#node.js Tech News.
3 stories in the last 7 days
The latest node.js news, distilled by AI into sharp ~100-word summaries. ByteBrief tracks node.js across dozens of tech sources and brings you only what matters, updated hourly. Tap any story for the full brief, or open the original source.
Six vulnerabilities named Proto6 were found in protobuf.js, a JavaScript and TypeScript Protocol Buffers implementation. The flaws can lead to remote code execution and denial-of-service attacks in Node.js applications. Cyera researcher Assaf Morag reported that the issues stem from the library treating schema and metadata as trusted by default.
Microsoft is partnering with Joyent to port Node to Windows, targeting the high-performance IOCP API. Rackspace is contributing Bert Belder's time. The result will be official node.exe releases on nodejs.org, supporting Windows Azure and versions back to Server 2003.
The @currentspace/http3 package brings HTTP/3, HTTP/2, and raw QUIC server/client support to Node.js 24+, powered by Rust and quiche. It offers bidirectional streams, datagrams, session resumption, and custom ALPN. The package includes Express compatibility and platform-native I/O via kqueue, io_uring, or poll.
Summaries by ByteBrief