Node.js

⚠️ Node.js 20 is officially End-of-Life. Staying on an unsupported version introduces significant security risks, but we know migration takes time. Join members of the Node.js Technical Steering Committee Matteo Collina and Marco Ippolito as we discuss how to navigate this transition safely. We’ll cover: ✅ The logic behind the new release cadence leading to Node 27. ✅ How the project is defending against the surge of AI-generated CVE reports. ✅ Support options for those unable to migrate off Node 20 immediately. Don’t leave your production environment to chance. Hear directly from the maintainers. 📅 May 27 | 11:00 AM EST 👉 Register for the live session: bit.ly/4tzcAqE

Node.js v22.22.3 is out 🚀 Changelog 👇 nodejs.org/en/blog/releas…

ICYMI (and we hope you didn't): Node.js 20 went EOL last week. But you have options. Check out our EOL support: nodejs.org/en/about/eol

Node.js 26.1.0 is out, with a new `node:ffi` module, `crypto.randomUUIDv7()`, and many more features and bug fixes. Full changelog and download links: nodejs.org/en/blog/releas…

Node.js v26.0.0 is out 💚 Temporal API enabled by default, V8 14.6, Undici 8, and key deprecations as we keep modernizing the platform. Check it out nodejs.org/en/blog/releas…

Are you currently hiring for a role that includes using Node.js? Reply with a link to the opening and any relevant context. If you're not, we'd appreciate a repost for visibility 💚

The 2026 Node.js London Collaboration Summit trip report is officially live! 🚀 We gathered 50+ contributors to discuss the biggest technical shifts coming to the runtime. Here’s what’s on the horizon: 🗓️ Versioning Change: Starting with v27, Node.js version numbers will align with the calendar year. 🌀 New Streams API: A more efficient, unified way to handle streams using modern async iterators. 💾 Node VFS: A proposal for a native Virtual File System (node:vfs) for better SEAs and testing. ⚖️ AI Governance: Evolving our processes to handle the rise of AI-generated code and security reports. Big thanks to Bloomberg for hosting! 🇬🇧 Check out the full recap and recordings here: nodejs.org/en/blog/events…

Node.js 24.15.0 (LTS) is out now! 💚 nodejs.org/en/blog/releas…

Are you currently hiring for a role that includes using Node.js? Reply with a link to the opening and any relevant context. If you're not, we'd appreciate a repost for visibility 💚

⚠️ Update: The Node.js project's security bug bounty program is being paused. Reporting remains unchanged, and so does our commitment to security. More details here: nodejs.org/en/blog/announ…

Node.js 25.9.0 (Current) is out 💚 nodejs.org/en/blog/releas…

@JoyeeCheung @TechAtBloomberg 👏

This must've been one of the most challenging things I've worked on in a while. Thanks @TechAtBloomberg for sponsoring my work on this, and everyone who helped shipping a fix in time!

The fix has been merged into V8 and can be enabled via `v8_enable_seeded_array_index_hash`. It has been shipped to Node.js v25, v24, v22, and v20 via the March 2026 security release. Upgrade now to to protect your applications from this vulnerability!

With a security release deadline to meet, we interleaved the hash exploration, statistical evaluation, V8 implementation, and performance testing during the development. More details in the blog post.

Can a hash be both HashDoS resistant *and* quickly reversible? That's the puzzle we had to tackle in V8 for the March 2026 Node.js security release. For details, check out our blog post (with the math for the curious!) For a quick overview, 🧵 below nodejs.org/en/blog/vulner…