I got burned by an EOL Node.js version in prod. So I built a tracker. (opens in new tab)

Last year, a security audit uncovered a vulnerability in our production environment. The finding: we were using Node.js 16, a version that had been nearing its end of life for several months. No active exploits, no incidents, but a growing list of unpatched CVE vulnerabilities, still open and with no planned fix. The kind of problem that goes unnoticed until it becomes obvious. The most frustrating part wasn't the discovery itself, but realizing that no one on the team had been informed about...