✨ Want to contribute to @openjsf.org projects but not sure where to start? Simple trick: connect with the community first 🎯 • Join the community Slack • Check the shared calendar for meetings & events www.youtube.com/shorts/4h7P7...

Major update to the CSS Media Queries Analysis Snippet with a Performance Impact Analyzer It calculates the REAL cost of desktop-only CSS on mobile: 📉 Core Web Vitals Impact 💰 Estimated Conversion Lift e.g.: Fixing 30KB of unused CSS 180ms faster load and up to 1.8% conversion boost

How can you ACTUALLY get involved with OpenJS projects?? @ulisesgascon.com gives the download in our latest snapshot. Join Slack, join our community meetings, or watch recordings. Come say hi. 👋

😏 Want to master #JS & #TS this year? This Humble Tech Book Bundle features practical guides — including my book Node.js for Beginners. Plus, your purchase supports charity ♥️ www.humblebundle.com/books/javasc...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/pillarjs/sen...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/se...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/se...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/er...

WinterTC's Minimum Common Web API standard is now officially published as ECMA-429, Edition 1 . To many more editions! Thanks @jasnell.me, @andreubotella.com, @akiro.se, @littledan.dev and everyone else that was involved in making this happen. 🎉

🚀 iconv-lite 0.7.1 released 🎉 - Improved type definitions and added missing APIs 🧩 github.com/pillarjs/ico...

This was such a fun recording! 🤣

🔖 My PR updating the #Security Best Practices for Your Project guide is now merged! ✨ New: license-risk checks + SBOMs, threat modeling, incident-response basics, and stronger security roles & culture. opensource.guide/security-bes...

ECMAScript excitement 😉 A highly comprehensive article on what will (and might!) land in ES2026 by @marypcbuk.bsky.social 🎉 Includes coverage on Temporal by Boa creator @jason-williams.co.uk who leads the Rust-based temporal_rs library, as used by Google's V8 engine, amongst others.

Node excitement 😉 Congrats to @hybrist.dev on landing support for Package Imports that start with #/ 🎉 Previously this prefix was special-cased and would error. It's convenient to use it as an internal absolute path to the package root. import foo from "#/src/file.ts"

🔖 The latest issue of my #newsletter is out, issue 010. Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard ✨ blog.ulisesgascon.com/newsletter-i...

🔖 Kode Dot: The ultimate all-in-one device for makers, hackers and geeks. www.kode.diy

For moments like this, I’m so proud to be part of this amazing team ❤️ github.com/expressjs/ex...

🔖 Love how Orbitant shares learnings with the community even under pressure. Great read on handling a critical #CVE as a team: orbitant.com/en/critical-...

Just shipped a new newsletter to my GitHub Sponsors! 🎁 This one includes my latest talk, secure publishing research, #Expressjs and #OSSF #Scorecard updates, and a bunch of ecosystem news. It will be public soon, but you can read it early and support my OSS work here: github.com/sponsors/Uli...

Security incident? Don’t panic. Have a plan. 🤝 A clear incident response plan keeps open source projects steady when things go wrong 😏 www.youtube.com/shorts/mqPlC...

Woah. String.prototype.startsWith() supports two arguments: "my string".startsWith("string", 3) => true I had no idea this was possible. developer.mozilla.org/en-US/docs/W...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/pillarjs/fin...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/pillarjs/fin...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/bo...

🚨 We’ve published our Nov security update, including moderate fix for body-parser. expressjs.com/2025/12/01/s...

📣 New WebPerf Snippet Analyze all @media rules in CSS to identify classes and properties targeting viewports bigger than a specified breakpoint. Results are grouped by inline CSS and external files, with byte size estimates for potential mobile savings. #WebPerfSnippets #WebPerf

🚨 Moderate-severity security fix in [email protected] just released! - Patches CVE-2025-13466 — vulnerable to denial of service when url encoding is used github.com/expressjs/bo...

✍️ El open source no falla por el código. Falla por problemas de gobernanza, burnout y trabajo invisible. He escrito sobre lo que aprendí trabajando en #Expressjs y #Lodash: blog.ulisesgascon.com/el-open-sour...

✍️ Open source doesn’t fail because of code. It fails because of governance gaps, burnout, and invisible work. I wrote down what I learned working on #Expressjs and #Lodash blog.ulisesgascon.com/open-source-...

📺 ¿Qué viene después del caos? Lecciones de revivir #Expressjs y reimaginar #Lodash. www.youtube.com/watch?v=NHsI...

ok so... I'm writing a book. It's called JavaScript In Depth (www.manning.com/books/javasc...) ... the first four chapters are available by Manning. This has been a difficult project and will continue to be so. The reason is that it isn't a How To book that focuses only on how to use the langauge

📦 Just released [email protected] 🍿 #release details: github.com/jshttp/http-...

Before automated workflows, releasing @nodejs.org meant 20 manual steps. Now it’s one command. 👀 @ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation. 👉Build Team on GitHub: github.com/nodejs/build

On Cloud 9.0 😶‍🌫️ Release details ⇣

📦 Just released [email protected] 🍿 #release details: github.com/jshttp/mime-...

We’ve kicked off a discussion on selecting #Astro as the new foundation for the @expressjs.bsky.social website. 🎖️ The goal: simpler docs, better i18n, easier contributions, and long-term stability. 🔖 If you have thoughts, now’s the time to share: github.com/expressjs/di...

ECMAScript excitement 😉 This week TC39 advanced these proposals 🎉 4️⃣ Intl.Locale Info 4️⃣ Iterator.concat 4️⃣ JSON.parse Source Text 3️⃣ Iterator.zip 2️⃣.7️⃣ Iterator.prototype.join 2️⃣.7️⃣ Promise.allKeyed 2️⃣ Error.captureStackTrace 2️⃣ Import Text 2️⃣ Object.keysLength 1️⃣ Intl Energy Units 1️⃣ Intl Unit Protocol 🧵

🍕 The slides for my talk “What Comes After Chaos?” are now available Stories and lessons from reviving #ExpressJS and reimagining #Lodash. ✨ Thanks to #Orbitant for the invitation! slides.ulisesgascon.com/what-comes-a...

In case you're curious... blog.cloudflare.com/18-november-...

Security incident? Don’t panic. Have a plan. 🤝 @ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot. Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...

📦 Just released [email protected] 🍿 #release details: github.com/jshttp/conte...

📝 An initial version of the @openjsf.org Incident Response Plan has landed! I plan to keep iterating on it over the next few weeks. github.com/openjs-found...

🔖 Just wrapped up reorganizing and prioritizing the @expressjs.bsky.social packages release backlog! The main issue is now updated with where we’re at and what’s coming next. If something looks weird or you think we missed anything, just shout! github.com/expressjs/di...

¿Qué viene después del caos? Lecciones de revivir #Expressjs y reimaginar #Lodash. 🎙️ Charla (en español) organizada por Orbitant 🗓️ 19 nov, 5 PM CET 🔑 El enlace se enviará el día del evento 🎟️ Gratis → docs.google.com/forms/d/e/1F...

After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together. Here is that guidance 👇

With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️ We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...

@npmjs.bsky.social implementation of Trusted Publishing is promising for #JavaScript, but it’s not ready for critical packages just yet openjsf.org/blog/publish...

🚀 @netlify.com deploys for @openssf.org #scorecard are live, and PR previews work great! Jump in and grab a help-wanted issue: github.com/ossf/scoreca... We’d love your contributions ❤️‍🔥

Too many @nodejs.org users are running old versions 😬 The team is exploring changes to the release schedule to fix that. @rafaelgss.dev shares all the details in our latest JavaScript Security Snapshot. Be a part of the conversation on releases: github.com/nodejs/lts-s...

🎉 @bjohansebas.bsky.social is our new Triage Captain for #ExpressJS! Grateful for your dedication, leadership, and continued impact on the community 👏👏👏 github.com/expressjs/di...