Node.js 26 attiva la Temporal API di default e rimuove vecchie interfacce
Node.js 26 è disponibile dal 5 maggio: la nuova versione major attiva di default la Temporal API per la gestione delle date, aggiorna V8 e Undici e rimuove diverse interfacce ormai obsolete.https://yoota.it/node-js-26-attiva-la-temporal-api-di-default-e-rimuove-vecchie-interfacce/
vm2, la sandbox Node.js ultra-populaire, touchée par une faille critique (CVE-2026-26956). Une sandbox censée isoler du code non fiable… contournée. C'est un peu comme une vitre pare-balles avec une petite fenêtre ouverte.
Le moment idéal pour auditer ce qu'on a mis en production sans trop y penser à l'époque. ☕
#infosec #CVE #nodejs
https://www.it-connect.fr/vm2-la-celebre-sandbox-node-js-affectee-par-une-faille-critique-cve-2026-26956/
📰 A Dozen Critical Sandbox Escape Flaws Found in Popular 'vm2' Node.js Library
📢 CRITICAL: A dozen sandbox escape vulnerabilities found in the popular 'vm2' Node.js library. Flaws (CVSS 9.8) allow for full host takeover. If you use vm2, update to version 3.11.2 immediately! #NodeJS #CyberSecurity #Vulnerability #PatchNow
Homebridge 2.0.0: ora parla anche Matter e dice addio a Node.js 18 e 20
Homebridge 2.0.0 introduce il supporto a Matter e richiede Node.js 22 o 24. Scopri come cambia l’integrazione con Apple Home, Google Home e Alexa e cosa devono fare gli utenti prima di aggiornare.https://yoota.it/homebridge-2-0-0-ora-parla-anche-matter-e-dice-addio-a-node-js-18-e-20/
"There is a new release of node.js. Happy updating and coding."
# 2026-05-07, Version 26.1.0 (Current), @aduh95
Notable Changes Experimental node:ffi module Node.js now includes an experimental node:ffi module for loading dynamic libraries and calling native symbols from JavaScript. The API is gated behind the --experimental-ffi flag and, when the...
Do you use @nodejs on @alpinelinux? While the Node.js project publishes Alpine containers to dockerhub it is currently an "experimental" platform and does not have the same guarantees as other platforms.
We are looking for volunteers to help us bring Alpine to "Tier 2" where it would be built and released through the normal CI process.
If you can help and/or work for a company depending on Node on Alpine/musl then let us know at https://github.com/nodejs/node/issues/62764
#alpine #musl #nodejs #OpenSource
V únoru 2025 vyzval Anthony Fu, autor populárních nástrojů kolem Vue, Nuxtu a Vite, ekosystém k opuštění duálního publikování npm balíčků a přechodu na ESM-only. S odstupem více než roku je jasné, že měl pravdu – a že se ekosystém posunul ještě rychleji, než sám čekal. Node.js dnes umí require() i na ESM moduly, podíl balíčků s podporou ESM přesáhl třetinu a komunita označuje rok 2026 za „rok plné adopce ESM“.
https://zdrojak.cz/clanky/je-cas-prejit-na-esm-only-ekosystem-je-pripraveny/
vm2 Library Vulnerabilities Enable Sandbox Escape and Code Execution
A dozen critical vulnerabilities in the vm2 Node.js library can be exploited by hackers to break free from sandbox restrictions and run malicious code on vulnerable systems. This serious security flaw has been assigned high CVSS scores, emphasizing the urgent need for users to patch their systems.
#Nodejs #Vm2Library #SandboxEscape #CodeExecution #Cve202624118
YOOTA
Bobe'bot on security
CyberNetsecIO
Node.js Release Watcher
Stewart X Addison
Scripter 
mastodon.raddemo.host
Zdroják
Analyst207