Friday night tip: If you see a "benchmark" result without reproducible code: call it "benchmarketing"

Usually, when writing microbenchmarks, people tend to assert.ok(variable) to prevent the piece of code they are measuring from being optimised by the V8 dead-elimination process But it seems, this also works: // Prevents V8 from optimizing away if (Math.random() < 0)

Did you know Node.js security team created a "Security Best Practices" document in 2023? We probably need to include a few more things, but it's still quite good nodejs.org/en/learn/getti…

New release of bench-node! v0.12.0 💚 github.com/RafaelGSS/benc…

For those interested in how semver-major releases are done in Node.js, I did a live stream releasing Node.js v25.0.0. Check it on my YT channel Rafael Gonzaga

Maybe a --permission-audit might help in the permission model adoption... Let's see github.com/nodejs/node/pu…

I have been using this for quite a while to run most of my benchmarks github.com/Instant-Bench/…

Just opened the meeting minutes from Node.js release cycle discussion at Node.js Collaborator Summit github.com/nodejs/Release…

Busy week working on Node.js security, so no stream today. Security work stays private until patches are out, but I’ve been preparing solid content for the next session. Planning to be back next week. Stay tuned.

Ever wonder why Node.js drops new versions like clockwork? Here’s the scoop. ⏱️ Rafael Gonzaga shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot. Want to be a part of the conversation on releases? Check out this GitHub PR:

People who wonder if Node.js (JS Runtimes in general) is growing in usage need to look at some package downloads over the years. ExpressJS crossed its record with more than 52 million downloads just on October 19! See: npmtrends.com/express

Too many Node.js users are running old versions 😬 The team is exploring changes to the release schedule to fix that. Rafael Gonzaga shares all the details in our latest JavaScript Security Snapshot. Want to be a part of the conversation on releases? Check out this GitHub PR:

October’s security check‑in is here! 🚨 📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps. hubs.la/Q03T5j8j0

npm implementation of Trusted Publishing is promising for #JavaScript, but it’s not ready for critical packages just yet openjsf.org/blog/publishin…

🚨

Live now!

How much we would break if we use Node.js util.styleText to colourize the console.debug/info/warn/error calls? Note that, util.styleText respects NO_COLOR env var.

Before automated workflows, releasing Node.js meant 20 manual steps. Now it’s one command. 👀 Ulises Gascón and Rafael Gonzaga share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation. Check out the Build Team Working Group on