Ulises Gascón
@ulisesgascon.com
#OpenSource Maintainer (@nodejs.org, @expressjs.bsky.social, Lodash, Yeoman...), #TC39 Delegate and #Maker | He/Him
Pinned
Ulises Gascón
@ulisesgascon.com
· Nov 11
🌍 Hello, BlueSky! 🤠
I'm Ulises Gascón from Spain! Passionate about #Nodejs, #Express, #JavaScript, and the world of #OpenSource.
I spend my days building, maintaining, and improving tools and libraries for our #devCommunity 🫶
👉 Check out my projects and support my work:
github.com/sponsors/Uli...
I'm Ulises Gascón from Spain! Passionate about #Nodejs, #Express, #JavaScript, and the world of #OpenSource.
I spend my days building, maintaining, and improving tools and libraries for our #devCommunity 🫶
👉 Check out my projects and support my work:
github.com/sponsors/Uli...
✨ Want to contribute to @openjsf.org projects but not sure where to start?
Simple trick: connect with the community first 🎯
• Join the community Slack
• Check the shared calendar for meetings & events
www.youtube.com/shorts/4h7P7...
Simple trick: connect with the community first 🎯
• Join the community Slack
• Check the shared calendar for meetings & events
www.youtube.com/shorts/4h7P7...
How to Get Involved in OpenJS Projects
YouTube video by OpenJS Foundation
www.youtube.com
December 19, 2025 at 11:12 AM
✨ Want to contribute to @openjsf.org projects but not sure where to start?
Simple trick: connect with the community first 🎯
• Join the community Slack
• Check the shared calendar for meetings & events
www.youtube.com/shorts/4h7P7...
Simple trick: connect with the community first 🎯
• Join the community Slack
• Check the shared calendar for meetings & events
www.youtube.com/shorts/4h7P7...
Reposted by Ulises Gascón
Major update to the CSS Media Queries Analysis Snippet with a Performance Impact Analyzer
It calculates the REAL cost of desktop-only CSS on mobile:
📉 Core Web Vitals Impact
💰 Estimated Conversion Lift
e.g.: Fixing 30KB of unused CSS 180ms faster load and up to 1.8% conversion boost
It calculates the REAL cost of desktop-only CSS on mobile:
📉 Core Web Vitals Impact
💰 Estimated Conversion Lift
e.g.: Fixing 30KB of unused CSS 180ms faster load and up to 1.8% conversion boost
December 16, 2025 at 9:07 AM
Major update to the CSS Media Queries Analysis Snippet with a Performance Impact Analyzer
It calculates the REAL cost of desktop-only CSS on mobile:
📉 Core Web Vitals Impact
💰 Estimated Conversion Lift
e.g.: Fixing 30KB of unused CSS 180ms faster load and up to 1.8% conversion boost
It calculates the REAL cost of desktop-only CSS on mobile:
📉 Core Web Vitals Impact
💰 Estimated Conversion Lift
e.g.: Fixing 30KB of unused CSS 180ms faster load and up to 1.8% conversion boost
Reposted by Ulises Gascón
How can you ACTUALLY get involved with OpenJS projects??
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. 👋
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. 👋
December 16, 2025 at 3:16 PM
How can you ACTUALLY get involved with OpenJS projects??
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. 👋
@ulisesgascon.com gives the download in our latest snapshot.
Join Slack, join our community meetings, or watch recordings.
Come say hi. 👋
😏 Want to master #JS & #TS this year?
This Humble Tech Book Bundle features practical guides — including my book Node.js for Beginners.
Plus, your purchase supports charity ♥️
www.humblebundle.com/books/javasc...
This Humble Tech Book Bundle features practical guides — including my book Node.js for Beginners.
Plus, your purchase supports charity ♥️
www.humblebundle.com/books/javasc...
Humble Tech Book Bundle: JavaScript and TypeScript Mastery by Packt
Rewrite the script of your career journey with new skills in JavaScript, TypeScript, and more—get our latest Tech Book Bundle today!
www.humblebundle.com
December 16, 2025 at 8:44 AM
😏 Want to master #JS & #TS this year?
This Humble Tech Book Bundle features practical guides — including my book Node.js for Beginners.
Plus, your purchase supports charity ♥️
www.humblebundle.com/books/javasc...
This Humble Tech Book Bundle features practical guides — including my book Node.js for Beginners.
Plus, your purchase supports charity ♥️
www.humblebundle.com/books/javasc...
Reposted by Ulises Gascón
WinterTC's Minimum Common Web API standard is now officially published as ECMA-429, Edition 1 . To many more editions!
Thanks @jasnell.me, @andreubotella.com, @akiro.se, @littledan.dev and everyone else that was involved in making this happen.
🎉
Thanks @jasnell.me, @andreubotella.com, @akiro.se, @littledan.dev and everyone else that was involved in making this happen.
🎉
December 12, 2025 at 3:33 PM
WinterTC's Minimum Common Web API standard is now officially published as ECMA-429, Edition 1 . To many more editions!
Thanks @jasnell.me, @andreubotella.com, @akiro.se, @littledan.dev and everyone else that was involved in making this happen.
🎉
Thanks @jasnell.me, @andreubotella.com, @akiro.se, @littledan.dev and everyone else that was involved in making this happen.
🎉
Reposted by Ulises Gascón
🚀 iconv-lite 0.7.1 released 🎉
- Improved type definitions and added missing APIs 🧩
github.com/pillarjs/ico...
- Improved type definitions and added missing APIs 🧩
github.com/pillarjs/ico...
Release v0.7.1 · pillarjs/iconv-lite
What's Changed
🚀 Improvements
types: improve type definitions and add missing APIs - by @plbstl and @bjohansebas in #330
Other changes
Bump actions/setup-node from 4 to 6 by @dependabot[bot] in ...
github.com
December 11, 2025 at 3:59 PM
🚀 iconv-lite 0.7.1 released 🎉
- Improved type definitions and added missing APIs 🧩
github.com/pillarjs/ico...
- Improved type definitions and added missing APIs 🧩
github.com/pillarjs/ico...
This was such a fun recording! 🤣
Working on some shorts for you to round out 2025 and we're feelin' festive 👀
You can catch all of the past videos for our JavaScript Security Snapshot on our YouTube: youtube.com/playlist?lis... @rafaelgonzaga.bsky.social @ulisesgascon.com
You can catch all of the past videos for our JavaScript Security Snapshot on our YouTube: youtube.com/playlist?lis... @rafaelgonzaga.bsky.social @ulisesgascon.com
December 11, 2025 at 7:46 PM
This was such a fun recording! 🤣
🔖 My PR updating the #Security Best Practices for Your Project guide is now merged!
✨ New: license-risk checks + SBOMs, threat modeling, incident-response basics, and stronger security roles & culture.
opensource.guide/security-bes...
✨ New: license-risk checks + SBOMs, threat modeling, incident-response basics, and stronger security roles & culture.
opensource.guide/security-bes...
Security Best Practices for your Project
Strengthen your project’s future by building trust through essential security practices — from MFA and code scanning to safe dependency management and private vulnerability reporting.
opensource.guide
December 10, 2025 at 9:23 PM
🔖 My PR updating the #Security Best Practices for Your Project guide is now merged!
✨ New: license-risk checks + SBOMs, threat modeling, incident-response basics, and stronger security roles & culture.
opensource.guide/security-bes...
✨ New: license-risk checks + SBOMs, threat modeling, incident-response basics, and stronger security roles & culture.
opensource.guide/security-bes...
Reposted by Ulises Gascón
ECMAScript excitement 😉
A highly comprehensive article on what will (and might!) land in ES2026 by @marypcbuk.bsky.social 🎉
Includes coverage on Temporal by Boa creator @jason-williams.co.uk who leads the Rust-based temporal_rs library, as used by Google's V8 engine, amongst others.
A highly comprehensive article on what will (and might!) land in ES2026 by @marypcbuk.bsky.social 🎉
Includes coverage on Temporal by Boa creator @jason-williams.co.uk who leads the Rust-based temporal_rs library, as used by Google's V8 engine, amongst others.
With ECMAScript 2026, JavaScript will get more precise about sums, errors, international dates and times — and it may finally be time for Temporal.
By @marypcbuk.bsky.social
By @marypcbuk.bsky.social
ES2026 Solves JavaScript Headaches With Dates, Math and Modules
With ECMAScript 2026, JavaScript will get more precise about sums, errors, international dates and times — and it may finally be time for Temporal.
bit.ly
December 9, 2025 at 11:57 PM
ECMAScript excitement 😉
A highly comprehensive article on what will (and might!) land in ES2026 by @marypcbuk.bsky.social 🎉
Includes coverage on Temporal by Boa creator @jason-williams.co.uk who leads the Rust-based temporal_rs library, as used by Google's V8 engine, amongst others.
A highly comprehensive article on what will (and might!) land in ES2026 by @marypcbuk.bsky.social 🎉
Includes coverage on Temporal by Boa creator @jason-williams.co.uk who leads the Rust-based temporal_rs library, as used by Google's V8 engine, amongst others.
Reposted by Ulises Gascón
Node excitement 😉
Congrats to @hybrist.dev on landing support for Package Imports that start with #/ 🎉
Previously this prefix was special-cased and would error. It's convenient to use it as an internal absolute path to the package root.
import foo from "#/src/file.ts"
Congrats to @hybrist.dev on landing support for Package Imports that start with #/ 🎉
Previously this prefix was special-cased and would error. It's convenient to use it as an internal absolute path to the package root.
import foo from "#/src/file.ts"
Node.js added support for path rewrites for #/ wildcard.
This means you don't need typescript voodoo to use project relative imports.
Thanks to @hybrist.dev
github.com/nodejs/node/...
This means you don't need typescript voodoo to use project relative imports.
Thanks to @hybrist.dev
github.com/nodejs/node/...
module: allow subpath imports that start with `#/` by hybrist · Pull Request #60864 · nodejs/node
It's a common ecosystem pattern to map a source root directory to @/ but it requires special tooling support. This turns #/* into a more realistic alternative for that pattern.
See: #49182
github.com
December 8, 2025 at 12:44 PM
Node excitement 😉
Congrats to @hybrist.dev on landing support for Package Imports that start with #/ 🎉
Previously this prefix was special-cased and would error. It's convenient to use it as an internal absolute path to the package root.
import foo from "#/src/file.ts"
Congrats to @hybrist.dev on landing support for Package Imports that start with #/ 🎉
Previously this prefix was special-cased and would error. It's convenient to use it as an internal absolute path to the package root.
import foo from "#/src/file.ts"
🔖 The latest issue of my #newsletter is out, issue 010.
Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard ✨
blog.ulisesgascon.com/newsletter-i...
Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard ✨
blog.ulisesgascon.com/newsletter-i...
Newsletter #010: Wrapping Up the Year with Talks, Security Work and Big Releases 🎁
This month brought a new talk, a deep dive into secure publishing, key Express releases, OSSF Scorecard updates, and several ecosystem improvements around security and governance.
blog.ulisesgascon.com
December 8, 2025 at 2:46 PM
🔖 The latest issue of my #newsletter is out, issue 010.
Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard ✨
blog.ulisesgascon.com/newsletter-i...
Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard ✨
blog.ulisesgascon.com/newsletter-i...
🔖 Love how Orbitant shares learnings with the community even under pressure. Great read on handling a critical #CVE as a team:
orbitant.com/en/critical-...
orbitant.com/en/critical-...
Critical React Server Components Vulnerability: what we did
Critical React Server Components Vulnerability: how a team responded with fast communication, automation, and coordinated updates for the CVE.
orbitant.com
December 4, 2025 at 2:38 PM
🔖 Love how Orbitant shares learnings with the community even under pressure. Great read on handling a critical #CVE as a team:
orbitant.com/en/critical-...
orbitant.com/en/critical-...
Just shipped a new newsletter to my GitHub Sponsors! 🎁
This one includes my latest talk, secure publishing research, #Expressjs and #OSSF #Scorecard updates, and a bunch of ecosystem news.
It will be public soon, but you can read it early and support my OSS work here: github.com/sponsors/Uli...
This one includes my latest talk, secure publishing research, #Expressjs and #OSSF #Scorecard updates, and a bunch of ecosystem news.
It will be public soon, but you can read it early and support my OSS work here: github.com/sponsors/Uli...
December 3, 2025 at 3:43 PM
Just shipped a new newsletter to my GitHub Sponsors! 🎁
This one includes my latest talk, secure publishing research, #Expressjs and #OSSF #Scorecard updates, and a bunch of ecosystem news.
It will be public soon, but you can read it early and support my OSS work here: github.com/sponsors/Uli...
This one includes my latest talk, secure publishing research, #Expressjs and #OSSF #Scorecard updates, and a bunch of ecosystem news.
It will be public soon, but you can read it early and support my OSS work here: github.com/sponsors/Uli...
Security incident? Don’t panic. Have a plan. 🤝
A clear incident response plan keeps open source projects steady when things go wrong 😏
www.youtube.com/shorts/mqPlC...
A clear incident response plan keeps open source projects steady when things go wrong 😏
www.youtube.com/shorts/mqPlC...
Incident Response Plan
YouTube video by OpenJS Foundation
www.youtube.com
December 2, 2025 at 9:03 PM
Security incident? Don’t panic. Have a plan. 🤝
A clear incident response plan keeps open source projects steady when things go wrong 😏
www.youtube.com/shorts/mqPlC...
A clear incident response plan keeps open source projects steady when things go wrong 😏
www.youtube.com/shorts/mqPlC...
Reposted by Ulises Gascón
Woah. String.prototype.startsWith() supports two arguments:
"my string".startsWith("string", 3) => true
I had no idea this was possible.
developer.mozilla.org/en-US/docs/W...
"my string".startsWith("string", 3) => true
I had no idea this was possible.
developer.mozilla.org/en-US/docs/W...
a man with glasses is surrounded by a glowing circle and the website pmitf.com is displayed below him
ALT: a man with glasses is surrounded by a glowing circle and the website pmitf.com is displayed below him
media.tenor.com
December 2, 2025 at 1:51 PM
Woah. String.prototype.startsWith() supports two arguments:
"my string".startsWith("string", 3) => true
I had no idea this was possible.
developer.mozilla.org/en-US/docs/W...
"my string".startsWith("string", 3) => true
I had no idea this was possible.
developer.mozilla.org/en-US/docs/W...
🚨 We’ve published our Nov security update, including moderate fix for body-parser.
expressjs.com/2025/12/01/s...
expressjs.com/2025/12/01/s...
November 2025 Security Releases
Security release for body-parser has been published. We recommend that all users upgrade as soon as possible.
expressjs.com
December 1, 2025 at 3:37 PM
🚨 We’ve published our Nov security update, including moderate fix for body-parser.
expressjs.com/2025/12/01/s...
expressjs.com/2025/12/01/s...