The Node.js ecosystem has been disrupted by self-replicating malware called Shai-Hulud.
In September 2025, researchers found that Shai-Hulud had infected more than 500 npm packages, including some from trusted maintainers. The worm did not just publish a few bad versions. It spread automatically, using stolen credentials to infect other packages owned by the same developer.
A few years ago I introduced you to my QShell on i utility – QSHONI. QSHONI makes it easy for traditional CL, RPG, and COBOL programs to call Python utilities and other QShell/PASE utility programs (PHP, Node, Java, etc.) and directly use their output. QSHONI opened up a whole new world of integrations to open source apps from RPG, CL, and COBOL.
In this post I will update you on new features that have been added to the QSHONI utilities over the past 12 months.
Visual Studio Code (VS Code) is a lightweight source code editor that runs on multiple desktops, including Windows, Linux, and MacOS. It provides built-in support for PHP, Node.js, Python, and many other languages and runtimes.
Halcyon Tech’s Code for IBM i extension adds the ability to edit IBM i Integrated File System (IFS) files inside VS Code. It’s easy to get set up to access and edit IFS-based code using this popular editing tool.
In just seven quick steps, you can install VS Code and its Code for IBM i extension and begin working with IFS files stored on your IBM i.
Node.js has joined other popular IBM i open-source technologies, such as PHP and Python, for web application and API development. A server-side runtime for JavaScript, Node.js can run both on IBM i and on other platforms such as Linux.
The Node.js iToolkit lets you leverage your company’s investment in RPG and COBOL business logic while developing front ends and APIs with Node.js. As with Node.js itself, iToolkit can run on your IBM i or can connect to IBM i from your PC or an external web server.
This post explains how to install Node.js and its iToolkit on your IBM i, then use iToolkit to call an RPG service program.
We’ve been hearing from clients wondering whether they need commercial connectors to integrate open source technology with Db2, RPG, and COBOL data.
Liam Allan has shown the power of using open source tools that are available to everyone. He recommends accessing IBM i business logic and data using open source tools, without proprietary connectors.
This guide will outline writing your first Node.js application. Node.js is a packaged version of the V8 Javascript engine, created by Google and shipped in Chromium. Although Node.js is cross-platform, specific tips for IBM i are given in section 8.
To manage Node.js application processes in production on IBM i, we recommend PM2 Runtime. As stated in PM2’s official documentation, PM2 “…allows you to keep applications alive forever, to reload them without downtime and facilitate common DevOps tasks.”
With IBM’s delivery of open source capabilities on IBM i, Seiden Group has been there to apply the technology to application modernization initiatives. Starting with PHP and the PHP toolkit, then Python, and now Node.js and Ruby, we’ve worked with IBM and customers to flesh out the capabilities of the technology, teach best practices at conferences and directly with clients, and develop award-winning solutions.