I got burned by an EOL Node.js version in prod. So I built a tracker.

Last year, a security audit uncovered a vulnerability in our production environment. The finding: we were using Node.js 21, a version that had been nearing its end of life for several months. No active exploits, no incidents, but a growing list of unpatched CVE vulnerabilities, still open and with no planned fix. The kind of problem that goes unnoticed until it becomes obvious.

The most frustrating part wasn't the discovery itself, but realizing that no one on the team had been informed about the impending end of life of Node.js 16. No alerts, no reminders, nothing. Yet, we needed to be aware. And apparently, we weren't.

I looked for a simple tool that would allow me to declare my technology stack and be notified when a version is approaching its end of life or when a new critical CVE vulnerability is detected. I couldn't find exactly what I was looking for: most tools required connecting to a GitHub repository, installing an agent, or charged for basic alerts.

So, I created it. EOLCanary tracks end-of-life (EOL) dates and CVEs for 459 technologies: Node.js, Redis, PHP, PostgreSQL, Ubuntu, Kubernetes, and more. No agent or repository connection is required. You simply check your stack.