Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

The Node.js Blog offers developers insights into Node.js runtime, JavaScript ecosystem, and server-side development. Developers can learn about asynchronous programming, event-driven architecture, and building scalable web applications with Node.js, as well as explore updates, releases, and best practices from the Node.js community.

Node.js

Node.js 20.20.2 (Iron LTS) is a security release addressing seven CVEs. Fixes include: timing-safe comparison in Web Cryptography HMAC and KMAC (CVE-2026-21713), array index hash collision fix (CVE-2026-21717), null prototype for HTTP headers to prevent prototype pollution (CVE-2026-21710), missing permission checks on fs/promises and realpath.native (CVE-2026-21716, CVE-2026-21715), HTTP/2 flow control error handling (CVE-2026-21714), and wrapping SNICallback in try/catch for TLS (CVE-2026-21637). Undici was also updated to v6.24.1.

Node.js — Node.js 20.20.2 (LTS)