惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
宝玉的分享
宝玉的分享
腾讯CDC
博客园_首页
T
Tailwind CSS Blog
月光博客
月光博客
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
M
MIT News - Artificial intelligence
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
V
Visual Studio Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
SecWiki News
SecWiki News
美团技术团队
P
Privacy International News Feed
H
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
D
DataBreaches.Net
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
S
Schneier on Security
G
GRAHAM CLULEY
博客园 - 三生石上(FineUI控件)
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
Forbes - Security
Forbes - Security
D
Docker
T
Tenable Blog
S
Secure Thoughts
雷峰网
雷峰网
S
Security @ Cisco Blogs
T
The Exploit Database - CXSecurity.com
The Cloudflare Blog
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
阮一峰的网络日志
阮一峰的网络日志

Node.js Blog

Node.js — Security Bug Bounty Program Paused Due to Loss of Funding Node.js — Node.js 25.9.0 (Current) Node.js — Developing a minimally HashDoS resistant, yet quickly reversible integer hash for V8 Node.js — Node.js 25.8.2 (Current) Node.js — Node.js 24.14.1 (LTS) Node.js — Node.js 22.22.2 (LTS) Node.js — Node.js 20.20.2 (LTS) Node.js — Tuesday, March 24, 2026 Security Releases Node.js — Node.js 25.8.1 (Current) Node.js — Evolving the Node.js Release Schedule Node.js — Node.js 22.22.1 (LTS) Node.js — Node.js 20.20.1 (LTS) Node.js — Node.js 25.8.0 (Current) Node.js — Node.js 25.7.0 (Current) Node.js — Node.js 24.14.0 (LTS) Node.js — New HackerOne Signal Requirement for Vulnerability Reports Node.js — Node.js 25.6.1 (Current) Node.js — Node.js 24.13.1 (LTS) Node.js — Node.js 25.6.0 (Current) Node.js — OpenSSL Security Advisory Assessment, January 2026 Node.js — Node.js 25.5.0 (Current) Node.js — Chalk to Node.js util styleText Node.js — Node.js 25.4.0 (Current) Node.js — Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users Node.js — Node.js 22.22.0 (LTS) Node.js — Node.js 25.3.0 (Current) Node.js — Node.js 24.13.0 (LTS) Node.js — Node.js 20.20.0 (LTS) Node.js — Tuesday, January 13, 2026 Security Releases Node.js — Node.js 24.12.0 (LTS) Node.js — Node.js 20.19.6 (LTS) Node.js — Node.js 25.2.1 (Current) Node.js — Node.js 24.11.1 (LTS) Node.js — Node.js 25.2.0 (Current) Node.js — Node.js 25.1.0 (Current) Node.js — Node.js 22.21.1 (LTS) Node.js — Node.js 24.11.0 (LTS) Node.js — Node.js v22 to v24 Node.js — Node.js v20 to v22 Node.js — Node.js v14 to v16 Node.js — Node.js v12 to v14 Node.js — Node.js 22.21.0 (LTS) Node.js — Node.js 25.0.0 (Current) Node.js — Node.js 24.10.0 (Current) Node.js — Node.js 24.9.0 (Current) Node.js — Node.js 22.20.0 (LTS) Node.js — Node.js 24.8.0 (Current) Node.js — Node.js 20.19.5 (LTS) Node.js — Node.js 22.19.0 (LTS) Node.js — Node.js 24.7.0 (Current) Node.js — Node.js 24.6.0 (Current) Node.js — Node.js 22.18.0 (LTS) Node.js — Node.js 24.5.0 (Current) Node.js — Node.js 20.19.4 (LTS) Node.js — Node.js 22.17.1 (LTS) Node.js — Node.js 24.4.1 (Current) Node.js — Tuesday, July 15, 2025 Security Releases Node.js — Node.js 24.4.0 (Current) Node.js — Node.js LGBTQIA+ Stories: Emelia Smith Node.js — Open sourced identity Node.js — Node.js 22.17.0 (LTS) Node.js — Node.js 24.3.0 (Current) Node.js — Node.js 20.19.3 (LTS) Node.js — In Memory of Mikeal Rogers: A Builder of Communities Node.js — Node.js 24.2.0 (Current) Node.js — Beware of End-of-Life Node.js Versions - Upgrade or Seek Post-EOL Support Node.js — Trip report: Node.js collaboration summit (2025 Paris) Node.js — Node.js 22.16.0 (LTS) Node.js — Node.js 24.1.0 (Current) Node.js — Node.js 24.0.2 (Current) Node.js — Node.js 23.11.1 (Current) Node.js — Node.js 22.15.1 (LTS) Node.js — Node.js 20.19.2 (LTS) Node.js — Wednesday, May 14, 2025 Security Releases Node.js — Node.js 24.0.1 (Current) Node.js — Node.js 24.0.0 (Current) Node.js — Node.js Test CI Security Incident Node.js — Node.js 22.15.0 (LTS) Node.js — Node.js 20.19.1 (LTS) Node.js — Making Node.js Downloads Reliable Node.js — Node.js 23.11.0 (Current) Node.js — Node.js 23.10.0 (Current) Node.js — Node.js 20.19.0 (LTS) Node.js — Updates on CVE for End-of-Life Versions Node.js — Node.js 23.9.0 (Current) Node.js — Node.js 18.20.7 (LTS) Node.js — Node.js 20.18.3 (LTS) Node.js — Node.js 9.3.0 (Current) Node.js — Data Confidentiality/Integrity Vulnerability, December 2017 Node.js — Node.js 9.2.1 (Current) Node.js — Node.js 8.9.3 (LTS) Node.js — Node.js 4.8.7 (Maintenance) Node.js — Node.js 8.9.2 (LTS) Node.js — Node.js 6.12.1 (LTS) Node.js — Node.js 9.2.0 (Current) Node.js — Node.js 8.9.1 (LTS) Node.js — Node.js 9.1.0 (Current) Node.js — Node.js 0.10.35 (Stable) Node.js — Node.js 0.10.34 (Stable) Node.js — Node.js 0.10.29 (Stable)
Node.js — Node.js Foundation To Oversee Node.js Security Project To Further Improve Stability for Enterprises
2016-11-30 · via Node.js Blog

The Node.js Project

Node.js Security Project to become one of the largest community projects focused on detecting and fixing vulnerabilities for the fast-growing platform

SAN FRANCISCO, Nov. 30, 2016The Node.js Foundation, a community-led and industry-backed consortium to advance the development of the Node.js platform, today announced that the Node.js Security Project will become a part of the Node.js Foundation. Under the Node.js Foundation, the Node.js Security Project will provide a unified process for discovering and disclosing security vulnerabilities found in the Node.js module ecosystem.

Last year Node.js Foundation worked with The Linux Foundation’s Core Infrastructure Initiative to form the Node.js Core Security Group to encourage security best practices. By overseeing datasets of vulnerability disclosures, which will be publicly available and openly licensed, the Foundation is building on this work and expanding its role in fortifying Node.js through strong security governance. It will also allow the Foundation to drive standardization around security data and encourage a broader ecosystem of open source and vendor based tools on top of it.

All security vendors are encouraged to contribute to the common vulnerability repository. Once it is openly licensed, the Foundation expects the repository to grow quickly as other vendors add to it.

With 15 million downloads per month, more than a billion package downloads per week, and growing adoption across numerous industries, Node.js and its module ecosystem underpins some of the most heavily used desktop, web, mobile, cloud and IoT applications in the world. The need for a more open, robust, and standard process for finding and fixing vulnerabilities within the module ecosystem that surrounds Node.js is essential, according to Mikeal Rogers, community manager for Node.js Foundation.

“The Node.js Security Project will become one of the largest projects to build a community around detecting and fixing vulnerabilities,” said Rogers. “Given the maturity of Node.js and how widely used it is in enterprise environments, it makes sense to tackle this endeavor under open governance facilitated by the Node.js Foundation. This allows for more collaboration and communication within the broad community of developers and end users, ensuring the stability and longevity of the large, continually growing Node.js ecosystem.”

A Node.js Security Project Working Group will be established in the next few weeks to begin validating vulnerability disclosures and maintaining the base dataset. Individuals and anyone from the Technical Steering Committee and Core Technical Committee are encouraged to join the working group and provide input on GitHub.

The Node.js Security Project, founded by Adam Baldwin and previously managed by ^Lift Security, an application security company, collects data around vulnerability and security flaws in the Node.js module ecosystem. The Node.js Foundation will take over the following responsibilities from ^Lift:

  • Maintaining an entry point for ecosystem vulnerability disclosure;
  • Maintaining a private communication channel for vulnerabilities to be vetted;
  • Vetting participants in the private security disclosure group;
  • Facilitating ongoing research and testing of security data;
  • Owning and publishing the base dataset of disclosures, and
  • Defining a standard for the data, which tool vendors can build on top of, and security and vendors can add data and value to as well.

“We are very excited about the opportunity to donate this project to the Node.js Foundation” said Adam Baldwin, team lead at ^LiftSecurity and founder of the Node.js Security Project. “The Foundation will be able to funnel contributions from numerous vendors, developers and end users to create an incredibly useful baseline of data sets that will be available to anyone. This ensures broader reach and long-lasting viability of the project to encourage availability of more security tools, which is increasingly in demand among Node.js enterprise developers and users.”

^Lift plans to provide upstream contributions to the project based on any new flaws their team uncovers through working with their customers.

About the Node.js Foundation

Node.js is used by tens of thousands of organizations in more than 200 countries and amasses more than 4.5 million active users per month. It is the runtime of choice for high-performance, low latency applications, powering everything from enterprise applications, robots, API engines, cloud stacks, and mobile websites. The Foundation is made up of a diverse group of companies including Platinum members GoDaddy, IBM, Intel, Joyent, Microsoft, NodeSource, PayPal, and Red Hat. Silver members include Apigee, AppDynamics, Cars.com, Codefresh, DigitalOcean, Dynatrace, Fidelity,Google, Groupon, nearForm, New Relic, npm, Opbeat, RisingStack, Sauce Labs, SAP, StrongLoop (an IBM company), Sphinx, YLD, and Yahoo!. Get involved here: https://nodejs.org.