RepoJournal
Node.js

@nodejs

The Node.js runtime — every backend team's CVE source of truth

Pick a date

  1. Tue 5 may
  2. Wed 6 may
  3. Thu 7 may
  4. Fri 8 may
  5. Sat 9 may
  6. Sun 10 may
  7. Mon 11 may
  8. Tue 12 may
  9. Wed 13 may
  10. Thu 14 may
  11. Fri 15 may
  12. Sat 16 may
  13. Sun 17 may
  14. Mon 18 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

UNDICI PATCHES SOCKET HANG, IMPORT-IN-THE-MIDDLE FIXES BUILTIN INTEROP

By RepoJournal · Filed · About Node.js

Undici shipped critical fixes for parser deadlock under backpressure and idle socket validation, while import-in-the-middle resolved compatibility issues with CJS builtins that block instrumentation.

Undici landed two high-impact fixes overnight. The first [1] removes an assert that was throwing uncatchable errors when the HTTP/1 parser paused under backpressure and the socket ended, a scenario that could hang connections. The second [2] guards idle socket validation to skip fresh sockets, addressing a security advisory. Together these close gaps that have been tripping production deployments. Import-in-the-middle v3.0.2 [3] fixed proxying logic for builtins used as CommonJS [4], resolving conflicts when both IITM and tracing hooks register on the same process. The Node.js learn site added nested sidebar navigation [5] for Diagnostics and Node-API child articles, improving discoverability. Documentation cleanup continued across undici with corrected API signatures and restored links [6] [7]. Semver 7.8.3 [8] and eslint-plugin-n 18.1.0 [9] shipped minor updates across the linting preset.

Action items

References

  1. [1] fix: handle paused parser on socket end (issue #5360) (#5389) nodejs/undici
  2. [2] fix: guard idle socket validation to skip fresh sockets nodejs/undici
  3. [3] import-in-the-middle: v3.0.2 ↗ nodejs/import-in-the-middle
  4. [4] fix: Updated proxying logic for builtins that are used as CJS ↗ nodejs/import-in-the-middle
  5. [5] feat(sidebar): add sub-article navigation ↗ nodejs/learn
  6. [6] docs: fix multiple inaccuracies in API documentation (#5384) nodejs/undici
  7. [7] docs: fix remaining broken links in API documentation (#5342) nodejs/undici
  8. [8] build(deps): bump semver from 7.8.1 to 7.8.3 in the prod group ↗ nodejs/remark-preset-lint-node
  9. [9] build(deps-dev): bump eslint-plugin-n from 18.0.1 to 18.1.0 in the dev group ↗ nodejs/remark-preset-lint-node

FAQ

What changed in Node.js on June 8, 2026?
Undici shipped critical fixes for parser deadlock under backpressure and idle socket validation, while import-in-the-middle resolved compatibility issues with CJS builtins that block instrumentation.
What should Node.js teams do about it?
Update undici immediately if running HTTP/1 with backpressure scenarios • Upgrade import-in-the-middle to 3.0.2 if using both IITM and tracing hooks • Review undici security advisory GHSA-35p6-xmwp-9g52 for idle socket context
Which Node.js repositories shipped on June 8, 2026?
nodejs/undici, nodejs/import-in-the-middle, nodejs/learn, nodejs/remark-preset-lint-node

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.