banner
LightNews
ulisesgascon.com
Ulises Gascón
@ulisesgascon.com
580 followers 250 following 110 posts
#OpenSource Maintainer (@nodejs.org, @expressjs.bsky.social...), #TC39 Delegate and #Maker | He/Him
Posts Media Videos Starter Packs
Pinned
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Nov 11
🌍 Hello, BlueSky! 🤠

I'm Ulises Gascón from Spain! Passionate about #Nodejs, #Express, #JavaScript, and the world of #OpenSource.

I spend my days building, maintaining, and improving tools and libraries for our #devCommunity 🫶

👉 Check out my projects and support my work:
github.com/sponsors/Uli...
Ulises Gascón, smiling widely in a red shirt and headphones, proudly holds up his multi-layered robotic creation. Behind him is a Manhattan map on the wall and shelves filled with tech gadgets and pop culture figures (like 'This is fine' character), reflecting his passion for technology and open-source projects.
4 1 15
Reposted by Ulises Gascón
openjsf.org
OpenJS Foundation @openjsf.org · 3d
New Era for React = Stronger JavaScript Ecosystem 💙

React doesn’t live in isolation - It works alongside Node.js, Electron, webpack, and more. A dedicated foundation under the Linux Foundation means more collaboration, security, and sustainability across the ecosystem.

hubs.la/Q03MylxX0
Celebrating the Launch of the React Foundation | OpenJS Foundation
A New Era for React, and a Stronger JavaScript Ecosystem
hubs.la
19 44
Reposted by Ulises Gascón
rginn206.bsky.social
Robin Bender Ginn @rginn206.bsky.social · 3d
So cool to be in the room at React Conf when the new React Foundation was announced 💙 with its new home at the Linux Foundation. At @openjsf.org we’re celebrating this big win for JavaScript communities.
openjsf.org
OpenJS Foundation @openjsf.org · 3d
New Era for React = Stronger JavaScript Ecosystem 💙

React doesn’t live in isolation - It works alongside Node.js, Electron, webpack, and more. A dedicated foundation under the Linux Foundation means more collaboration, security, and sustainability across the ecosystem.

hubs.la/Q03MylxX0
Celebrating the Launch of the React Foundation | OpenJS Foundation
A New Era for React, and a Stronger JavaScript Ecosystem
hubs.la
6 20
Reposted by Ulises Gascón
crutchcorn.dev
Corbin Crutchley @crutchcorn.dev · 3d
React is being fostered going forward with a new foundation!
React Foundation
1 4 22
Reposted by Ulises Gascón
reaper.is
reaper @reaper.is · 10d
After using it for almost a year, I guess I can recommend it to people

usebruno.com
usebruno.com
1 3
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · 11d
🔒 The latest issue of my #newsletter is out, number 008.

It covers the npm Shai Hulud attack and emergency response, GitHub’s Secure Open Source Fund, new Express releases, and the OpenJS AI Collaboration Space...

blog.ulisesgascon.com/newsletter-i...
Newsletter #008: Security wins, npm attacks, and community momentum 🔒
From the npm Shai-Hulud attack and emergency response, to GitHub’s Secure Open Source Fund, new Express releases, and the launch of the OpenJS AI Collaboration Space — this month has been packed with ...
blog.ulisesgascon.com
1 1
Reposted by Ulises Gascón
rwklau.bsky.social
Richard Lau @rwklau.bsky.social · 16d
Just released @nodejs.org 22.20.0.
nodejs.org/en/blog/rele...
Node.js
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
1 7 29
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · 18d
Welcome @rafaelgss.dev to the @openjsf.org #CNA team! 👏 👏 👏

github.com/openjs-found...
Nominate @rafaelgss as CNA Coordinator by UlisesGascon · Pull Request #297 · openjs-foundation/security-collab-space
@RafaelGSS has made outstanding contributions to the open source security ecosystem, particularly through his leadership in the Node.js project and related tooling. He brings deep expertise in vuln...
github.com
1 3 5
Reposted by Ulises Gascón
darcyclarke.me
Darcy Clarke @darcyclarke.me · 24d
ℹ️ Don't know who needs to hear this but npm has had a --before= flag since v6.9.0 (02/2019): github.com/npm/cli/blob/v…

Setting a relative date is easy w/:
$ npm install --before="$(date -v -7d)"
# & only get registry deps that are over a week olddocs.npmjs.com/cli/v11/usin...re
https://github.com/npm/cli/blob/v…
3 10 43
Reposted by Ulises Gascón
notwes.bsky.social
Wes @notwes.bsky.social · 23d
Lots of GREAT progress and discussion on our @expressjs.bsky.social Performance Working Group. Thanks everyone who is participating as I think this is the second most (security comes first) impactful thing we could be working on.

For anyone interested in helping out: github.com/expressjs/pe...
GitHub - expressjs/perf-wg: Performance Working Group
Performance Working Group. Contribute to expressjs/perf-wg development by creating an account on GitHub.
github.com
2 11
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · 23d
Welcome @bjohansebas.bsky.social to the @expressjs.bsky.social Security Triage team! 👏 👏 👏

github.com/expressjs/se...
Nominate @bjohansebas to the Security Triage team by UlisesGascon · Pull Request #105 · expressjs/security-wg
I’d like to nominate @bjohansebas as a Security Triage Team member, based on his contributions across multiple project areas and his recent involvement in CVE-2025-48997. cc: @expressjs/express-tc ...
github.com
2 5
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · 27d
🗞️ Exciting update: #webpack now has an official Threat Model!

It sets clear boundaries, improves #security awareness, and strengthens our #ecosystem for everyone. 💪

github.com/webpack/security-wg/pull/9
doc: add a Threat Model by UlisesGascon · Pull Request #9 · webpack/security-wg
Heavily inspired in Express Threat model: https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md Closes #8
github.com
2
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · 29d
🚩 Keep up to date with @nodejs.org by watching the #Nodejs Security Working Group's last meeting on YouTube!

www.youtube.com/watch?v=2_ex...
2025-09-11 - Security Team meeting
YouTube video by node.js
www.youtube.com
1
Reposted by Ulises Gascón
expressjs.bsky.social
Express @expressjs.bsky.social · Sep 8
The maintainer of one of our dependencies, debug, was the target of a phishing attack resulting in the release of [email protected] with malware.

Supply chain security is all of our responsibilities. Be careful out there, and for today don't update your deps.

socket.dev/blog/npm-aut...
npm Author Qix Compromised via Phishing Email in Major Suppl...
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
socket.dev
1 5 12
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Sep 5
🍿 Exciting news! The @openjsf.org Foundation #AI Collaboration Space holds its first meeting next week.

A community hub where developers, maintainers and policy thinkers explore how #JavaScript connects billions of people to #AI.

github.com/openjs-found...
GitHub - openjs-foundation/ai-collab-space: A community hub exploring how JavaScript powers the future of AI.
A community hub exploring how JavaScript powers the future of AI. - openjs-foundation/ai-collab-space
github.com
1
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Sep 4
🔒 Securing #OpenSource projects is not an easy task.

✨ Here’s a great #initiative helping the #maintainers and community move forward:

👉 openjsf.org/blog/securit...
How OpenJS Hosted Projects Benefit from Security Support | OpenJS Foundation
Providing Hosted Projects with the Tools and Guidance to Manage Security Confidently
openjsf.org
2 3
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Sep 2
🗞️ Exciting news: #webpack now has a Security Working Group!

We’ll:
👉 Define triage & policies
👉 Guide secure plugin development
👉 Improve report processes
👉 Promote best practices
👉 Support #OpenJS & #OpenSSF initiatives

github.com/webpack/secu...
GitHub - webpack/security-wg: Webpack Security Working Group
Webpack Security Working Group. Contribute to webpack/security-wg development by creating an account on GitHub.
github.com
1
Reposted by Ulises Gascón
notwes.bsky.social
Wes @notwes.bsky.social · Aug 19
The @expressjs.bsky.social project has helped transfer over iconv-lite (with the awesome effort of @bjohansebas.bsky.social). Hopefully we can be a good home for this package which adds another 446M monthly downloads to the projects scope.

github.com/pillarjs/ico...
GitHub - pillarjs/iconv-lite: Convert character encodings in pure javascript.
Convert character encodings in pure javascript. Contribute to pillarjs/iconv-lite development by creating an account on GitHub.
github.com
1 2 7
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Aug 19
Say hello to the newest member of the @expressjs.bsky.social family 👋

iconv-lite: Convert character encodings in pure #javascript.

And yes… a new release is baking in the oven 🔥

github.com/pillarjs/ico...
release: 0.7.0 by bjohansebas · Pull Request #334 · pillarjs/iconv-lite
I plan to release this version on Wednesday, 8/20/2025 cc: @wesleytodd @ashtuchkin @UlisesGascon I’ll check if we already agree on moving this package to expressjs/pillarjs :) so I can update the m...
github.com
1 2
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Aug 14
✨ The #OSPO Book is here!✨

github.com/todogroup/os...
Releases · todogroup/ospology
📖 OSPOlogy - The Study of OSPOs. Contribute to todogroup/ospology development by creating an account on GitHub.
github.com
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Aug 13
🚀 One step closer to #jQuery 4!
blog.jquery.com/2025/08/11/j...
jQuery 4.0.0 Release Candidate 1 | Official jQuery Blog
jQuery: The Write Less, Do More, JavaScript Library
blog.jquery.com
Reposted by Ulises Gascón
augustin-mauroy.bsky.social
Augustin Mauroy @augustin-mauroy.bsky.social · Aug 12
Want to see what we've accomplished with the node.js ‘userland-migrations’ initiative? Check out these awesome codemods codemod.link/nodejs-offic...

I hope your depreciation is already supported. If not, go to git.new/userland-mig...
Node.js official codemods
Facilitate automated migrations of userland code.
codemod.link
4 6 12
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Aug 11
✨ Proud to be one of the maintainers of @expressjs.bsky.social in the @github.com Secure Open Source Fund!

Securing the #OpenSource #SupplyChain is a team sport 💚

github.blog/open-source/...
Securing the supply chain at scale: Starting with 71 important open source projects
Learn how the GitHub Secure Open Source Fund helped 71 open source projects significantly improve their security posture.
github.blog
2 14
Reposted by Ulises Gascón
sarahedo.bsky.social
Sarah Drasner @sarahedo.bsky.social · Aug 6
JS Conf US is happening again! This is a big deal, it has not occurred for some time.

I'm thrilled to keynote and speak alongside folks I deeply admire: @devdevcharlie.com @evanyou.me @aysegul.bsky.social, more

My talk is on fundamentals! We'll go deep into plaforms and systems, using my drawings
drawing illustrating the difference between GPU and CPU Information about Sarah as keynote speaker and dates: October 14-16 2025
4 11 85
ulisesgascon.com
Ulises Gascón @ulisesgascon.com · Jul 31
🔒 Security update: Check out the July 2025 Security Releases for Express

Stay safe out there 🫡

expressjs.com/2025/07/31/s...
July 2025 Security Releases
Security releases for Multer and On-headers has been published. We recommend that all users upgrade as soon as possible.
expressjs.com
1
Reposted by Ulises Gascón
tc39.es
TC39 @tc39.es · Jul 30
ECMAScript Excitement 🎉

Today, TC39 advanced these proposals:

2️⃣.7️⃣ Intl Era and Month Code
2️⃣ Import Buffer
1️⃣ Module Global
5 23