content(blog/events): add trip report of 2026 London summit#8840
content(blog/events): add trip report of 2026 London summit#8840legendecas wants to merge 1 commit intonodejs:mainfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryLow Risk Overview Reviewed by Cursor Bugbot for commit c50d485. Bugbot is set up for automated code reviews on this repo. Configure here. |
👋 Codeowner Review RequestThe following codeowners have been identified for the changed files: Team reviewers: @nodejs/nodejs-website Please review the changes when you have a chance. Thank you! 🙏 |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 04ad983. Configure here.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8840 +/- ##
=======================================
Coverage 73.87% 73.87%
=======================================
Files 105 105
Lines 8883 8883
Branches 326 326
=======================================
Hits 6562 6562
Misses 2320 2320
Partials 1 1 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Pull request overview
Adds a new events blog post documenting the 2026 London Node.js Collaboration Summit, expanding the site’s historical archive of summit trip reports.
Changes:
- Introduces a new markdown blog post with frontmatter (date/category/title/layout/author).
- Adds a structured recap of summit sessions plus a “Thanks” section and reference links.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ### Next 10 | ||
|
|
||
| In this session, [Jacob Smith][] started an on-site review of the questions that would be asked in the [Next-10 survey for 2026](https://github.com/nodejs/next-10/issues/369), including suggestions to existing questions, questions and options to add or remove, and recent AI discussions. | ||
|
|
||
| ### New Release Schedule |
There was a problem hiding this comment.
The post jumps directly to ### headings without a preceding ## section, which is inconsistent with other Collab Summit trip reports and results in an incorrect heading hierarchy (and potentially inconsistent styling/TOC). Consider promoting these session headings to ## (and reserving ### for sub-sections where needed).
|
|
||
| This is a reflection of the current Node.js volunteer-based maintenance and an effort to keep the Node.js project sustainable in the long run. When it comes to security vulnerabilities, managing security releases across four or five active release lines has become difficult to sustain in the current Node.js voluntary work model. By reducing the number of concurrent release lines, the project can focus on better supporting the releases people actually use. | ||
|
|
||
| What's important is what's not changed with the new release schedule: |
There was a problem hiding this comment.
| What's important is what's not changed with the new release schedule: | |
| What's important is what's not changed with the new release schedule: | |
I think we just need to add a new line here for linting/prettier to pass
joyeecheung
left a comment
joyeecheung
left a comment
There was a problem hiding this comment.
Leaving some points that I think we need to cover before this can be published. I'll see if I can re-listen to the recordings to fill them in on Monday.
| [Matteo Collina][] presented the proposal for a Node.js built-in Virtual File System. By taking concepts previously explored in userland libraries (like `@platformatic/vfs`) and standardizing them into a core `node:vfs` module, Node.js can intercept standard filesystem calls and route them through a virtualized, memory-based layer. Developers can define specific data sources in memory (providers) and "mount" them so the runtime treats them exactly like local directories. The proposal also provides the ability to layer virtual filesystems on top of one another, or place a virtual layer directly over the physical disk to safely mock or override files. | ||
|
|
||
| Userland VFS implementations require massive monkey-patching; moving it to core provides deep integration and supports more use cases like SEA. | ||
|
|
There was a problem hiding this comment.
There are some discussions in this session that we should capture too.
| ### Node.js Security - State of the Ecosystem & What's Next | ||
|
|
||
| [Rafael Gonzaga][] shared that the security team has recently advanced the ecosystem through a refined threat model, improved permission models, and enhanced release automation, but these efforts are currently being overshadowed by a massive influx of AI-generated vulnerability reports. This industry-wide surge, driven largely by users seeking CVE attribution and financial bounties, has severely strained maintainer capacity with high-noise, duplicative submissions that often lack reproduction steps or misclassify standard bugs as severe security threats. Despite attempted mitigations like pausing bug bounties, raising HackerOne signal requirements, and clarifying guidelines, the overwhelming volume has significantly driven up resolution times. To combat this bottleneck, the team is exploring strategies such as securing early access for proactive testing, attempting to alter reporting agent behaviors, and adopting a public security flow to bypass embargoes and speed up CI testing. | ||
|
|
There was a problem hiding this comment.
IIRC Robin presented a significant part of this. There was also the introduction of the two new programs which we should cover in the trip report.
|
|
||
| ### Userland migrations | ||
|
|
||
| [Jacob Smith][] and [Marco Ippolito][] presented increased usage of userland migrations. Codemods for Node.js 22 to 24 are almost complete. For Node.js 25.9.0, a codemod was published the same day as the deprecation was introduced. |
There was a problem hiding this comment.
marco ? I didn't watch the record but I saw picture and that was bruno
Description
Validation
Related Issues
Check List
pnpm formatto ensure the code follows the style guide.pnpm testto check if all tests are passing.pnpm buildto check if the website builds without errors.