🚀 Just released [email protected] 📦 🍿 #release details: github.com/onebeyond/sy...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/onebeyond/ra...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/onebeyond/ra...

🔖 The latest issue of my #newsletter is live, issue 011. Secure publishing on #npm in 2026, major #Lodash security overhaul, updated security best practices, fresh #Express release backlog & ecosystem insights from talks, CVEs & community work ✨ blog.ulisesgascon.com/newsletter-i...

We talk constantly about the risks of unmaintained dependencies and supply chain vulnerabilities, but rarely about the complexity of fixing them when the project is as massive as Lodash. This amazing article captures the reality of Open Source sustainability. Thanks @sarahgooding.bsky.social!

"Security work is emotionally expensive and invisible, and sharing it makes it sustainable." - @ulisesgascon.com Many thanks to @jddalton.bsky.social, @jordan.har.band, and @ulisesgascon.com for their insights on maintaining Lodash and all the hard work put into reviving the project. 💚

Just shipped a new newsletter to Sponsors! 🎁 Includes the hard truths of #npm security, #Expressjs updates, and the #Lodash overhaul that put my code in space 🚀. Get early access & support my OSS work here: github.com/sponsors/Uli...

Happy Friday from our fresh collaboration page. 😎 Want to get involved in our collaboration spaces and projects? Check out the page to see what groups to join and what meetings are happening. If you care about JavaScript, you belong here. ✌️ openjsf.org/collaboration

Big year for security at OpenJS 👀 With support from Alpha Omega, we leveled up security across Node.js and the OpenJS ecosystem in 2025. Faster vulnerability response, automated releases, a new OpenJS CNA, stronger disclosure practices, and hands on support for over 10 projects. hubs.la/Q040lXwL0

🎙️ Publicar paquetes de forma segura en 2026 www.youtube.com/watch?v=tBQw...

🛠️ Análisis en profundidad del parche de #seguridad para CVE-2025-13465 en #Lodash: causa raíz, mecánica de prototype pollution en _.unset/_.omit y detalles del parche. orbitant.com/prototype-po...

🛠️ In-depth breakdown of the #security fix for CVE-2025-13465 in #Lodash: root cause, prototype pollution mechanics in _.unset/_.omit, and details of the patch. orbitant.com/en/prototype...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/se...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/se...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/co...

🚀 Just released @onebeyond/[email protected] 📦 🍿 #release details: github.com/onebeyond/li...

🚀 Just released @onebeyond/[email protected] 📦 🍿 #release details: github.com/onebeyond/li...

🥹 Proud to have contributed to the #Lodash security overhaul. Strengthening governance, security processes, and infrastructure to keep the project healthy for the community 🛡️

Lodash v4.17.23 is live and features a whole new look for security 😎🔥 Security fixes, stronger governance, and improved maintenance = safer and more reliable for your projects. Check it out 👇 hubs.la/Q03_NX2J0

🚨 Moderate-severity security fix in [email protected], [email protected] and [email protected] just released! - Patches CVE-2025-13465 — vulnerable to prototype pollution in the _.unset and _.omit functions github.com/lodash/lodas...

Publicar de forma segura en #npm en 2026: qué se rompió, qué cambió y qué funciona de verdad 🎙️ Charla (en español) organizada por Orbitant 🗓️ 21 de Enero, 5:00 PM CET 🔑 El enlace se enviará el día del evento 🎟️ Gratis → docs.google.com/forms/d/e/1F...

New Security Snapshot is live. @ulisesgascon.com walks through how Express handles security reports, from first contact to shipped patch. Clear steps, zero panic, just a solid process that keeps users safe. 👍

Big news 🚀! #Lodash is now on Open Collective! Support the project and be among the first backers or sponsors 🙌 opencollective.com/lodash

ECMAScript excitement 😉 🚨🚨🚨 IT'S ABOUT TIME! 🚨🚨🚨 Congrats to @manishearth.bsky.social on shipping the Temporal API in Chrome 144 stable today 🎉 developer.chrome.com/blog/new-in-... Temporal is the replacement for the Date API.

🎉 The codemods to migrate Express to version 5 are now available on codemod.com! 👉 Run the recipe: npx codemod@latest @expressjs/v5-migration-recipe 👉 More codemods here: codemod.link/express #expressjs #codemods #javascript #nodejs

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/bo...

Oh hi. 👋 We're back with the latest Security Snapshot that covers how to publish to npm safely and with ease. ✨ @rafaelgss.dev breaks down why local publishing with 2FA gives you the safest setup right now.

📮 What Flint Does Differently Flint is an experimental linter. It intentionally revisits many of the core design decisions from other popular web linters. Please enjoy this medium dive how Flint's intentionally deviating from other linters and trying new things. ❤️‍🔥 www.flint.fyi/blog/what-fl...

✨ Want to contribute to @openjsf.org projects but not sure where to start? Simple trick: connect with the community first 🎯 • Join the community Slack • Check the shared calendar for meetings & events www.youtube.com/shorts/4h7P7...

Major update to the CSS Media Queries Analysis Snippet with a Performance Impact Analyzer It calculates the REAL cost of desktop-only CSS on mobile: 📉 Core Web Vitals Impact 💰 Estimated Conversion Lift e.g.: Fixing 30KB of unused CSS 180ms faster load and up to 1.8% conversion boost

How can you ACTUALLY get involved with OpenJS projects?? @ulisesgascon.com gives the download in our latest snapshot. Join Slack, join our community meetings, or watch recordings. Come say hi. 👋

😏 Want to master #JS & #TS this year? This Humble Tech Book Bundle features practical guides — including my book Node.js for Beginners. Plus, your purchase supports charity ♥️ www.humblebundle.com/books/javasc...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/pillarjs/sen...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/se...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/se...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/expressjs/er...

WinterTC's Minimum Common Web API standard is now officially published as ECMA-429, Edition 1 . To many more editions! Thanks @jasnell.me, @andreubotella.com, @akiro.se, @littledan.dev and everyone else that was involved in making this happen. 🎉

🚀 iconv-lite 0.7.1 released 🎉 - Improved type definitions and added missing APIs 🧩 github.com/pillarjs/ico...

This was such a fun recording! 🤣

🔖 My PR updating the #Security Best Practices for Your Project guide is now merged! ✨ New: license-risk checks + SBOMs, threat modeling, incident-response basics, and stronger security roles & culture. opensource.guide/security-bes...

ECMAScript excitement 😉 A highly comprehensive article on what will (and might!) land in ES2026 by @marypcbuk.bsky.social 🎉 Includes coverage on Temporal by Boa creator @jason-williams.co.uk who leads the Rust-based temporal_rs library, as used by Google's V8 engine, amongst others.

Node excitement 😉 Congrats to @hybrist.dev on landing support for Package Imports that start with #/ 🎉 Previously this prefix was special-cased and would error. It's convenient to use it as an internal absolute path to the package root. import foo from "#/src/file.ts"

🔖 The latest issue of my #newsletter is out, issue 010. Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard ✨ blog.ulisesgascon.com/newsletter-i...

🔖 Kode Dot: The ultimate all-in-one device for makers, hackers and geeks. www.kode.diy

For moments like this, I’m so proud to be part of this amazing team ❤️ github.com/expressjs/ex...

🔖 Love how Orbitant shares learnings with the community even under pressure. Great read on handling a critical #CVE as a team: orbitant.com/en/critical-...

Just shipped a new newsletter to my GitHub Sponsors! 🎁 This one includes my latest talk, secure publishing research, #Expressjs and #OSSF #Scorecard updates, and a bunch of ecosystem news. It will be public soon, but you can read it early and support my OSS work here: github.com/sponsors/Uli...

Security incident? Don’t panic. Have a plan. 🤝 A clear incident response plan keeps open source projects steady when things go wrong 😏 www.youtube.com/shorts/mqPlC...

Woah. String.prototype.startsWith() supports two arguments: "my string".startsWith("string", 3) => true I had no idea this was possible. developer.mozilla.org/en-US/docs/W...

🚀 Just released [email protected] 📦 🍿 #release details: github.com/pillarjs/fin...