Marco Ippolito
@marcoippolito.dev
Security Engineer @herodevs | Node.js Technical Steering Committee & Release
marcoippolito.dev
marcoippolito.dev
Reposted by Marco Ippolito
We appreciate your patience and understanding as we work to deliver a secure and reliable release.
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
Node.js โ Tuesday, January 13, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
January 13, 2026 at 2:42 PM
We appreciate your patience and understanding as we work to deliver a secure and reliable release.
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
Reposted by Marco Ippolito
Node.s sec release
We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently.
Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.
We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently.
Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.
January 8, 2026 at 8:53 PM
Node.s sec release
We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently.
Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.
We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently.
Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.
Reposted by Marco Ippolito
TIL that modern Node not only supports `--env-file` / `--env-file-if-exists` but also a new method to programmatically load .env files.
It's been marked stable since Node v24 (current LTS), and I'm now on the journey of removing all the `dotenv` dependencies. ๐
www.stefanjudis.com/today-i-lear...
It's been marked stable since Node v24 (current LTS), and I'm now on the journey of removing all the `dotenv` dependencies. ๐
www.stefanjudis.com/today-i-lear...
January 6, 2026 at 3:19 PM
TIL that modern Node not only supports `--env-file` / `--env-file-if-exists` but also a new method to programmatically load .env files.
It's been marked stable since Node v24 (current LTS), and I'm now on the journey of removing all the `dotenv` dependencies. ๐
www.stefanjudis.com/today-i-lear...
It's been marked stable since Node v24 (current LTS), and I'm now on the journey of removing all the `dotenv` dependencies. ๐
www.stefanjudis.com/today-i-lear...
Welcome Frieren ๐
January 5, 2026 at 6:09 PM
Welcome Frieren ๐
Peak italian software
December 29, 2025 at 9:17 AM
Peak italian software
Thank you @awscloud.bsky.social soooo much for sponsoring me on @github.com ๐ what a present ๐
github.com/sponsors/mar...
github.com/sponsors/mar...
Sponsor @marco-ippolito on GitHub Sponsors
Hi I'm Marco and I work on Node.js
github.com
December 19, 2025 at 8:33 AM
Thank you @awscloud.bsky.social soooo much for sponsoring me on @github.com ๐ what a present ๐
github.com/sponsors/mar...
github.com/sponsors/mar...
โ ๏ธ Node.js security release has been postponed โ ๏ธ
We have decided to delay the security release further to January 7th 2026 to ensure the team has enough time to prepare the releases and avoid distruptions during the holiday season.
nodejs.org/en/blog/vuln...
We have decided to delay the security release further to January 7th 2026 to ensure the team has enough time to prepare the releases and avoid distruptions during the holiday season.
nodejs.org/en/blog/vuln...
Node.js โ Wednesday, January 7, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
December 17, 2025 at 5:31 PM
โ ๏ธ Node.js security release has been postponed โ ๏ธ
We have decided to delay the security release further to January 7th 2026 to ensure the team has enough time to prepare the releases and avoid distruptions during the holiday season.
nodejs.org/en/blog/vuln...
We have decided to delay the security release further to January 7th 2026 to ensure the team has enough time to prepare the releases and avoid distruptions during the holiday season.
nodejs.org/en/blog/vuln...
โ ๏ธ The security release has been postponed to the 18th of December. The team is working on a challenging patch.
โ๏ธNode.js Security release pre-alert โ๏ธ
We will release new versions of v20, v22, v24, v25 release lines on or shortly after the 15th of December 2025 in order to address:
* 3 high severity issues.
* 1 low severity issue.
* 1 medium severity issue.
nodejs.org/en/blog/vuln...
We will release new versions of v20, v22, v24, v25 release lines on or shortly after the 15th of December 2025 in order to address:
* 3 high severity issues.
* 1 low severity issue.
* 1 medium severity issue.
nodejs.org/en/blog/vuln...
Node.js โ Monday, December 15, 2025 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
December 15, 2025 at 7:55 PM
โ ๏ธ The security release has been postponed to the 18th of December. The team is working on a challenging patch.
Type stripping is stable in a LTS version ๐ฝ
December 10, 2025 at 7:11 PM
Type stripping is stable in a LTS version ๐ฝ
oh true, I forgot ๐
December 10, 2025 at 5:36 PM
oh true, I forgot ๐
Reposted by Marco Ippolito
Type stripping landed in Node 24 LTS 40 minutes ago! Thanks @marcoippolito.dev!
github.com/nodejs/node/...
github.com/nodejs/node/...
Release 2025-12-10, Version 24.12.0 'Krypton' (LTS), @targos ยท nodejs/node
Notable Changes
[1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778
[ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga...
github.com
December 10, 2025 at 5:33 PM
Type stripping landed in Node 24 LTS 40 minutes ago! Thanks @marcoippolito.dev!
github.com/nodejs/node/...
github.com/nodejs/node/...
โ๏ธNode.js Security release pre-alert โ๏ธ
We will release new versions of v20, v22, v24, v25 release lines on or shortly after the 15th of December 2025 in order to address:
* 3 high severity issues.
* 1 low severity issue.
* 1 medium severity issue.
nodejs.org/en/blog/vuln...
We will release new versions of v20, v22, v24, v25 release lines on or shortly after the 15th of December 2025 in order to address:
* 3 high severity issues.
* 1 low severity issue.
* 1 medium severity issue.
nodejs.org/en/blog/vuln...
Node.js โ Monday, December 15, 2025 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
December 8, 2025 at 5:50 PM
โ๏ธNode.js Security release pre-alert โ๏ธ
We will release new versions of v20, v22, v24, v25 release lines on or shortly after the 15th of December 2025 in order to address:
* 3 high severity issues.
* 1 low severity issue.
* 1 medium severity issue.
nodejs.org/en/blog/vuln...
We will release new versions of v20, v22, v24, v25 release lines on or shortly after the 15th of December 2025 in order to address:
* 3 high severity issues.
* 1 low severity issue.
* 1 medium severity issue.
nodejs.org/en/blog/vuln...
Reposted by Marco Ippolito
Node & TypeScript excitement ๐
Marco tells the story of implementing Type Stripping support in Node. It involves a lot of collaboration across the JS ecosystem.
๐ท First cut took 20 days (fast for Node)
๐ท TS delivered flags to ease adoption
๐ท Marco's reward: a bread machine
Marco tells the story of implementing Type Stripping support in Node. It involves a lot of collaboration across the JS ecosystem.
๐ท First cut took 20 days (fast for Node)
๐ท TS delivered flags to ease adoption
๐ท Marco's reward: a bread machine
Just published a new blog post. Itโs about my experience shipping Node.js native TypeScript support.
Itโs not a technical blog post, it's about my perspective, what it felt like and what I learned along the way.
satanacchio.hashnode.dev/the-summer-i...
Itโs not a technical blog post, it's about my perspective, what it felt like and what I learned along the way.
satanacchio.hashnode.dev/the-summer-i...
satanacchio.hashnode.dev
November 24, 2025 at 9:20 AM
Node & TypeScript excitement ๐
Marco tells the story of implementing Type Stripping support in Node. It involves a lot of collaboration across the JS ecosystem.
๐ท First cut took 20 days (fast for Node)
๐ท TS delivered flags to ease adoption
๐ท Marco's reward: a bread machine
Marco tells the story of implementing Type Stripping support in Node. It involves a lot of collaboration across the JS ecosystem.
๐ท First cut took 20 days (fast for Node)
๐ท TS delivered flags to ease adoption
๐ท Marco's reward: a bread machine
Just published a new blog post. Itโs about my experience shipping Node.js native TypeScript support.
Itโs not a technical blog post, it's about my perspective, what it felt like and what I learned along the way.
satanacchio.hashnode.dev/the-summer-i...
Itโs not a technical blog post, it's about my perspective, what it felt like and what I learned along the way.
satanacchio.hashnode.dev/the-summer-i...
satanacchio.hashnode.dev
November 24, 2025 at 8:14 AM
Just published a new blog post. Itโs about my experience shipping Node.js native TypeScript support.
Itโs not a technical blog post, it's about my perspective, what it felt like and what I learned along the way.
satanacchio.hashnode.dev/the-summer-i...
Itโs not a technical blog post, it's about my perspective, what it felt like and what I learned along the way.
satanacchio.hashnode.dev/the-summer-i...
Reposted by Marco Ippolito
Good first issue in Node.js
github.com/nodejs/node/...
github.com/nodejs/node/...
--experimental-strip-types default value should depend on --without-amaro configure flag ยท Issue #60640 ยท nodejs/node
Version git november 8 2025 Platform All... Subsystem No response What steps will reproduce the bug? Build with --without-amaro flag, several tests will fail (parallel/test-worker-syntax-error is a...
github.com
November 21, 2025 at 6:26 AM
Good first issue in Node.js
github.com/nodejs/node/...
github.com/nodejs/node/...
good first issue
github.com/nodejs/amaro...
github.com/nodejs/amaro...
swc update workflow is broken ยท Issue #329 ยท nodejs/amaro
We have a build failure https://github.com/nodejs/amaro/actions/runs/19414263623/job/55540131804#step:8:1 The swc update workflow is failing
github.com
November 17, 2025 at 7:48 AM
good first issue
github.com/nodejs/amaro...
github.com/nodejs/amaro...
The loader hook is applied before type stripping, you can type strip yourself with module.stripTypeScriptTypes.
About AST, currently there are no apis exposed from swc to do that because no reason to
About AST, currently there are no apis exposed from swc to do that because no reason to
November 16, 2025 at 2:46 PM
The loader hook is applied before type stripping, you can type strip yourself with module.stripTypeScriptTypes.
About AST, currently there are no apis exposed from swc to do that because no reason to
About AST, currently there are no apis exposed from swc to do that because no reason to
Reposted by Marco Ippolito
At JsConf.jp @marcoippolito.dev is telling us about built-in TypeScript support in Node.
Node's type-stripping is performed by SWC and was inspired by ts-blank-space
bloomberg.github.io/ts-blank-spa...
Node's type-stripping is performed by SWC and was inspired by ts-blank-space
bloomberg.github.io/ts-blank-spa...
November 16, 2025 at 6:02 AM
At JsConf.jp @marcoippolito.dev is telling us about built-in TypeScript support in Node.
Node's type-stripping is performed by SWC and was inspired by ts-blank-space
bloomberg.github.io/ts-blank-spa...
Node's type-stripping is performed by SWC and was inspired by ts-blank-space
bloomberg.github.io/ts-blank-spa...
yes and v22 after a while too
November 12, 2025 at 2:51 PM
yes and v22 after a while too