Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

The Node.js Blog offers developers insights into Node.js runtime, JavaScript ecosystem, and server-side development. Developers can learn about asynchronous programming, event-driven architecture, and building scalable web applications with Node.js, as well as explore updates, releases, and best practices from the Node.js community.

Node.js

Node.js 22.22.2 (LTS) is a security release for the 'Jod' LTS line, addressing 7 CVEs. Two high-severity fixes include wrapping SNICallback in try/catch (CVE-2026-21637) and using null prototype for headersDistinct/trailersDistinct to prevent prototype pollution (CVE-2026-21710). Medium-severity fixes cover timing-safe HMAC comparison in Web Cryptography (CVE-2026-21713), HTTP/2 flow control error handling (CVE-2026-21714), and a V8 array index hash collision (CVE-2026-21717). Two low-severity permission model fixes add checks to realpath.native and fs/promises. Dependencies updated include npm 10.9.7 and undici v6.24.1.

Node.js — Node.js 22.22.2 (LTS)