Richard Lau
@rwklau.bsky.social
Software Engineer at IBM.
Node.js Build Infrastructure, Releaser & Technical Steering Committee.
Node.js Build Infrastructure, Releaser & Technical Steering Committee.
Reposted by Richard Lau
Reposted by Richard Lau
✍️ Open source doesn’t fail because of code.
It fails because of governance gaps, burnout, and invisible work.
I wrote down what I learned working on #Expressjs and #Lodash
blog.ulisesgascon.com/open-source-...
It fails because of governance gaps, burnout, and invisible work.
I wrote down what I learned working on #Expressjs and #Lodash
blog.ulisesgascon.com/open-source-...
Open Source Doesn’t Fail Because of Code!
We like to blame code when open source breaks. The reality is uglier: governance, burnout and invisible work are the real fault lines. This reflects what I learned during our work on Express and Lodas...
blog.ulisesgascon.com
November 24, 2025 at 8:22 AM
✍️ Open source doesn’t fail because of code.
It fails because of governance gaps, burnout, and invisible work.
I wrote down what I learned working on #Expressjs and #Lodash
blog.ulisesgascon.com/open-source-...
It fails because of governance gaps, burnout, and invisible work.
I wrote down what I learned working on #Expressjs and #Lodash
blog.ulisesgascon.com/open-source-...
Reposted by Richard Lau
ok so... I'm writing a book. It's called JavaScript In Depth (www.manning.com/books/javasc...) ... the first four chapters are available by Manning.
This has been a difficult project and will continue to be so. The reason is that it isn't a How To book that focuses only on how to use the langauge
This has been a difficult project and will continue to be so. The reason is that it isn't a How To book that focuses only on how to use the langauge
JavaScript in Depth - James M. Snell
Explore the inner workings of the world’s most popular programming language and enjoy the power and control that comes only from deep knowledge! In JavaScript in Depth, JavaScript and Node legend Jame...
www.manning.com
November 20, 2025 at 9:37 PM
ok so... I'm writing a book. It's called JavaScript In Depth (www.manning.com/books/javasc...) ... the first four chapters are available by Manning.
This has been a difficult project and will continue to be so. The reason is that it isn't a How To book that focuses only on how to use the langauge
This has been a difficult project and will continue to be so. The reason is that it isn't a How To book that focuses only on how to use the langauge
The second paragraph here is slightly misleading. There's no link between moving on from the Raspberry Pis (Build Working Group) to the release automation (Release Working Group) -- they happened independently of each other.
Before automated workflows, releasing @nodejs.org meant 20 manual steps. Now it’s one command. 👀
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.
👉Build Team on GitHub: github.com/nodejs/build
November 20, 2025 at 3:53 PM
The second paragraph here is slightly misleading. There's no link between moving on from the Raspberry Pis (Build Working Group) to the release automation (Release Working Group) -- they happened independently of each other.
Reposted by Richard Lau
The #s390x open source software team at IBM confirms the latest versions of various software packages run well on #Linux on #IBMZ & #LinuxONE 🐧
In October 2025 validation was maintained for two dozen projects, including #ApacheActiveMQ #InfluxDB & #Rails 🎉
More: community.ibm.com/community/us...
In October 2025 validation was maintained for two dozen projects, including #ApacheActiveMQ #InfluxDB & #Rails 🎉
More: community.ibm.com/community/us...
Linux on IBM Z and LinuxONE Open Source Software Report: October 2025
community.ibm.com
November 19, 2025 at 3:34 PM
The #s390x open source software team at IBM confirms the latest versions of various software packages run well on #Linux on #IBMZ & #LinuxONE 🐧
In October 2025 validation was maintained for two dozen projects, including #ApacheActiveMQ #InfluxDB & #Rails 🎉
More: community.ibm.com/community/us...
In October 2025 validation was maintained for two dozen projects, including #ApacheActiveMQ #InfluxDB & #Rails 🎉
More: community.ibm.com/community/us...
Reposted by Richard Lau
In case you're curious... blog.cloudflare.com/18-november-...
Cloudflare outage on November 18, 2025
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.
blog.cloudflare.com
November 18, 2025 at 11:50 PM
In case you're curious... blog.cloudflare.com/18-november-...
Reposted by Richard Lau
I'm on a regular call with teams from Microsoft, Red Hat, Canonical and IBM regarding IBM Z & Power porting work for .NET so each release comes out smoothly.
Last week .NET 10 went live! That's our 5th release with s390x support (4th for ppc64le)
community.ibm.com/community/us...
Last week .NET 10 went live! That's our 5th release with s390x support (4th for ppc64le)
community.ibm.com/community/us...
.NET 10 released for IBM Z and LinuxONE
community.ibm.com
November 18, 2025 at 6:52 PM
I'm on a regular call with teams from Microsoft, Red Hat, Canonical and IBM regarding IBM Z & Power porting work for .NET so each release comes out smoothly.
Last week .NET 10 went live! That's our 5th release with s390x support (4th for ppc64le)
community.ibm.com/community/us...
Last week .NET 10 went live! That's our 5th release with s390x support (4th for ppc64le)
community.ibm.com/community/us...
Reposted by Richard Lau
📝 An initial version of the @openjsf.org Incident Response Plan has landed!
I plan to keep iterating on it over the next few weeks.
github.com/openjs-found...
I plan to keep iterating on it over the next few weeks.
github.com/openjs-found...
Initial version: Foundation Incident Response Plan by UlisesGascon · Pull Request #289 · openjs-foundation/security-collab-space
This is a draft version of the Foundation’s Incident Response Plan.
Please feel free to comment per line or add general feedback directly in this PR.
The main goal is to kick off the discussion so ...
github.com
November 18, 2025 at 12:54 PM
📝 An initial version of the @openjsf.org Incident Response Plan has landed!
I plan to keep iterating on it over the next few weeks.
github.com/openjs-found...
I plan to keep iterating on it over the next few weeks.
github.com/openjs-found...
Reposted by Richard Lau
Node.js 25.2.1 is out, an out-of-band release to revert a change on the experimental Web Storage API that ended up being more breaking than anticipated: nodejs.org/en/blog/rele...
Node.js — Node.js v25.2.1 (Current)
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
November 17, 2025 at 8:30 PM
Node.js 25.2.1 is out, an out-of-band release to revert a change on the experimental Web Storage API that ended up being more breaking than anticipated: nodejs.org/en/blog/rele...
Reposted by Richard Lau
Today I gave a talk at JSConf JP covering the implementation story of recent Node.js module loader changes (compile cache, require(esm) and synchronous loader customization hooks). Very lovely conference!
Slides:
github.com/joyeecheung/...
Slides:
github.com/joyeecheung/...
github.com
November 16, 2025 at 3:17 PM
Today I gave a talk at JSConf JP covering the implementation story of recent Node.js module loader changes (compile cache, require(esm) and synchronous loader customization hooks). Very lovely conference!
Slides:
github.com/joyeecheung/...
Slides:
github.com/joyeecheung/...
Reposted by Richard Lau
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:02 PM
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Reposted by Richard Lau
After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together.
Here is that guidance 👇
Here is that guidance 👇
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:21 PM
After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together.
Here is that guidance 👇
Here is that guidance 👇
While watching the sessions from #IBMZDay (you can still register at community.ibm.com/zsystems/eve... and watch the recordings) I am reminded of just how nice and generally helpful the Z community are (both inside and outside of #IBM).
IBM Z Day 2025
IBM Z Day is a free 1-day enterprise computing virtual conference for anyone and everyone! Hear the latest about IBM Z and LinuxONE, and join over 250 industry expert speakers and global thought leade...
community.ibm.com
November 13, 2025 at 5:02 PM
While watching the sessions from #IBMZDay (you can still register at community.ibm.com/zsystems/eve... and watch the recordings) I am reminded of just how nice and generally helpful the Z community are (both inside and outside of #IBM).
Reposted by Richard Lau
Preparing my talk for JSConf JP and I finally drew my mental venn diagram about how Node.js development works 🤪
November 11, 2025 at 7:20 PM
Preparing my talk for JSConf JP and I finally drew my mental venn diagram about how Node.js development works 🤪
Reposted by Richard Lau
Reposted by Richard Lau
Reposted by Richard Lau
✨ Keep up to date with @nodejs.org by watching the #Nodejs #Security Working Group's last meeting on YouTube!
www.youtube.com/watch?v=a7zV...
www.youtube.com/watch?v=a7zV...
2025-06-11 - Security Team meeting
YouTube video by node.js
www.youtube.com
November 6, 2025 at 3:28 PM
✨ Keep up to date with @nodejs.org by watching the #Nodejs #Security Working Group's last meeting on YouTube!
www.youtube.com/watch?v=a7zV...
www.youtube.com/watch?v=a7zV...
Reposted by Richard Lau
Migrating to new Node.js versions via codemods
@nodejs.org @jakob.jingleheimer.dev @augustin-mauroy.bsky.social
nodejs.org/en/learn/get...
#ECMAScript #JavaScript
@nodejs.org @jakob.jingleheimer.dev @augustin-mauroy.bsky.social
nodejs.org/en/learn/get...
#ECMAScript #JavaScript
Node.js — Userland Migrations
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
November 3, 2025 at 12:41 AM
Migrating to new Node.js versions via codemods
@nodejs.org @jakob.jingleheimer.dev @augustin-mauroy.bsky.social
nodejs.org/en/learn/get...
#ECMAScript #JavaScript
@nodejs.org @jakob.jingleheimer.dev @augustin-mauroy.bsky.social
nodejs.org/en/learn/get...
#ECMAScript #JavaScript
Reposted by Richard Lau
Still running on an old version of Node.js? We’ve got new guides and tools to help you migrate your code smoothly.
Start here: nodejs.org/en/learn/get...
Thank you @augustin-mauroy.bsky.social for the work here 🙏
Start here: nodejs.org/en/learn/get...
Thank you @augustin-mauroy.bsky.social for the work here 🙏
Node.js — Userland Migrations
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
October 30, 2025 at 4:33 PM
Still running on an old version of Node.js? We’ve got new guides and tools to help you migrate your code smoothly.
Start here: nodejs.org/en/learn/get...
Thank you @augustin-mauroy.bsky.social for the work here 🙏
Start here: nodejs.org/en/learn/get...
Thank you @augustin-mauroy.bsky.social for the work here 🙏
Reposted by Richard Lau
If you have a codebase that uses an older version of Node.js, we have started to put together articles and tools to help you migrate your code.
nodejs.org/en/learn/get...
nodejs.org/en/blog/migr...
nodejs.org/en/learn/get...
nodejs.org/en/blog/migr...
Node.js — Userland Migrations
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
October 29, 2025 at 8:56 PM
If you have a codebase that uses an older version of Node.js, we have started to put together articles and tools to help you migrate your code.
nodejs.org/en/learn/get...
nodejs.org/en/blog/migr...
nodejs.org/en/learn/get...
nodejs.org/en/blog/migr...
Reposted by Richard Lau
Done
@rafaelgss.dev any chance y'all could update the v8docs.nodesource.com to include 25.x? Pretty please :-)
v8docs
v8docs.nodesource.com
October 30, 2025 at 1:42 PM
Done
Reposted by Richard Lau
Uploaded a demo on how to use nodejs/devcontainer!
- Testing a mounted dev branch on a different OS
- No need to build V8 from scratch on a fresh checkout (usually)
- Testing third-party code with the dev branch in a container
www.youtube.com/watch?v=3Nwa...
PR: github.com/nodejs/node/...
- Testing a mounted dev branch on a different OS
- No need to build V8 from scratch on a fresh checkout (usually)
- Testing third-party code with the dev branch in a container
www.youtube.com/watch?v=3Nwa...
PR: github.com/nodejs/node/...
Demo of nodejs/devcontainer
YouTube video by Qiuyi Zhang (Joyee)
www.youtube.com
October 28, 2025 at 11:15 PM
Uploaded a demo on how to use nodejs/devcontainer!
- Testing a mounted dev branch on a different OS
- No need to build V8 from scratch on a fresh checkout (usually)
- Testing third-party code with the dev branch in a container
www.youtube.com/watch?v=3Nwa...
PR: github.com/nodejs/node/...
- Testing a mounted dev branch on a different OS
- No need to build V8 from scratch on a fresh checkout (usually)
- Testing third-party code with the dev branch in a container
www.youtube.com/watch?v=3Nwa...
PR: github.com/nodejs/node/...
New @nodejs.org 24.11.0 release.
nodejs.org/en/blog/rele...
This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.
nodejs.org/en/blog/rele...
This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.
Node.js — Node.js v24.11.0 (LTS)
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
October 28, 2025 at 5:57 PM
New @nodejs.org 24.11.0 release.
nodejs.org/en/blog/rele...
This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.
nodejs.org/en/blog/rele...
This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.
Reposted by Richard Lau
📺 The recording for the morning sessions of the Node.js Collab Summit 2025 is up on Youtube!
Thanks @vlt.sh for sponsoring my participation and sending in the whole crew!
#nodejs #javascript youtu.be/ppi87YjU9x0
Thanks @vlt.sh for sponsoring my participation and sending in the whole crew!
#nodejs #javascript youtu.be/ppi87YjU9x0
2025-10-17 Node.js Collaboration Summit Chesapeake 2025, Morning
YouTube video by node.js
youtu.be
October 28, 2025 at 4:17 PM
📺 The recording for the morning sessions of the Node.js Collab Summit 2025 is up on Youtube!
Thanks @vlt.sh for sponsoring my participation and sending in the whole crew!
#nodejs #javascript youtu.be/ppi87YjU9x0
Thanks @vlt.sh for sponsoring my participation and sending in the whole crew!
#nodejs #javascript youtu.be/ppi87YjU9x0
Reposted by Richard Lau
My JSConf talk is up 📺 it's mostly a recap of new features that landed in the Node.js runtime last year, watch it here: youtu.be/1XFWACCrL5I?... #nodejs #javascript
Node.js - What’s New and What’s Next - Ruy Adorno, vlt.sh
YouTube video by OpenJS Foundation
youtu.be
October 27, 2025 at 7:00 PM
My JSConf talk is up 📺 it's mostly a recap of new features that landed in the Node.js runtime last year, watch it here: youtu.be/1XFWACCrL5I?... #nodejs #javascript