Rafael Gonzaga
@_rafaelgss
Principal OSS Engineer at @NodeSource from 🇧🇷 | @nodejs TSC | @fastifyjs core | @nodeclinic maintainer 🏆 OpenJS Pathfinder Award for Security 2023
I'm pleased to announce that I've started as Principal Open Source Engineer at @NodeSource! I'll be working on Node.js core in areas including performance, security, and diagnostics. So... stay tuned! We'll build amazing things together 💚
Would you be interested if Node.js starts supporting seccomp-bpf or do you think this is environment/container responsibility?
Here you go github.com/nodejs/node/pu…
Just wrote something very interesting for the Node.js benchmarks, opening a PR soon 😄
Just wrote something very interesting for the Node.js benchmarks, opening a PR soon 😄
With the recent Node.js security release, you might want to check if you are using an insecure version of Node.js! Do: npx is-my-node-vulnerable
💚
Hey you have my thanks too I have been watching your stream not live because of the time zone. But they helped me get started, I have already contributed 7 times now 3 patches to core nodejs rest to nodejs-website, thanks again 🙏
If you are "optimizing" what you don't measure, you are likely doing it wrong.
Hi folks, We will have a Node.js core mentoring live stream today Stay tuned!
📣 Introducing NodeSource Extended Support 📣 Unsupported Node.js versions leave your applications vulnerable to security risks, performance issues, and compliance violations. We deliver security for organizations that can’t upgrade immediately. nodesource.com/blog/security-…
New release of bench-node! v0.8.0 * Add a pretty reporter * Baseline support for comparison * Exporting Types * All tests are run on a dedicated machine sponsored by @NodeSource * And more... github.com/RafaelGSS/benc…
🚨 Node.js Security Updates Released (July 15, 2025) High severity fixes for: • path.normalize() Windows device names bypass (CVE-2025-27210) • HashDoS in V8 (CVE-2025-27209) Affects: 20.x, 22.x, 24.x Update now: nodejs.org/en/blog/vulner… #NodeJS #Security
Updates are now available for the 24.x, 22.x, 20.x Node.js release lines. Details: nodejs.org/en/blog/vulner…
⚠️ Security release pre-alert: We will release new versions of v20.x, v22.x, and v24.x release lines on or shortly after Tuesday 15, July 2025, in order to address 2 high severity issues. hubs.la/Q03wfg0G0
Modifying the prototype in runtime is the root of all evil
Do you know you can use NODE_DEBUG=MODULE_TIMER to measure module startup on Node.js?
Did you know bench-node has the bounce-ball visualizer too? github.com/RafaelGSS/benc…
oops did it again
Node.js v24.4.0 is out! 💚 What's new? • crypto.hash() supports outputLength (XOF) • fs.mkdtempSync() gets disposable mode • --watch-kill-signal lands • permission.has('addon') is now supported • spawn() propagates permission flags • sqlite adds readBigInts More in:…