The NodeSource Blog

All Posts

Node.js

anthropic-claude-code-source-leak-bun-bug

Anthropic Accidentally Leaked Claude Code's Entire Source — Here's What Was Inside

In Node.js on Apr 02 2026

Anthropic leaked Claude Code via source maps. A Bun bug, missing .npmignore, and weak release checks exposed 500k+ lines of code.

Why Node.js Upgrades Are Still Hard — And How OpenJS + NodeSource Are Addressing It

In Product on Mar 25 2026

Why Node.js upgrades remain difficult and how OpenJS Foundation and NodeSource help teams reduce risk and modernize production systems.

february-2026-nodejs-releases-security-runtime-updates

February in Node.js: Release Discipline, Security Signal, and Runtime Progression

In Node.js on Feb 26 2026

Explore what happened in Node.js in February 2026, including v24.14.0 LTS, v25.7.0 Current, patch releases, and new security reporting requirements.

inside-nodejs-event-loop-production-blocking

Inside the Node.js Event Loop: What Actually Blocks Your Production System

In Node.js on Feb 24 2026

A deep technical breakdown of the Node.js Event Loop, libuv, thread pool behavior, and the real causes of production latency and blocking.

From CPU Profile to Optimized Code in Minutes: How N|Sentinel Turns Node.js Telemetry into Action

In NodeSource on Feb 18 2026

Learn how N|Sentinel turns Node.js CPU profiles into validated, optimized code in minutes with AI-driven performance remediation.

Is Node.js Single-Threaded… or Not?

In Node.js on Feb 12 2026

Is Node.js single-threaded? Learn how V8, libuv, the event loop, and the thread pool work together inside the Node.js runtime.

opentelemetry-vs-deep-runtime-telemetry-nodejs

OpenTelemetry vs. Deep Runtime Telemetry: Which Is Better for Your Node.js Stack?

on Feb 10 2026

OpenTelemetry gives system-wide observability, but deep runtime telemetry explains what’s happening inside Node.js—why production teams need both at scale

Understanding Node.js’ New Signal Requirement for Security Reports

In Node.js on Feb 05 2026

Node.js introduced a Signal requirement on HackerOne to reduce noise, improve vulnerability report quality, and support security maintainers.

January in Node.js: Releases, Security Updates, and What Actually Matters

In Node.js on Feb 02 2026

A practical recap of what happened in Node.js in January: security updates, release signals, and what matters for teams running Node.js in production.

cve-vs-cvss-explained-security-vulnerabilities

CVE, CVSS, and the Mistake Most Teams Keep Making

In Security on Jan 21 2026

Learn what CVE and CVSS really mean, how they differ, and how to use them correctly to prioritize security vulnerabilities in real-world systems.

Node.js January 2026 Security Release: What Changed and Why It Matters

In Node.js on Jan 14 2026

Learn what changed in the Node.js January 2026 security release, which CVEs affect you, and how to assess impact and upgrade safely in production

From Observability to Pull Request: N|Solid 6.3.1 Brings AI-Driven Performance Fixes to GitHub

In NodeSource on Nov 04 2025

A new release that connects N|Solid’s AI optimization engine directly to GitHub for seamless, secure performance improvements.