The NodeSource Blog

All Posts

anthropic-claude-code-source-leak-bun-bug

Anthropic Accidentally Leaked Claude Code's Entire Source — Here's What Was Inside

In Node.js on Apr 02 2026

Anthropic leaked Claude Code via source maps. A Bun bug, missing .npmignore, and weak release checks exposed 500k+ lines of code.

Why Node.js Upgrades Are Still Hard — And How OpenJS + NodeSource Are Addressing It

In Product on Mar 25 2026

Why Node.js upgrades remain difficult and how OpenJS Foundation and NodeSource help teams reduce risk and modernize production systems.

javascript-evolving-faster-jsconf-spain-insights

JavaScript Is Evolving Faster Than Ever — And JSConf Spain Made It Impossible to Ignore

on Mar 17 2026

Key insights from JSConf Spain on AI in JavaScript, agentic development, edge computing, and the shift beyond frameworks toward system-level thinking.

nodesource-nodejs-migration-three-step-workflow

Scan, Analyze, Execute: NodeSource’s Three-Step Workflow for Stress-Free Node.js Migration

on Mar 09 2026

Learn how NodeSource’s three-step workflow—Scan, Analyze, Execute—helps teams migrate Node.js versions safely and predictably in production environments.

february-2026-nodejs-releases-security-runtime-updates

February in Node.js: Release Discipline, Security Signal, and Runtime Progression

In Node.js on Feb 26 2026

Explore what happened in Node.js in February 2026, including v24.14.0 LTS, v25.7.0 Current, patch releases, and new security reporting requirements.

inside-nodejs-event-loop-production-blocking

Inside the Node.js Event Loop: What Actually Blocks Your Production System

In Node.js on Feb 24 2026

A deep technical breakdown of the Node.js Event Loop, libuv, thread pool behavior, and the real causes of production latency and blocking.

From CPU Profile to Optimized Code in Minutes: How N|Sentinel Turns Node.js Telemetry into Action

In NodeSource on Feb 18 2026

Learn how N|Sentinel turns Node.js CPU profiles into validated, optimized code in minutes with AI-driven performance remediation.

Is Node.js Single-Threaded… or Not?

In Node.js on Feb 12 2026

Is Node.js single-threaded? Learn how V8, libuv, the event loop, and the thread pool work together inside the Node.js runtime.

opentelemetry-vs-deep-runtime-telemetry-nodejs

OpenTelemetry vs. Deep Runtime Telemetry: Which Is Better for Your Node.js Stack?

on Feb 10 2026

OpenTelemetry gives system-wide observability, but deep runtime telemetry explains what’s happening inside Node.js—why production teams need both at scale

Understanding Node.js’ New Signal Requirement for Security Reports

In Node.js on Feb 05 2026

Node.js introduced a Signal requirement on HackerOne to reduce noise, improve vulnerability report quality, and support security maintainers.

January in Node.js: Releases, Security Updates, and What Actually Matters

In Node.js on Feb 02 2026

A practical recap of what happened in Node.js in January: security updates, release signals, and what matters for teams running Node.js in production.

gpg-signature-warnings-debian-13-ubuntu-nodesource

Resolved: GPG Signature Warnings on Debian 13 and Modern Ubuntu

In NodeSource on Jan 22 2026

Learn why GPG signature warnings appear on Debian 13 and modern Ubuntu, how NodeSource fixed them with SHA-512 keys and which Node.js versions are supported