Matteo Collina presents an updated talk on Node.js, discussing roles, open-source projects, and dispelling myths. He highlights Node.js vitality, contrasts with legacy technologies like COBOL and jQuery. The talk covers Node.js popularity, software reuse, module growth, and download stats. It addresses risks of not updating Node.js, LTS support phases, version updates, adoption rates, security measures, Node 24 features like ESM support and stable permissions. Collaboration processes, TSC role, governance, and benefits of Platformatic VAT for app development are also discussed.

Welcome to JS Nation. Marco Ippolito discusses NodeJS and TypeScript integration, challenges, and growth. TypeStripping in Node.js removes TypeScript syntax for execution. Efficient TypeStripping in Node 22 skips SourceMaps, aligns with TypeScript versions. Enhanced features in Node 22 support experimental TypeScript features with limitations. Node.js supports TypeScript features with erasable syntax and namespace in Node 23.8. Importing types correctly crucial to avoid errors. Node.js TypeScript integration update includes switching to TypeScript, browser support, and community involvement.

Introducing Node.js security overview, defining vulnerabilities, non-vulnerabilities, and preventive measures. Discussing Node.js API input validation, real vulnerabilities like HTTP server crashes, and the importance of Node.js security in widely used platforms. Discussing the importance of Node.js maintenance, the introduction of experimental permissions in Node.js 20, and the seatbelt philosophy to protect against malicious code. Discussing the importance of maintaining up-to-date Node.js versions and using tools like npx isMyNodeVulnerable for security checks. Discussing the importance of Node.js security releases, funding, and dependency vulnerability assessment for a safer Node.js environment. Using Node.js Dependency Vulnerability Assessment to evaluate and address potential vulnerabilities, ensuring automated security checks and updates for a safer Node.js environment. Automating Node.js security release process, including configuration files for dependencies, extensive testing across various environments, and creating security release issues and blog posts automatically. Support for various environments, extensive testing with over 55 suites and 5,000 unit tests, automation efforts to streamline processes, and the establishment of a maintenance threat model for enhanced security measures. For a single pull request, it takes six hours to run tests, automation efforts in progress, maintenance threat model to address security risks, permission model roadmap, ongoing discussions on security reports, and plans for the Node.js Collaborator Summit. Active community involvement in Node.js security development, four security releases from 2024 to 2026 addressing various vulnerabilities, end-of-life version strategy with Node.js 16 and 18 having high weekly downloads, and the approach to issuing CVEs for end-of-life versions. Node.js project's strategy adjustment for CVEs to include end-of-life versions, importance of Node.js threat model, trust boundaries, and developer responsibilities. Node.js protection against network data, upgrade recommendations for different Node.js versions, and upcoming changes in Node.js release schedule.

Rui Adorno emphasizes the power of dependency graphs in JavaScript projects, highlighting the underutilized graph structure and the importance of understanding metadata. The discussion delves into advanced dependency selector syntax, integrating query language with VLT client for updates and additions, running tests, and updating versions. The exploration of VLT client features includes secure package installs, phased installation processes, and DSS capabilities. Multi-project package filtering is expanded through DSS query language with a host local selector for benefits like script inspection and AI agents.

For over a decade, Node.js documentation relied on legacy tooling, despite being the critical source of truth for @types/node, Bun, Deno, and AI models. In this talk, we unveil the engineering behind @nodejs/doc-kit – the modular successor to Node’s documentation engine. Discover how we parse mas...

Introduction by Ed Silva, a Node.js core collaborator, discussing the significance of AI in 2026. Companies facing challenges in AI implementation, focusing on AI integration and the need for developer skills. Demonstrations of Node.js egg cooking using Hug and Face community and model inference with Hug and Face Transformers. Transformers JS extending NLP to computer vision and audio tasks, utilizing O-N-N-X format for model execution. Tasks and examples available in Transformers.js for NLP and computer vision, emphasizing model differentiation and execution processes. Optimization techniques for model download trade-offs, GPU utilization, and experimentation possibilities with models like Hugging Face.

The talk covers a range of topics including Node.js evolution to a multi-threaded system, scaling with the cluster module, managing PM2 for efficient orchestration, challenges in SSR frameworks, TCP SO reuse port for resource utilization, VAT architecture for smart service routing, zero downtime deployment with shared cache, performance benchmark results, PM2 performance challenges, legality and functionality of TCP SO reuse port, kernel balancing considerations, tool comparison between PM2 and Deno, cache consistency challenges, VAT architecture with worker thread recovery, T-scaling for vertical scaling, and updating Node V6 applications.

Node.js offers significant capabilities for efficient file handling, emphasizing the importance of processing files effectively to avoid crashes and memory issues. Understanding streams, backpressure, and stream concepts like readable, writable, duplex, and transform streams is crucial for efficient file handling. Streams enable working with data in chunks, ensuring stable memory usage and efficient applications. Backpressure in streams optimizes memory usage by processing data incrementally, unlike loading entire files into memory. Utilizing readable streams in processing improves concurrency and avoids blocking the event loop.