Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime environment Node.js. Updated versions, announced in mid-December, have now been ...

The update smooths out mixed module workflows.

The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.

Node.js released updates fixing a critical DoS flaw caused by async_hooks stack crashes, tracked as CVE-2025-59466, impacting most production apps.