Ulises Gascón
LightNews LightNews
banner
ulisesgascon.com
Ulises Gascón
@ulisesgascon.com
610 followers 250 following 160 posts
#OpenSource Maintainer (@nodejs.org, @expressjs.bsky.social, Lodash, Yeoman...), #TC39 Delegate and #Maker | He/Him
Posts Replies Media Videos
Pinned
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Nov 11
🌍 Hello, BlueSky! 🤠

I'm Ulises Gascón from Spain! Passionate about #Nodejs, #Express, #JavaScript, and the world of #OpenSource.

I spend my days building, maintaining, and improving tools and libraries for our #devCommunity 🫶

👉 Check out my projects and support my work:
github.com/sponsors/Uli...
Ulises Gascón, smiling widely in a red shirt and headphones, proudly holds up his multi-layered robotic creation. Behind him is a Manhattan map on the wall and shelves filled with tech gadgets and pop culture figures (like 'This is fine' character), reflecting his passion for technology and open-source projects.
ulisesgascon.com
🚨 Moderate-severity security fix in [email protected] just released!

- Patches CVE-2025-13466 — vulnerable to denial of service when url encoding is used

github.com/expressjs/bo...
Release v2.2.1 · expressjs/body-parser
Important: Security Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4) What's Changed ci: add dependabot by @Phillip9587 in #593 ci: use full SHAs for github action versions by @Phillip9587 i...
github.com
November 24, 2025 at 6:44 PM
ulisesgascon.com
✍️ El open source no falla por el código.
Falla por problemas de gobernanza, burnout y trabajo invisible.

He escrito sobre lo que aprendí trabajando en #Expressjs y #Lodash:

blog.ulisesgascon.com/el-open-sour...
El open source no falla por el código
Nos gusta culpar al código cuando el open source se rompe. La realidad es más incómoda: gobernanza, burnout y trabajo invisible son las verdaderas líneas de fractura. Esto es lo que aprendí trabajando...
blog.ulisesgascon.com
November 24, 2025 at 8:24 AM
ulisesgascon.com
✍️ Open source doesn’t fail because of code.
It fails because of governance gaps, burnout, and invisible work.

I wrote down what I learned working on #Expressjs and #Lodash

blog.ulisesgascon.com/open-source-...
Open Source Doesn’t Fail Because of Code!
We like to blame code when open source breaks. The reality is uglier: governance, burnout and invisible work are the real fault lines. This reflects what I learned during our work on Express and Lodas...
blog.ulisesgascon.com
November 24, 2025 at 8:22 AM
ulisesgascon.com
📺 ¿Qué viene después del caos?

Lecciones de revivir #Expressjs y reimaginar #Lodash.

www.youtube.com/watch?v=NHsI...
Del caos a la transformación: los casos de Express y Lodash
YouTube video by Orbitant
www.youtube.com
November 21, 2025 at 3:32 PM
Reposted by Ulises Gascón
jasnell.me
ok so... I'm writing a book. It's called JavaScript In Depth (www.manning.com/books/javasc...) ... the first four chapters are available by Manning.

This has been a difficult project and will continue to be so. The reason is that it isn't a How To book that focuses only on how to use the langauge
JavaScript in Depth - James M. Snell
Explore the inner workings of the world’s most popular programming language and enjoy the power and control that comes only from deep knowledge! In JavaScript in Depth, JavaScript and Node legend Jame...
www.manning.com
November 20, 2025 at 9:37 PM
ulisesgascon.com
📦 Just released [email protected]

🍿 #release details: github.com/jshttp/http-...
Release: 2.0.1 by UlisesGascon · Pull Request #140 · jshttp/http-errors
What's included in the HISTORY.md 2.0.1 / 2025-11-20 ================== * deps: use tilde notation for dependencies * deps: update statuses to 2.0.2 What's Changed Add support for OS...
github.com
November 20, 2025 at 7:15 PM
Reposted by Ulises Gascón
openjsf.org
Before automated workflows, releasing @nodejs.org meant 20 manual steps. Now it’s one command. 👀

@ulisesgascon.com and @rafaelgss.dev share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation.

👉Build Team on GitHub: github.com/nodejs/build
November 20, 2025 at 3:29 PM
Reposted by Ulises Gascón
nativescript.bsky.social
On Cloud 9.0 😶‍🌫️
Release details ⇣
November 19, 2025 at 1:31 AM
ulisesgascon.com
📦 Just released [email protected]

🍿 #release details: github.com/jshttp/mime-...
Release v3.0.2 · jshttp/mime-types
What's Changed fix: use ubuntu-latest as ci runner by @UlisesGascon in #143 [StepSecurity] Apply security best practices by @step-security-bot in #141 fix: mime-score logic for mp4 types by @broof...
github.com
November 20, 2025 at 11:15 AM
ulisesgascon.com
We’ve kicked off a discussion on selecting #Astro as the new foundation for the @expressjs.bsky.social website.

🎖️ The goal: simpler docs, better i18n, easier contributions, and long-term stability.

🔖 If you have thoughts, now’s the time to share: github.com/expressjs/di...
Technical decision: Selecting Astro for the new expressjs.com site · Issue #451 · expressjs/discussions
In today’s meeting, during the discussion about the technology for the website redesign, the following key points were considered: The need for a simple authoring experience, preferably based on Ma...
github.com
November 20, 2025 at 10:50 AM
Reposted by Ulises Gascón
robpalmer.bsky.social
ECMAScript excitement 😉

This week TC39 advanced these proposals 🎉

4️⃣ Intl.Locale Info
4️⃣ Iterator.concat
4️⃣ JSON.parse Source Text
3️⃣ Iterator.zip
2️⃣.7️⃣ Iterator.prototype.join
2️⃣.7️⃣ Promise.allKeyed
2️⃣ Error.captureStackTrace
2️⃣ Import Text
2️⃣ Object.keysLength
1️⃣ Intl Energy Units
1️⃣ Intl Unit Protocol

🧵
~35 TC39 delegates on the stage in front of a sign that says "Bloomberg Welcomes Ecma TC39"
November 20, 2025 at 8:20 AM
ulisesgascon.com
🍕 The slides for my talk “What Comes After Chaos?” are now available

Stories and lessons from reviving #ExpressJS and reimagining #Lodash.

✨ Thanks to #Orbitant for the invitation!

slides.ulisesgascon.com/what-comes-a...
What Comes After Chaos?
Lessons from Reviving Express and Reimagining Lodash
slides.ulisesgascon.com
November 19, 2025 at 6:12 PM
Reposted by Ulises Gascón
jasnell.me
In case you're curious... blog.cloudflare.com/18-november-...
Cloudflare outage on November 18, 2025
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.
blog.cloudflare.com
November 18, 2025 at 11:50 PM
Reposted by Ulises Gascón
openjsf.org
Security incident? Don’t panic. Have a plan. 🤝

@ulisesgascon.com explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot.

Check out the Incident Response Plan here on GitHub: github.com/lodash/lodas...
November 18, 2025 at 9:31 PM
ulisesgascon.com
📦 Just released [email protected]

🍿 #release details: github.com/jshttp/conte...
Release 1.0.1 · jshttp/content-disposition
What's Changed Remove dependency safe-buffer by @Phillip9587 in #53 fix: update package.json engines field to reflect minimum supported node version by @Phillip9587 in #56 tests: Spelling by @jsor...
github.com
November 18, 2025 at 3:59 PM
ulisesgascon.com
📝 An initial version of the @openjsf.org Incident Response Plan has landed!

I plan to keep iterating on it over the next few weeks.

github.com/openjs-found...
Initial version: Foundation Incident Response Plan by UlisesGascon · Pull Request #289 · openjs-foundation/security-collab-space
This is a draft version of the Foundation’s Incident Response Plan. Please feel free to comment per line or add general feedback directly in this PR. The main goal is to kick off the discussion so ...
github.com
November 18, 2025 at 12:54 PM
ulisesgascon.com
🔖 Just wrapped up reorganizing and prioritizing the @expressjs.bsky.social packages release backlog!

The main issue is now updated with where we’re at and what’s coming next. If something looks weird or you think we missed anything, just shout!

github.com/expressjs/di...
Backlog for next releases · Issue #380 · expressjs/discussions
This is the current releases backlog in terms of status and priorities Important notes: The state of the backlog is always reflected in the latest edition of this message. Packages and releases are...
github.com
November 17, 2025 at 3:32 PM
ulisesgascon.com
¿Qué viene después del caos?

Lecciones de revivir #Expressjs y reimaginar #Lodash.

🎙️ Charla (en español) organizada por Orbitant
🗓️ 19 nov, 5 PM CET
🔑 El enlace se enviará el día del evento
🎟️ Gratis → docs.google.com/forms/d/e/1F...
Fondo oscuro con trazos luminosos rojos, amarillos y azules que se entrecruzan, evocando movimiento y caos. En el centro, un recuadro blanco contiene el texto “What comes after Chaos?” y, debajo, otro recuadro más pequeño con “by Ulises Gascón”.
November 17, 2025 at 8:41 AM
Reposted by Ulises Gascón
notwes.bsky.social
After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together.

Here is that guidance 👇
openjsf.org OpenJS Foundation @openjsf.org · 10d
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️

We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:21 PM
Reposted by Ulises Gascón
openjsf.org
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️

We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:02 PM
ulisesgascon.com
@npmjs.bsky.social implementation of Trusted Publishing is promising for #JavaScript, but it’s not ready for critical packages just yet

openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:09 PM
ulisesgascon.com
🚀 @netlify.com deploys for @openssf.org #scorecard are live, and PR previews work great!

Jump in and grab a help-wanted issue: github.com/ossf/scoreca...

We’d love your contributions ❤️‍🔥
ossf/scorecard-webapp
Website and API for OpenSSF Scorecard. Contribute to ossf/scorecard-webapp development by creating an account on GitHub.
github.com
November 14, 2025 at 10:25 AM
Reposted by Ulises Gascón
openjsf.org
Too many @nodejs.org users are running old versions 😬 The team is exploring changes to the release schedule to fix that.

@rafaelgss.dev shares all the details in our latest JavaScript Security Snapshot.

Be a part of the conversation on releases: github.com/nodejs/lts-s...
November 13, 2025 at 5:45 PM
ulisesgascon.com
🎉 @bjohansebas.bsky.social is our new Triage Captain for #ExpressJS! Grateful for your dedication, leadership, and continued impact on the community 👏👏👏

github.com/expressjs/di...
fix(docs): Add @bjohansebas as Triage Team captain by wesleytodd · Pull Request #448 · expressjs/discussions
Nominating @bjohansebas as a captain of the Triage Team. We have seen lots of great contributions from @bjohansebas this year and he is interested in helping run this effort. Thanks for the continu...
github.com
November 12, 2025 at 10:05 AM
ulisesgascon.com
¿Qué viene después del caos?

Lecciones de revivir #Expressjs y reimaginar #Lodash.

🎙️ Charla (en español) organizada por Orbitant
🗓️ 19 nov, 5 PM CET
🔑 El enlace se enviará el día del evento
🎟️ Gratis → docs.google.com/forms/d/e/1F...
Fondo oscuro con trazos luminosos rojos, amarillos y azules que se entrecruzan, evocando movimiento y caos. En el centro, un recuadro blanco contiene el texto “What comes after Chaos?” y, debajo, otro recuadro más pequeño con “by Ulises Gascón”.
November 11, 2025 at 2:24 PM