From Node.js Blog ยท 10 stories
New integer hash developed for V8 to counter HashDoS attacks
A new integer hash has been developed for V8 to address CVE-2026-21717, enhancing resistance to HashDoS by making it hard for attackers to exploit hash collisions. This hash allows for quick reversibility while maintaining the performance necessary for applications using V8.
Node.js 22.23.1 LTS Release Includes Bug Fix
Node.js 22.23.1, now an LTS version, addresses a bug from the previous 22.23.0 security update. The fix aims to resolve unexpected behaviors affecting users post-update, ensuring stability in the LTS release cycle.
Node.js Releases Multiple LTS and Current Versions with Security Updates
Node.js released versions 20.20.2, 22.22.2, 24.14.1, 25.8.2, 22.23.0, 24.17.0, and 26.3.1, focusing on improving security. Fixes cover vulnerabilities in cryptographic functions, permissions, and TLS handling.
Node.js Releases Security Updates Addressing Multiple Vulnerabilities
Node.js has issued security updates for versions 20.x, 22.x, 24.x, 25.x, and 26.x to address various vulnerabilities that could lead to process crashes and security issues. The updates resolve problems in TLS error handling, HTTP request processing, WebCrypto implementation, and proxy credential exposure. These vulnerabilities, if exploited, could impact application stability and security.
Codemod Transforms Axios Code to WHATWG Fetch API
A new codemod is available to convert Axios code to the WHATWG Fetch API, which is natively supported in Node.js starting from version 18. This migration can lead to improved performance, better standards compliance, and reduced security risks by eliminating third-party dependencies.
Node.js 26.0.0 Released with Key Features and Deprecations
Node.js 26.0.0 has been released with the Temporal API enabled by default, V8 updated to 14.6, and Undici to 8.0. The release includes several deprecations and removals aimed at modernizing the platform, set to enter long-term support in October.
Node.js Collaboration Summit 2026 Discusses Release Schedule and API Changes
The 2026 Node.js Collaboration Summit reviewed the new release schedule starting with Node.js v27, aligning version numbers with the calendar year. A new Streams API was also proposed to unify stream handling between Node.js and the Web.
Node.js Security Bug Bounty Program Paused Due to Funding Issues
The Node.js project's security bug bounty program has been paused following the discontinuation of external funding from the Internet Bug Bounty initiative. This affects monetary rewards for security vulnerability reports, though Node.js will still accept and triage reports.
Node.js 25.9.0 Released with Key Updates and Enhancements
Node.js has released version 25.9.0, consolidating MockModuleOptions for better user alignment. This version introduces several SEMVER-MINOR changes including new cryptography algorithms and performance improvements in Buffer operations.
Node.js Releases Version 26.4.0 Among Multiple Modest Enhancements
Node.js has released version 26.4.0, with improvements across file handling, networking, and cryptography. Key updates include support for caller-supplied buffers in the fs module and new options for TCP and TLS settings. These updates are part of a series of enhancements aimed at improving function and performance for developers.