is a compatible improvement to the existing postject-based SEA building workflows from v18.x.

We have increased the barrier to submit reports through HackerOne due to the amount of low-quality submissions we have received recently. Please, see: nodejs.org/en/blog/anno...

Darcy Clarke and Ruy Adorno are longtime npm CLI maintainers and Node.js contributors. They join @joshuakgoldberg.com to discuss vlt, a new package manager and registry designed to improve performance, security, and developer experience. @darcyclarke.me @ruyadorno.com bit.ly/3YNGniF

🎉 Big #NodeJS news this week: v25.4.0 marks require(esm) as stable. After a gradual rollout and ecosystem testing, it’s now safe to depend on across supported releases. Huge thanks to @joyeecheung.bsky.social and the many contributors who made this possible! 🙏 socket.dev/blog/node-js...

Node.js v25.4.0 is out! 💚 • require(esm) now stable and a new CLI flag: --require-module • http setGlobalProxyFromEnv() added • Multiple APIs promoted to stable (heapsnapshot, build snapshot, v8.queryObjects) • Root CAs updated to NSS 3.117 More in: nodejs.org/en/blog/rele...

Bun is fast, until latency matters for Next.js. We benchmarked the same Next.js app across Node.js, Deno, Bun, and Watt (our multi-threaded Node-based runtime) under identical load on AWS EKS. Throughput looked fine across the board. Latency told a very different story. 🧵

Today, we published a security release for @nodejs.org that fixes a critical bug affecting virtually every production Node.js app. If you use React Server Components, Next.js, or ANY APM tool (Datadog, New Relic, OpenTelemetry), your app could be vulnerable to DoS attacks. 👇

We appreciate your patience and understanding as we work to deliver a secure and reliable release. Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address: - 3 high severity issues - 4 medium severity issues - 1 low severity issue nodejs.org/en/blog/vuln...

@lukekarrys.com joins HalfStack Phoenix. A practical story about building for kids, using NFC cards to control music, and turning everyday interactions into something playful and intuitive. 📅 𝐉𝐚𝐧𝐮𝐚𝐫𝐲 𝟑𝟎𝐭𝐡, 𝟐𝟎𝟐𝟔 — 𝐌𝐚𝐣𝐞𝐬𝐭𝐢𝐜 𝐓𝐡𝐞𝐚𝐭𝐞𝐫, 𝐆𝐢𝐥𝐛𝐞𝐫𝐭 🎟️ halfstackconf.com/phoenix #HalfStackphoenix #TechEvents

🚨Our team has decided to postpone the release to Tuesday, January 13th, 2026. This additional time will allow us to properly test all backports and re-run CITGM to ensure the highest quality for our users.

Node.s sec release We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently. Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.

Made some progress in my hobby project 🎄 Moving single executable application building into Node.js core for better UX/DX, currently works on macOS and Linux and open for feedback! (No Windows yet because I don't take another laptop with me on vacation 😅) github.com/nodejs/node/...

Every time I need to step out of the npm ecosystem, I immediately "you live like this?"

To recap, NPM allows 2FA TOTP token reuse within the token’s validity window. I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.” So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week. These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.

Node.js v24.12.0 (LTS) is out 💚 nodejs.org/en/blog/rele...

Working in an enterprise setup with corporate proxies or custom CAs? Node.js has native support for that. No external dependency required, just configure and continue 👍 Details: https://nodejs.org/en/learn/http/enterprise-network-configuration

🧨 “Gaps in design and implementation with the new OIDC Trusted Publisher workflows leave maintainers open to novel and increasingly difficult to detect gaps in their publishing setups. We do not recommend critical projects move to this new workflow..." - @notwes.bsky.social

🔥 NEW BANTER: "The Node.js (R)evolution Started: AWS Just Made It Official" AWS re:Invent just unlocked multi-concurrency for Lambda Node.js. 64 concurrent requests per vCPU. Up to 90% cost reduction at scale. Lambda finally caught up with Node.js 🧵 📅 Dec 10th 🔗 streamyard.com/watch/RMrhyz...

Things we're thankful for? OUR COMMUNITY 🤍 JSConf was a blast, and our friends at HeroDevs captured it ✨ flawlessly ✨

The top licenses published on #npm . Number #2 is interesting because it's not really a well-known one, but it's the default choice when running `npm init`, so it likely represents all the people that just pressed enter without having an opinion. [1/2]

Node.js v20.19.6 is out 🥳 Release notes: nodejs.org/en/blog/rele...

Introducing Phased Package Installations blog.vlt.sh/blog/vlt-build

🚀 Here is @vlt.sh take on running lifecycle scripts on installs, adding another powerful capability to our query language syntax: blog.vlt.sh/blog/vlt-build #javascript #nodejs #packages

Launch Week Day 3: We're announcing beta support for @bun.sh and @vlt.sh package managers in Socket! 🎉 Developers using emerging JavaScript package managers can now rely on Socket for full supply chain security, dependency graph analysis, and accurate SBOMs.

Node.js 25.2.1 is out, an out-of-band release to revert a change on the experimental Web Storage API that ended up being more breaking than anticipated: nodejs.org/en/blog/rele...

Took a bit, but we finally put together the Lego Polaroid. Thanks again @vlt.sh for the raffle!

After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together. Here is that guidance 👇

Type stripping is now stable. Enjoy 🌞

Node.js v24.11.1 LTS is out 💚 Notable changes + updates here: nodejs.org/en/blog/rele...

Ever wonder why @nodejs.org drops new versions like clockwork? Here’s the scoop. ⏱️ @rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.

Okay folks, it's time: I'm hiring! Looking for 5(!) developer relations engineers across the world! Our company is remote-first but this role involves in-person appearances at events so although you don't need to work in a specific office we are focusing our search in specific metro areas:

I knew speaking at @jsconf.bsky.social 2025 would be hard, because so much of what I had to talk about I learned from Mikeal Rogers – and am still learning even now. The goal of the talk was to tell part of that story, a story about how the web isn't finished, yet 💡 all-docs.talks.charlie.dev

I am looking for a full-time job. Being independent in open source for 3.5+ years has been wonderful. I've gotten done most of the high-level goals I wanted to, and miss having people & structure around me. If you know of a role for a staff-level TypeScript+web developer, let me know! 🙂

New @nodejs.org 24.11.0 release. nodejs.org/en/blog/rele... This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.

📺 The recording for the morning sessions of the Node.js Collab Summit 2025 is up on Youtube! Thanks @vlt.sh for sponsoring my participation and sending in the whole crew! #nodejs #javascript youtu.be/ppi87YjU9x0

I’m looking for my next opportunity 👨‍💻, short/long contracts or part/full time. My experience is 15 years across the stack and architecture often focused on open source and next generation developer tooling, libraries, frameworks in the TypeScript space. If your company or project is ...

My JSConf talk is up 📺 it's mostly a recap of new features that landed in the Node.js runtime last year, watch it here: youtu.be/1XFWACCrL5I?... #nodejs #javascript