Working on some shorts for you to round out 2025 and we're feelin' festive 👀 You can catch all of the past videos for our JavaScript Security Snapshot on our YouTube: https://t.co/T0aiOvbcDS

npm has revoked classic tokens for publishing, pushing maintainers toward OIDC trusted publishing or granular tokens. But @openjsf warns OIDC trusted publishing still has risky gaps for critical projects. https://t.co/DLJh46TV3o #NodeJS #JavaScript

JavaScript is 30. Still running the web & still our favorite. 💛✨ The OpenJS Foundation is grateful for every contributor who has shaped its path, and we look forward to the continued growth of this community.

Life runs in seconds, not minutes, hours, weeks, or years. Anything can change at a moments notice. So try to do it right the first time if you're able because you might not get a second chance at it again.

Final reminder 💙

The JavaScriptLandia individual contributor program will end on Friday, Dec 5, 2025. Thank you to everyone who earned badges and celebrated the amazing work across the JS ecosystem. The community awards will continue, and we’re exploring new ways to highlight community

Tis the season ✨ Level up your skills this holiday with 65% off Training and Certification from our friends at the Linux Foundation. Ends December 9. Details here: https://t.co/eewm5gzm2B

Things we're thankful for? OUR COMMUNITY 🤍 #JSConf was a blast, and our friends at @herodevs captured it ✨ flawlessly ✨

SEMVER MAJORS ARE BORING 🚨 Major releases mostly bring breaking changes, not shiny new features. The fun stuff? That’s hiding in the minors. @_rafaelgss talks about why you should follow the minor releases in our latest JavaScript Security Snapshot. Want to dive in further?

ICYMI: We wrote some concrete npm security suggestions for JavaScript maintainers to help guard against Shai-Hulud style attacks. 👇 https://t.co/FiLnEIQeHg

Before automated workflows, releasing @nodejs meant 20 manual steps. Now it’s one command. 👀 @kom_256 and @_rafaelgss share how the Node.js build team went from a rack of Raspberry Pis in someone’s garage to full release automation. Check out the Build Team Working Group on

See what JSConf 2025 was all about in @hackmdio's recap 😎

Security incident? Don’t panic. Have a plan. 🤝 @kom_256 explains how a clear incident response plan keeps open source projects steady when things go wrong in the latest JavaScript Security Snapshot. Check out the Incident Response Plan here on GitHub: https://t.co/v2Rz4stNMf

On Cloud 9.0 😶‍🌫️ Release details ⇣

With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️ The OpenJS Security Collaboration Space has released updated guidance to help maintainers reduce exposure, strengthen release processes,

October’s security check‑in is here! 🚨 📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps. https://t.co/Xhwd1yjcp2