nodejs
Browse all articles, tutorials, and guides about nodejs
Posts
npm v12 Will Stop Running Install Scripts. We Audited Our Repos to See What Actually Breaks
Starting with npm v12 (estimated July 2026), dependency install scripts will not run unless you allowlist them. We ran the new audit tooling on our own production repos: 65 packages flagged, 4 that matter, and a surprising amount of nothing breaking.
node-postgres Silently Ignores Your TLS Config When the URL Says sslmode
If your connection string contains sslmode=require, the pg library throws away the ssl options object where you loaded your CA certificate, and verification fails with "self-signed certificate in certificate chain". Here is the trap, the fix, and the v9 changes coming.
CVE-2025-55182 React2Shell: 766 Next.js Hosts Breached in 24 Hours
A CVSS 10.0 RCE in React Server Components let attackers breach 766 Next.js hosts in a single day, stealing database credentials, SSH keys, and cloud secrets. Here is how it works, who is affected, and what to do right now.
The Axios Supply Chain Attack: What DevOps Teams Need to Know
A compromised npm maintainer account led to malicious axios versions deploying a RAT across macOS, Windows, and Linux. Here is what happened, how to check if you are affected, and how to prevent this in your pipeline.