This talk explores how Node.js security has evolved recently, focusing on concrete changes that developers can actually use. It covers the Permission Model, improvements across core modules, and lessons learned from recent Node.js security releases.

The session looks at how the Permission Model works in practice, what problems it solves, and where its current boundaries are. It also walks through recurring vulnerability patterns seen in recent releases, how they were fixed, and what those fixes mean for real applications. Along the way, we discuss changes in defaults, runtime hardening, and improvements in Node.js security processes.

Rather than treating security as a checklist, the talk connects runtime features, security releases, and real-world incidents to practical guidance. The goal is to help developers better understand the current security posture of Node.js and make safer decisions when building, upgrading, and running their applications.

This session covers recent Node.js security features and releases, including the Permission Model, and shares practical lessons that developers can apply to build safer Node.js applications.