Profile avatar
ulisesgascon.com
#OpenSource Maintainer (@nodejs.org, @expressjs.bsky.social...), #TC39 Delegate and #Maker | He/Him
74 posts 558 followers 237 following
Prolific Poster
Posts 44 Comments 6

πŸš‚πŸ’¨ The @expressjs.bsky.social train is rolling this summer with 30+ libraries getting updates! From cors to morgan, cookie, multer, compress and more. it's the perfect time to get involved. Help us triage and shape the future: github.com/expressjs/di...

submitted 23 hours ago β€’ 0 comments

🚨 Heads up: [email protected] is now deprecated. A bunch of vulns were patched in 2.x β€” if you're still on 1.x, it's time to move. npm i multer@latest Stay safe out there 🫑 expressjs.com/2025/05/19/s...

submitted 2 days ago β€’ 0 comments

Today marks the 10-year anniversary of my first contribution to the Node.js source code. (It was adding something very small to the documentation. A journey of a thousand miles begins with a single step and all that.) github.com/nodejs/node/...

submitted 3 days ago β€’ 2 comments

🚨 We’ve published our May security update, including critical fixes for Multer. expressjs.com/2025/05/19/s...

submitted 4 days ago β€’ 0 comments

πŸ” [email protected] is out with critical security fixes: β€’ CVE-2025-47935 – DoS via memory leak from unclosed streams β€’ CVE-2025-47944 – DoS via crash from malformed multipart requests β€’ Dropped support for Node <10.16.0 Upgrade now β†’ github.com/expressjs/mu...

submitted 4 days ago β€’ 0 comments

πŸ” Is it a vulnerability, or just a misunderstood feature? At #NodeCongress2025, I broke it down in my talk: "What is a Vulnerability and What’s Not" Topics: πŸ‘‰ Real vs. imagined risks in @nodejs.org and @expressjs.bsky.social πŸ‘‰ Why #threatModels matter πŸŽ₯ Watch: gitnation.com/contents/wha...

submitted 5 days ago β€’ 0 comments

We’re modernizing @expressjs.bsky.social by deprecating legacy packages that no longer fit the framework’s direction: πŸ”₯ csurf πŸ”₯ connect-multiparty πŸ”₯ path-match Why? Less tech debt, better security, smoother future. expressjs.com/2025/05/16/e...

submitted 8 days ago β€’ 0 comments

We’ve cleaned up @expressjs.bsky.social ! 🧹 Deprecated some legacy packages: πŸ”₯ csurf πŸ”₯ connect-multiparty πŸ”₯ path-match More context: github.com/expressjs/di... Blog post coming soon! πŸ“˜

submitted 9 days ago β€’ 2 comments

I maintain over 200+ npm packages, including core Express and Yeoman tools β€” with 1.4B+ weekly downloads. I just published a full impact report for #MaintainerMonth: πŸ“¦ gist.github.com/UlisesGascon... Not always the author, but always a steward. πŸ’š

submitted 11 days ago β€’ 1 comment

May is Maintainer Month! If you’ve ever relied on open source (spoiler: you have), now’s the time to show some love to the folks who keep it running. @feynudibranch.bsky.social & I shared what’s comingβ€”events, perks, and a security challenge: github.blog/open-source/... πŸ’œ #MaintainerMonth

submitted 18 days ago β€’ 0 comments

πŸ“ If I Wrote a Linter, Part 1: Architecture I'm writing a series of blog posts on zany ideas for where we could take a web linter next. This is part 1 of ~4, on the core architecture. Let me know what you think! 😊 www.joshuakgoldberg.com/blog/if-i-wr...

submitted 19 days ago β€’ 3 comments

πŸš€ Just shipped a big milestone for [email protected]! New Express server, API routes, E2E test, Swagger docs, hardened Docker, and more... openpathfinder.com/blog/visionb...

submitted 20 days ago β€’ 0 comments

πŸ₯Ή May is almost here, and it's officially #MaintainerMonth πŸš€ I’ve helped release @expressjs.bsky.social 5.1, ship key @nodejs.org updates, lead #OpenSource security work, and reboot #Yeoman. If you believe in supporting #devTools, consider sponsoring ❀️ πŸ‘‰ github.com/sponsors/Uli...

submitted 23 days ago β€’ 0 comments

πŸ’– Thanks Sawaratsuki for designing this amazing @expressjs.bsky.social logo in #Kawaii version πŸ₯Ή γˆγγ™γ·γ‚Œγ™ ✨ ι«˜ι€Ÿγƒ»ι©ζ–°ηš„γƒ»ζœ€ε°ι™

submitted 28 days ago β€’ 0 comments

Frankly, you don't often get to read a security incident report written up (and addressed!) this professionally. Thanks, Node.js security team.

submitted 30 days ago β€’ 0 comments

We’ve published an update on the recent #Nodejs test infrastructure incident. Huge thanks to the community & volunteers helping keep things secure πŸ’š We welcome pentests, but please give us a heads-up via HackerOne or the TSC to avoid disrupting daily ops. nodejs.org/en/blog/vuln...

submitted 30 days ago β€’ 0 comments

πŸš€ Node.js v22.15.0 is out β€” with nearly 350 commits! Highlights: πŸ§ͺ assert upgrades πŸ” system cert support 🌐 TLSA record queries πŸ’Ύ zstd in zlib 🧠 v8 heap stats Huge thanks to @rafaelgss.dev for prepping the release + all the heavy lifting! πŸ™Œ nodejs.org/en/blog/rele...

submitted 31 days ago β€’ 1 comment

Node.js v20.19.1 is out! πŸ₯³ Some highlights include: - Updated Undici to v6.21.2 - Bumped c-ares to v1.34.5 - Restored DNS query cache TTL - Minor doc, test, and tooling improvements Full changelog: nodejs.org/en/blog/rele...

submitted 31 days ago β€’ 0 comments

Un poco de cable management, y casi lo tenemos ☺️

submitted 33 days ago β€’ 0 comments

Yay! Had a blast at #NodeCongress talking about threat models, #vulnerabilities, and #Nodejs weirdness πŸ˜„πŸ” Full talk here πŸ‘‡ gitnation.com/contents/wha...

submitted 36 days ago β€’ 0 comments

ECMAScript Excitement πŸŽ‰ Today, TC39 advanced these proposals: 2️⃣.7️⃣ Non-extensible Applies to Private 1️⃣ Enums 1️⃣ Object.propertyCount

submitted 38 days ago β€’ 2 comments

ECMAScript Excitement πŸŽ‰ Today, TC39 advanced these proposals: 2️⃣ export defer 1️⃣ Compare Strings by Codepoint

submitted 37 days ago β€’ 1 comment

ECMAScript Excitement πŸŽ‰ Today, TC39 advanced this proposal: 1️⃣ Disposable AsyncContext

submitted 36 days ago β€’ 0 comments

ECMAScript Excitement πŸŽ‰ This week, at its 107th meeting, TC39 advanced these proposals: 2️⃣.7️⃣ Non-extensible Applies to Private 2️⃣.7️⃣ Upsert 2️⃣ export defer 1️⃣ Compare Strings by Codepoint 1️⃣ Composite Keys 1️⃣ Disposable AsyncContext 1️⃣ Enums 1️⃣ Object.propertyCount and withdrew Records & Tuples

submitted 36 days ago β€’ 3 comments

Oh yeah, we're over 50% of the way toward being able to release compression v2! github.com/expressjs/co...

submitted 37 days ago β€’ 0 comments

TIL, also, that you can use custom text for links in Bluesky!

submitted 36 days ago β€’ 3 comments

ECMAScript Excitement πŸŽ‰ Today, TC39 advanced these proposals: 2️⃣.7️⃣ Upsert 1️⃣ Composite Keys and withdrew Records & Tuples

submitted 39 days ago β€’ 6 comments

96% of the demand-side value is created by only 5% of OSS developers (another slide from my foss-north talk on Monday)

submitted 45 days ago β€’ 3 comments

For years, I’ve been asked whether I’ll ever write a book about @nodejs.org. I’m excited to announce the time has come. Presenting β€œThe Definitive Guide for Node.js in Enterprise”, a labour of love by myself, and every single member of the @platformatic.dev team.

submitted 49 days ago β€’ 4 comments

Recording from the #nodejs node-api team meeting last Friday in case you want to catch up - youtu.be/9IFUvEyUbcM

submitted 53 days ago β€’ 1 comment

Just want to give a huge shout-out to all the amazing #volunteers who jumped in during the recent #Nodejs #security #incident involving our test CI infrastructure πŸ’š Full details here: nodejs.org/en/blog/vuln...

submitted 52 days ago β€’ 0 comments

It has been a bit of a wild ride going from a user, then contributor, then TC member. Then trying to get v5 over the finish line, then quitting the project. And finally not really being a user but helping get v5 out the door, still being on the TC, and finally publishing to latest. All in 10 years.

submitted 53 days ago β€’ 2 comments

πŸ“¦ #Express 5.1.0 is out! βœ… v5 is now the default on #npm πŸ› οΈ New #codemod for easy migration from v4 πŸ“… #LTS timeline announced (including v4 EOL) Big step for @expressjs.bsky.social πŸ‘πŸ‘πŸ‘ πŸ‘‰ expressjs.com/2025/03/31/v...

submitted 53 days ago β€’ 0 comments

πŸš€ Exciting Announcement today! Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...

submitted 53 days ago β€’ 2 comments

This is getting out of hand πŸ’€

submitted 54 days ago β€’ 0 comments

Hahahaha this made my day πŸ˜‚ Apparently I’m now a Legendary Creature β€” Human Developer Commit Mastery, Open Source Advocate, and a Security Consultant? Magic: The Debuggering πŸ’»πŸ§™β€β™‚οΈ #MagicTheGathering #DevLife #OpenSource

submitted 55 days ago β€’ 1 comment

With the upcoming release of @expressjs.bsky.social v5 and promoting it to latest on npm, we needed to finalize some of our support and schedule plans. Would love feedback on this plan from the ecosystem so we can do better than we have in the past on keeping folks informed and aware of the plans.

submitted 56 days ago β€’ 1 comment

🚩 Keep up to date with @nodejs.org by watching the #Nodejs Security Working Group's last meeting on YouTube! www.youtube.com/watch?v=K4IF...

submitted 57 days ago β€’ 1 comment

@ulisesgascon.com is on fire with releases tonight! πŸš€ Awesome work by lots of folks in these ones, check out the change logs!

submitted 58 days ago β€’ 1 comment

πŸš€ Just released [email protected] πŸ“¦ 🍿 #release details: github.com/pillarjs/sen...

submitted 58 days ago β€’ 0 comments

πŸš€ Just released [email protected] πŸ“¦ 🍿 #release details: github.com/expressjs/bo...

submitted 58 days ago β€’ 0 comments

πŸš€ Just released [email protected] πŸ“¦ 🍿 #release details: github.com/jshttp/type-...

submitted 58 days ago β€’ 0 comments

πŸš€ Just released [email protected] πŸ“¦ 🍿 #release details: github.com/pillarjs/rou...

submitted 58 days ago β€’ 0 comments

πŸš€ Just released [email protected] πŸ“¦ 🍿 #release details: github.com/jshttp/mime-...

submitted 58 days ago β€’ 0 comments