N-gated Hacker News3d ago
😱 Oh no! The #creator of #Lodash is tired! 🥱 Who could have guessed maintaining one of the most popular #JavaScript libraries in the world would be exhausting? 🙄 But don't worry, he's on a "personal journey" to find "sustainability."✨ #GroundbreakingNews
https://openjsf.org/blog/burnout-is-real-for-open-source-maintainers #Exhaustion #Sustainability #PersonalJourney #HackerNews #ngated
Burnout Is Real for Open Source Maintainers: A Conversation with John-David Dalton, Creator of Lodash | OpenJS Foundation

Lodash creator John-David Dalton reflects on the project’s growth, the pressures of maintaining software used across the world, and the personal journey that led to stepping back and eventually rebuilding a sustainable path forward.

OpenJS Foundation
Hacker News3d ago

Burnout Is Real in the OSS World, Says John-David Dalton, Creator of Lodash

https://openjsf.org/blog/burnout-is-real-for-open-source-maintainers

#HackerNews #burnout #open-source #Lodash #OSS #community #mentalhealth

Burnout Is Real for Open Source Maintainers: A Conversation with John-David Dalton, Creator of Lodash | OpenJS Foundation

Lodash creator John-David Dalton reflects on the project’s growth, the pressures of maintaining software used across the world, and the personal journey that led to stepping back and eventually rebuilding a sustainable path forward.

OpenJS Foundation
Ulises GasconApr 14

🔖 The latest issue of my #newsletter is live, issue 013.

March recap: 12 CVEs across #undici, #Fastify, #Lodash & #pathtoregexp, a state-actor supply chain attack on #axios, and the #Nodejs security bug bounty paused 🔐

https://blog.ulisesgascon.com/newsletter-issue-13

Newsletter #013: Large Phishing Operations Against Maintainers 🎯

A coordinated phishing campaign is targeting high-impact open source maintainers. Plus: Scorecard v6 evolving into a security evidence engine, 12 CVEs patched across undici, fastify, path-to-regexp and lodash, and a conversation about Node.js in production.

Ulises GasconApr 8

🔐 7 out of 10 of #security reports for #Lodash and #Express are invalid.

The current spike is LLM-generated noise eating volunteers' time that should go to releases, features, and real bugs.

Our tooling wasn't designed for this volume. Every report still needs to be read, cross-referenced, and responded to. We need better tooling and support to sustain this.

Ulises GasconFeb 5

🔖 The latest issue of my #newsletter is live, issue 011.

Secure publishing on #npm in 2026, major #Lodash security overhaul, updated security best practices, fresh #Express release backlog & ecosystem insights from talks, CVEs & community work ✨

https://blog.ulisesgascon.com/newsletter-issue-11

Newsletter #011: Secure Publishing, Lodash Overhaul & Express Releases 🛡️

This month we tackle secure npm publishing, roll out a major security overhaul for Lodash, and continue the Express release train. Plus, updates on Node.js VFS and a new security guide for open source maintainers.

Ulises GasconJan 30

Just shipped a new newsletter to Sponsors! 🎁

Includes the hard truths of #npm security, #Expressjs updates, and the #Lodash overhaul that put my code in space 🚀.

Get early access & support my OSS work here: https://github.com/sponsors/UlisesGascon

Ulises GasconJan 22

🛠️ Análisis en profundidad del parche de #seguridad para CVE-2025-13465 en #Lodash: causa raíz, mecánica de prototype pollution en _.unset/_.omit y detalles del parche.

https://orbitant.com/prototype-pollution-javascript-cve-2025-13465/

Ulises GasconJan 22

🛠️ In-depth breakdown of the #security fix for CVE-2025-13465 in #Lodash: root cause, prototype pollution mechanics in _.unset/_.omit, and details of the patch.

https://orbitant.com/en/prototype-pollution-javascript-cve-2025-13465/

Ulises GasconJan 22

🥹 Proud to have contributed to the #Lodash security overhaul. Strengthening governance, security processes, and infrastructure to keep the project healthy for the community 🛡️

https://openjsf.org/blog/lodash-security-overhaul

Lodash Rolls Out Major Security Overhaul | OpenJS Foundation

With the release of Lodash 4.17.23 and the publication of CVE-2025-13466, the project is making visible progress in strengthening its security posture.

OpenJS Foundation
Ulises GasconJan 14

Big news 🚀! #Lodash is now on Open Collective!

Support the project and be among the first backers or sponsors 🙌

https://opencollective.com/lodash

Lodash - Open Collective

A modern JavaScript utility library delivering modularity, performance & extras.