Ruy Adorno
@ruyadorno.com
Node.js TSC • Founder Engineer at @vlt.sh • Previously Google, GitHub, npm Inc. Opinions are my own.
📍 Montreal 🇨🇦
📍 Montreal 🇨🇦
Reposted by Ruy Adorno
MEDALHA DE OURO BRASIIIIIIIIILLLLLLLLL
Lucas Pinheiro Braathen becomes the first South American ever to win a medal in any Winter Olympic event!!!!!
Lucas Pinheiro Braathen becomes the first South American ever to win a medal in any Winter Olympic event!!!!!
February 14, 2026 at 1:31 PM
MEDALHA DE OURO BRASIIIIIIIIILLLLLLLLL
Lucas Pinheiro Braathen becomes the first South American ever to win a medal in any Winter Olympic event!!!!!
Lucas Pinheiro Braathen becomes the first South American ever to win a medal in any Winter Olympic event!!!!!
Reposted by Ruy Adorno
🤖 An AI agent created a GitHub account 2 weeks ago.
It’s already landed PRs in major #OSS projects and is cold-emailing maintainers to offer its services.
Maintainers don’t seem to know it’s an agent and the code is getting merged.
We’re in new territory! 🤠
socket.dev/blog/ai-agen...
It’s already landed PRs in major #OSS projects and is cold-emailing maintainers to offer its services.
Maintainers don’t seem to know it’s an agent and the code is getting merged.
We’re in new territory! 🤠
socket.dev/blog/ai-agen...
AI Agent Lands PRs in Major OSS Projects, Targets Maintainer...
An AI agent is merging PRs into major OSS projects and cold-emailing maintainers to drum up more work.
socket.dev
February 14, 2026 at 7:09 AM
🤖 An AI agent created a GitHub account 2 weeks ago.
It’s already landed PRs in major #OSS projects and is cold-emailing maintainers to offer its services.
Maintainers don’t seem to know it’s an agent and the code is getting merged.
We’re in new territory! 🤠
socket.dev/blog/ai-agen...
It’s already landed PRs in major #OSS projects and is cold-emailing maintainers to offer its services.
Maintainers don’t seem to know it’s an agent and the code is getting merged.
We’re in new territory! 🤠
socket.dev/blog/ai-agen...
Reposted by Ruy Adorno
> writing javascript code
> ask Brendan Eich if the array is a vector or a hashmap
> he doesn't understand
> pull out diagram explaining O(1) vs O(n log n) access time
> he laughs and says "it's a good data structure sir"
> allocate an array
> arr[0] and arr["0"] both resolve to the same bucket
> ask Brendan Eich if the array is a vector or a hashmap
> he doesn't understand
> pull out diagram explaining O(1) vs O(n log n) access time
> he laughs and says "it's a good data structure sir"
> allocate an array
> arr[0] and arr["0"] both resolve to the same bucket
February 13, 2026 at 12:12 AM
> writing javascript code
> ask Brendan Eich if the array is a vector or a hashmap
> he doesn't understand
> pull out diagram explaining O(1) vs O(n log n) access time
> he laughs and says "it's a good data structure sir"
> allocate an array
> arr[0] and arr["0"] both resolve to the same bucket
> ask Brendan Eich if the array is a vector or a hashmap
> he doesn't understand
> pull out diagram explaining O(1) vs O(n log n) access time
> he laughs and says "it's a good data structure sir"
> allocate an array
> arr[0] and arr["0"] both resolve to the same bucket
Reposted by Ruy Adorno
✨ Keep up to date with @nodejs.org by watching the #Nodejs #Release Working Group's last meeting on YouTube!
www.youtube.com/watch?v=ulMh...
www.youtube.com/watch?v=ulMh...
2026-02-12- Node.js Release Working Group
YouTube video by node.js
www.youtube.com
February 12, 2026 at 3:55 PM
✨ Keep up to date with @nodejs.org by watching the #Nodejs #Release Working Group's last meeting on YouTube!
www.youtube.com/watch?v=ulMh...
www.youtube.com/watch?v=ulMh...
Reposted by Ruy Adorno
Node.js patch release day! Full changelog and download links at nodejs.org/en/blog/rele... and nodejs.org/en/blog/rele...
Node.js — Node.js 24.13.1 (LTS)
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
February 10, 2026 at 2:20 PM
Node.js patch release day! Full changelog and download links at nodejs.org/en/blog/rele... and nodejs.org/en/blog/rele...
Reposted by Ruy Adorno
🔥 NEW BANTER: "Scaling Node.js with the Right Signals: ELU"
CPU utilization is lying to you.
Your auto-scaler adds pods while your actual bottleneck gets worse.
Luca and I explain why ELU is the metric you should be watching.
📅 Feb 4th
CPU utilization is lying to you.
Your auto-scaler adds pods while your actual bottleneck gets worse.
Luca and I explain why ELU is the metric you should be watching.
📅 Feb 4th
February 2, 2026 at 4:59 PM
🔥 NEW BANTER: "Scaling Node.js with the Right Signals: ELU"
CPU utilization is lying to you.
Your auto-scaler adds pods while your actual bottleneck gets worse.
Luca and I explain why ELU is the metric you should be watching.
📅 Feb 4th
CPU utilization is lying to you.
Your auto-scaler adds pods while your actual bottleneck gets worse.
Luca and I explain why ELU is the metric you should be watching.
📅 Feb 4th
Evert demoed us how to get some registry stats today 🔥
I think I'll soon start publishing random stats like @seldo.com used to do back in the day for our collective amusement
I think I'll soon start publishing random stats like @seldo.com used to do back in the day for our collective amusement
Doing some analytics with #NPM and this is the distribution of how many downloads NPM packages typically get.
January 30, 2026 at 8:35 PM
Evert demoed us how to get some registry stats today 🔥
I think I'll soon start publishing random stats like @seldo.com used to do back in the day for our collective amusement
I think I'll soon start publishing random stats like @seldo.com used to do back in the day for our collective amusement
Reposted by Ruy Adorno
The @vlt.sh benchmark suite has been updated to include the yarn v6 canaries (still a WIP & improving all the time): benchmarks.vlt.sh
January 30, 2026 at 6:45 PM
The @vlt.sh benchmark suite has been updated to include the yarn v6 canaries (still a WIP & improving all the time): benchmarks.vlt.sh
Reposted by Ruy Adorno
Follow up from @vlt.sh regarding my appearance on the Changelog. A new registry is in the works.
Notably, I actually started @vlt.sh to solve a lot of what you've highlighted on this pod. For the record, yes, we ARE building registry software. It's unfortunately taken longer then we'd like because but it's coming.
January 30, 2026 at 5:06 PM
Follow up from @vlt.sh regarding my appearance on the Changelog. A new registry is in the works.
Reposted by Ruy Adorno
Like everyone else, I had to build something over the end-of-year break.
Mine was GitHuman: a tool to review AI-generated code before you commit.
It was built entirely by Claude Code. I reviewed every commit from my phone.
Mine was GitHuman: a tool to review AI-generated code before you commit.
It was built entirely by Claude Code. I reviewed every commit from my phone.
January 27, 2026 at 4:44 PM
Like everyone else, I had to build something over the end-of-year break.
Mine was GitHuman: a tool to review AI-generated code before you commit.
It was built entirely by Claude Code. I reviewed every commit from my phone.
Mine was GitHuman: a tool to review AI-generated code before you commit.
It was built entirely by Claude Code. I reviewed every commit from my phone.
Reposted by Ruy Adorno
That and more in v25.5.0, now out! Full changelog and download links in nodejs.org/en/blog/rele...
January 26, 2026 at 8:54 PM
That and more in v25.5.0, now out! Full changelog and download links in nodejs.org/en/blog/rele...
Reposted by Ruy Adorno
New blog post on the journey of the new --build-sea flag and how SEA injection works
joyeecheung.github.io/blog/2026/01...
joyeecheung.github.io/blog/2026/01...
January 26, 2026 at 10:27 PM
New blog post on the journey of the new --build-sea flag and how SEA injection works
joyeecheung.github.io/blog/2026/01...
joyeecheung.github.io/blog/2026/01...
Reposted by Ruy Adorno
This just landed! Thanks @addaleax.bsky.social and @legendecas.bsky.social for the reviews! It will be out in the next semver-minor release of 25, and likely backportable to older LTS - the new workflow is a compatible improvement to the existing postject-based SEA building workflows from v18.x.
Made some progress in my hobby project 🎄
Moving single executable application building into Node.js core for better UX/DX, currently works on macOS and Linux and open for feedback!
(No Windows yet because I don't take another laptop with me on vacation 😅) github.com/nodejs/node/...
Moving single executable application building into Node.js core for better UX/DX, currently works on macOS and Linux and open for feedback!
(No Windows yet because I don't take another laptop with me on vacation 😅) github.com/nodejs/node/...
[WIP] sea: generate single executable directly with Node.js binary by joyeecheung · Pull Request #61167 · nodejs/node
This is not yet ready for full review, as it lacks more documentation and tests. I've only tested this on macOS and Linux. For now, consider this as a POC for more feedback, especially the name...
github.com
January 22, 2026 at 10:53 PM
This just landed! Thanks @addaleax.bsky.social and @legendecas.bsky.social for the reviews! It will be out in the next semver-minor release of 25, and likely backportable to older LTS - the new workflow is a compatible improvement to the existing postject-based SEA building workflows from v18.x.
Reposted by Ruy Adorno
We have increased the barrier to submit reports through HackerOne due to the amount of low-quality submissions we have received recently.
Please, see: nodejs.org/en/blog/anno...
Please, see: nodejs.org/en/blog/anno...
Node.js — New HackerOne Signal Requirement for Vulnerability Reports
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
January 22, 2026 at 1:20 PM
We have increased the barrier to submit reports through HackerOne due to the amount of low-quality submissions we have received recently.
Please, see: nodejs.org/en/blog/anno...
Please, see: nodejs.org/en/blog/anno...
Reposted by Ruy Adorno
Darcy Clarke and Ruy Adorno are longtime npm CLI maintainers and Node.js contributors. They join @joshuakgoldberg.com to discuss vlt, a new package manager and registry designed to improve performance, security, and developer experience.
@darcyclarke.me
@ruyadorno.com
bit.ly/3YNGniF
@darcyclarke.me
@ruyadorno.com
bit.ly/3YNGniF
Next-Gen JavaScript Package Management with Ruy Adorno and Darcy Clarke - Software Engineering Daily
Package management sits at the foundation of modern software development, quietly powering nearly every software project in the world. Tools like npm and Yarn have long been the core of the JavaScript...
softwareengineeringdaily.com
January 22, 2026 at 10:34 AM
Darcy Clarke and Ruy Adorno are longtime npm CLI maintainers and Node.js contributors. They join @joshuakgoldberg.com to discuss vlt, a new package manager and registry designed to improve performance, security, and developer experience.
@darcyclarke.me
@ruyadorno.com
bit.ly/3YNGniF
@darcyclarke.me
@ruyadorno.com
bit.ly/3YNGniF
Reposted by Ruy Adorno
🎉 Big #NodeJS news this week: v25.4.0 marks require(esm) as stable. After a gradual rollout and ecosystem testing, it’s now safe to depend on across supported releases.
Huge thanks to @joyeecheung.bsky.social and the many contributors who made this possible! 🙏
socket.dev/blog/node-js...
Huge thanks to @joyeecheung.bsky.social and the many contributors who made this possible! 🙏
socket.dev/blog/node-js...
Node.js 25.4.0 Ships with Stable require(esm) - Socket
Node.js 25.4.0 makes require(esm) stable, formalizing CommonJS and ESM compatibility across supported Node versions.
socket.dev
January 21, 2026 at 8:12 PM
🎉 Big #NodeJS news this week: v25.4.0 marks require(esm) as stable. After a gradual rollout and ecosystem testing, it’s now safe to depend on across supported releases.
Huge thanks to @joyeecheung.bsky.social and the many contributors who made this possible! 🙏
socket.dev/blog/node-js...
Huge thanks to @joyeecheung.bsky.social and the many contributors who made this possible! 🙏
socket.dev/blog/node-js...
Reposted by Ruy Adorno
Node.js v25.4.0 is out! 💚
• require(esm) now stable and a new CLI flag: --require-module
• http setGlobalProxyFromEnv() added
• Multiple APIs promoted to stable (heapsnapshot, build snapshot, v8.queryObjects)
• Root CAs updated to NSS 3.117
More in: nodejs.org/en/blog/rele...
• require(esm) now stable and a new CLI flag: --require-module
• http setGlobalProxyFromEnv() added
• Multiple APIs promoted to stable (heapsnapshot, build snapshot, v8.queryObjects)
• Root CAs updated to NSS 3.117
More in: nodejs.org/en/blog/rele...
nodejs.org
January 19, 2026 at 6:01 PM
Node.js v25.4.0 is out! 💚
• require(esm) now stable and a new CLI flag: --require-module
• http setGlobalProxyFromEnv() added
• Multiple APIs promoted to stable (heapsnapshot, build snapshot, v8.queryObjects)
• Root CAs updated to NSS 3.117
More in: nodejs.org/en/blog/rele...
• require(esm) now stable and a new CLI flag: --require-module
• http setGlobalProxyFromEnv() added
• Multiple APIs promoted to stable (heapsnapshot, build snapshot, v8.queryObjects)
• Root CAs updated to NSS 3.117
More in: nodejs.org/en/blog/rele...
Reposted by Ruy Adorno
Bun is fast, until latency matters for Next.js.
We benchmarked the same Next.js app across Node.js, Deno, Bun, and Watt (our multi-threaded Node-based runtime) under identical load on AWS EKS.
Throughput looked fine across the board. Latency told a very different story. 🧵
We benchmarked the same Next.js app across Node.js, Deno, Bun, and Watt (our multi-threaded Node-based runtime) under identical load on AWS EKS.
Throughput looked fine across the board. Latency told a very different story. 🧵
January 15, 2026 at 4:03 PM
Bun is fast, until latency matters for Next.js.
We benchmarked the same Next.js app across Node.js, Deno, Bun, and Watt (our multi-threaded Node-based runtime) under identical load on AWS EKS.
Throughput looked fine across the board. Latency told a very different story. 🧵
We benchmarked the same Next.js app across Node.js, Deno, Bun, and Watt (our multi-threaded Node-based runtime) under identical load on AWS EKS.
Throughput looked fine across the board. Latency told a very different story. 🧵
Reposted by Ruy Adorno
Today, we published a security release for @nodejs.org that fixes a critical bug affecting virtually every production Node.js app.
If you use React Server Components, Next.js, or ANY APM tool (Datadog, New Relic, OpenTelemetry), your app could be vulnerable to DoS attacks.
👇
If you use React Server Components, Next.js, or ANY APM tool (Datadog, New Relic, OpenTelemetry), your app could be vulnerable to DoS attacks.
👇
January 13, 2026 at 6:50 PM
Today, we published a security release for @nodejs.org that fixes a critical bug affecting virtually every production Node.js app.
If you use React Server Components, Next.js, or ANY APM tool (Datadog, New Relic, OpenTelemetry), your app could be vulnerable to DoS attacks.
👇
If you use React Server Components, Next.js, or ANY APM tool (Datadog, New Relic, OpenTelemetry), your app could be vulnerable to DoS attacks.
👇
Reposted by Ruy Adorno
We appreciate your patience and understanding as we work to deliver a secure and reliable release.
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
Node.js — Tuesday, January 13, 2026 Security Releases
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
January 13, 2026 at 2:42 PM
We appreciate your patience and understanding as we work to deliver a secure and reliable release.
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
Reposted by Ruy Adorno
@lukekarrys.com joins HalfStack Phoenix.
A practical story about building for kids, using NFC cards to control music, and turning everyday interactions into something playful and intuitive.
📅 𝐉𝐚𝐧𝐮𝐚𝐫𝐲 𝟑𝟎𝐭𝐡, 𝟐𝟎𝟐𝟔 — 𝐌𝐚𝐣𝐞𝐬𝐭𝐢𝐜 𝐓𝐡𝐞𝐚𝐭𝐞𝐫, 𝐆𝐢𝐥𝐛𝐞𝐫𝐭
🎟️ halfstackconf.com/phoenix
#HalfStackphoenix #TechEvents
A practical story about building for kids, using NFC cards to control music, and turning everyday interactions into something playful and intuitive.
📅 𝐉𝐚𝐧𝐮𝐚𝐫𝐲 𝟑𝟎𝐭𝐡, 𝟐𝟎𝟐𝟔 — 𝐌𝐚𝐣𝐞𝐬𝐭𝐢𝐜 𝐓𝐡𝐞𝐚𝐭𝐞𝐫, 𝐆𝐢𝐥𝐛𝐞𝐫𝐭
🎟️ halfstackconf.com/phoenix
#HalfStackphoenix #TechEvents
January 9, 2026 at 6:11 PM
@lukekarrys.com joins HalfStack Phoenix.
A practical story about building for kids, using NFC cards to control music, and turning everyday interactions into something playful and intuitive.
📅 𝐉𝐚𝐧𝐮𝐚𝐫𝐲 𝟑𝟎𝐭𝐡, 𝟐𝟎𝟐𝟔 — 𝐌𝐚𝐣𝐞𝐬𝐭𝐢𝐜 𝐓𝐡𝐞𝐚𝐭𝐞𝐫, 𝐆𝐢𝐥𝐛𝐞𝐫𝐭
🎟️ halfstackconf.com/phoenix
#HalfStackphoenix #TechEvents
A practical story about building for kids, using NFC cards to control music, and turning everyday interactions into something playful and intuitive.
📅 𝐉𝐚𝐧𝐮𝐚𝐫𝐲 𝟑𝟎𝐭𝐡, 𝟐𝟎𝟐𝟔 — 𝐌𝐚𝐣𝐞𝐬𝐭𝐢𝐜 𝐓𝐡𝐞𝐚𝐭𝐞𝐫, 𝐆𝐢𝐥𝐛𝐞𝐫𝐭
🎟️ halfstackconf.com/phoenix
#HalfStackphoenix #TechEvents
Reposted by Ruy Adorno
🚨Our team has decided to postpone the release to Tuesday, January 13th, 2026. This additional time will allow us to properly test all backports and re-run CITGM to ensure the highest quality for our users.
Node.js — Thursday, January 8, 2026 Security Releases
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
January 8, 2026 at 9:50 PM
🚨Our team has decided to postpone the release to Tuesday, January 13th, 2026. This additional time will allow us to properly test all backports and re-run CITGM to ensure the highest quality for our users.
Reposted by Ruy Adorno
Node.s sec release
We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently.
Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.
We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently.
Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.
January 8, 2026 at 8:53 PM
Node.s sec release
We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently.
Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.
We are doing our best. We are ensuring test passes on all platforms and all active release lines (v20, v22, v24 and v25) - and they aren't currently.
Unfortunately, we don't have an ETA for that, and it's likely that this security release will be postponed one more time. Sorry.
Reposted by Ruy Adorno
Made some progress in my hobby project 🎄
Moving single executable application building into Node.js core for better UX/DX, currently works on macOS and Linux and open for feedback!
(No Windows yet because I don't take another laptop with me on vacation 😅) github.com/nodejs/node/...
Moving single executable application building into Node.js core for better UX/DX, currently works on macOS and Linux and open for feedback!
(No Windows yet because I don't take another laptop with me on vacation 😅) github.com/nodejs/node/...
[WIP] sea: generate single executable directly with Node.js binary by joyeecheung · Pull Request #61167 · nodejs/node
This is not yet ready for full review, as it lacks more documentation and tests. I've only tested this on macOS and Linux. For now, consider this as a POC for more feedback, especially the name...
github.com
December 24, 2025 at 5:49 PM
Made some progress in my hobby project 🎄
Moving single executable application building into Node.js core for better UX/DX, currently works on macOS and Linux and open for feedback!
(No Windows yet because I don't take another laptop with me on vacation 😅) github.com/nodejs/node/...
Moving single executable application building into Node.js core for better UX/DX, currently works on macOS and Linux and open for feedback!
(No Windows yet because I don't take another laptop with me on vacation 😅) github.com/nodejs/node/...
Reposted by Ruy Adorno
Every time I need to step out of the npm ecosystem, I immediately "you live like this?"
December 20, 2025 at 12:19 PM
Every time I need to step out of the npm ecosystem, I immediately "you live like this?"