Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

The Node.js Blog offers developers insights into Node.js runtime, JavaScript ecosystem, and server-side development. Developers can learn about asynchronous programming, event-driven architecture, and building scalable web applications with Node.js, as well as explore updates, releases, and best practices from the Node.js community.

Node.js

Node.js 24.14.1 (LTS), codenamed 'Krypton', is a security release addressing 8 CVEs. High-severity fixes include using null prototype for HTTP headers to prevent prototype pollution (CVE-2026-21710) and wrapping SNICallback in try/catch to prevent TLS crashes (CVE-2026-21637). Medium-severity fixes cover timing-safe comparison in Web Cryptography HMAC/KMAC, HTTP/2 flow control error handling, URL crash fixes, and a V8 array index hash collision. Low-severity fixes add missing permission checks in fs/promises and realpath.native. Dependencies updated include undici (7.24.4) and npm (11.11.0).

Node.js — Node.js 24.14.1 (LTS)