A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime environment Node.js. Updated versions, announced in mid-December, have now been ...

Node.js is a lean, fast, cross-platform JavaScript runtime environment that is useful for both servers and desktop applications. Scalability, latency, and throughput are key performance indicators for ...

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.

Dahl stated that while software engineers (SWEs) will continue to have important roles, the direct act of writing syntax line ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Even with competition from newer runtimes Deno and Bun, Node.js remains the flagship JavaScript platform on the server. Server-side Node frameworks like Express, build-chain tools like Webpack, and a ...

Node.js has been the delight of San Francisco hackers for the past couple years now, but startups and indie developers aren’t the only ones using JavaScript on the server side. At Node Summit today, ...

Thousands of applications were broken on Tuesday after a programmer unpublished a critical module in npm, a package manager for widely-used JavaScript projects. Countless projects were left in limbo ...

Additional details for RenderATL 2026 and the OpenJS Summit, including programming themes and speaker participation, will be announced in the coming months. For more information about RenderATL, ...