#570 — March 18, 2025
Together with
Node.js Gets an Official Community Space on Discord — While there have been numerous IRC channels and Discord and Slack servers where Node developers can congregate, the Nodeiflux Discord server has been promoted to being an official one – here’s the invite link if you’re a Discord user. There are already 15k members, so it’s hopping.
Vitullo and Wunder
Node v23.10.0 (Current) Released — Node gains a new --experimental-config-file option for writing a JSON-based config file that contains options that would otherwise litter your command line flags – ideal for configuring the test runner, say.
Antoine du Hamel
Prepare Your App for AI Agents — Stytch extends auth to handle permissions for AI agents—so your app can securely delegate access to agents or protect against agent-powered threats. See our Node quickstart guide.
Stytch sponsor
Node v20.19.0 (LTS) Released with require(esm) — Node v20 is in maintenance mode, which usually means no new features, but it lands a significant one here: support for require(esm) enabled by default. This means all Node v20+ releases now support loading native ES modules with require out of the box. Ideal if you have dependencies to update and you’re still on v20.
Marco Ippolito
💡 A year ago, Node contributor Joyee Cheung wrote about the technical aspects of how require(esm) support came together.
IN BRIEF:
-
📉 It’s been big news for the past week, but TypeScript is rewriting its compiler in Go for ~10x build time performance.
-
🔒 If you’re using
xml-crypto(or a SAML implementation that uses it) you should immediately update it as a critical authentication bypass vulnerability has been found.
How to Get Deep Traces in Your Node Backend with OTel and Deno — The Deno project turns up the heat by demonstrating how to add OpenTelemetry to a Node app before showing how much easier it is with Deno (as long as your Node app runs well under it).
Andy Jiang
🔒 Protect Against AI Bots, Fraud, and Abuse in Real Time — WorkOS Radar protects your app with advanced device fingerprinting — stop fake signups, free tier abuse, bot attacks and brute force attempts today.
WorkOS sponsor
📄 Web Scraping with Cheerio in 2025 – Cheerio is a long-standing library for working with HTML and XML in Node. Usama Jamil (Apify)
📄 Retrieval-Augmented Generation (RAG) with Node, Podman AI Lab & React Michael Dawson (Red Hat)
📄 Learn Zod So You Can Trust Your Data and Your Types Diana MacDonald
📄 Building Robust Data Synchronization Code in Node.js Ashley Davis
📄 How GitHub Engineers Learn New Codebases Brittany Ellich (GitHub)
🛠 Code & Tools
🔐 Protect.js: ‘Encryption in Use’ for Data in Node Apps — Designed to work with any Node framework or ORM, Protect.js provides AES-256 based ‘encryption in use’ functionality. GitHub repo.
CipherStash
Piscina 4.9: A Fast Worker Thread Pool Implementation — Node’s worker threads bring true multithreading to Node apps and Piscina is a pool for tracking and controlling the number of such threads.
Piscina
Refractor 5.0: Virtual Syntax Highlighting using Prism — Wraps the powerful Prism syntax highlighter to output objects instead of an HTML string so you can manipulate and render it as you wish (e.g. in a VDOM or at the terminal). Lowlight, by the same author, offers the same functionality but backed by highlight.js.
Titus Wormer
OTPAuth: One Time Password (HOTP/TOTP) Library — When you log in to a site with 2FA and you’re asked for six digits from your authentication app, that’s a Time-based One-Time Password (or TOTP). This library for Node, Deno, Bun and the browser lets you work with both TOTPs and HOTPs (HMAC-based OTPs) from JavaScript.
Héctor Molinero Fernández
-
svg2pdf.js v2.5 – JavaScript-only SVG to PDF conversion.
-
MTKruto 0.60.0 – Cross-runtime library for building Telegram clients.
-
strong-soap v4.1.10 – SOAP client with mock server capabilities.
-
Git 2.49 – Not Node specific, but plenty of enhancements.
📰 Classifieds
🇫🇷 The Node & Conquer Conference. In person, in Paris. 4 April 2025. Come learn how to best run Node.js at scale. Sign up here.
👀 Give your eyes a break! MonoLisa is a font optimized for developers. Try now.
📢 Elsewhere in JavaScript
A quick roundup of some other interesting stories in the broader JavaScript landscape, in case you’ve missed them:
-
Oxlint, a Rust-powered JavaScript and TSX linter, is now in beta. It has over 500 rules out of the box and manages to lint Microsoft’s entire TypeScript repo in under a second.
-
It’s just 14 characters of JavaScript, but can you parse it? A fun puzzle from Hillel Wayne, from which you’ll learn a little ancient JavaScript history..
-
Lee Robinson gives us the tour of building modern APIs with Next.js using the App Router and route handlers.
-
Astro 5.5, the latest version of the popular content site framework, has been released.
Got a link for us? Reply and tell us. We can’t include everything but we’ll look at anything you send. Thanks!
Sponsorship: Email [kristina@cooperpress.com](mailto:kristina@cooperpress.com) for details.
Published by Cooper Press Ltd.
Fairfield Enterprise Centre, Louth, LN11 0LS, United Kingdom
#570 — March 18, 2025
Together with
Node.js Gets an Official Community Space on Discord — While there have been numerous IRC channels and Discord and Slack servers where Node developers can congregate, the Nodeiflux Discord server has been promoted to being an official one – here’s the invite link if you’re a Discord user. There are already 15k members, so it’s hopping.
Vitullo and Wunder
Node v23.10.0 (Current) Released — Node gains a new --experimental-config-file option for writing a JSON-based config file that contains options that would otherwise litter your command line flags – ideal for configuring the test runner, say.
Antoine du Hamel
Prepare Your App for AI Agents — Stytch extends auth to handle permissions for AI agents—so your app can securely delegate access to agents or protect against agent-powered threats. See our Node quickstart guide.
Stytch sponsor
Node v20.19.0 (LTS) Released with require(esm) — Node v20 is in maintenance mode, which usually means no new features, but it lands a significant one here: support for require(esm) enabled by default. This means all Node v20+ releases now support loading native ES modules with require out of the box. Ideal if you have dependencies to update and you’re still on v20.
Marco Ippolito
💡 A year ago, Node contributor Joyee Cheung wrote about the technical aspects of how require(esm) support came together.
IN BRIEF:
-
📉 It’s been big news for the past week, but TypeScript is rewriting its compiler in Go for ~10x build time performance.
-
🔒 If you’re using
xml-crypto(or a SAML implementation that uses it) you should immediately update it as a critical authentication bypass vulnerability has been found.
How to Get Deep Traces in Your Node Backend with OTel and Deno — The Deno project turns up the heat by demonstrating how to add OpenTelemetry to a Node app before showing how much easier it is with Deno (as long as your Node app runs well under it).
Andy Jiang
🔒 Protect Against AI Bots, Fraud, and Abuse in Real Time — WorkOS Radar protects your app with advanced device fingerprinting — stop fake signups, free tier abuse, bot attacks and brute force attempts today.
WorkOS sponsor
📄 Web Scraping with Cheerio in 2025 – Cheerio is a long-standing library for working with HTML and XML in Node. Usama Jamil (Apify)
📄 Retrieval-Augmented Generation (RAG) with Node, Podman AI Lab & React Michael Dawson (Red Hat)
📄 Learn Zod So You Can Trust Your Data and Your Types Diana MacDonald
📄 Building Robust Data Synchronization Code in Node.js Ashley Davis
📄 How GitHub Engineers Learn New Codebases Brittany Ellich (GitHub)
🛠 Code & Tools
🔐 Protect.js: ‘Encryption in Use’ for Data in Node Apps — Designed to work with any Node framework or ORM, Protect.js provides AES-256 based ‘encryption in use’ functionality. GitHub repo.
CipherStash
Piscina 4.9: A Fast Worker Thread Pool Implementation — Node’s worker threads bring true multithreading to Node apps and Piscina is a pool for tracking and controlling the number of such threads.
Piscina
Refractor 5.0: Virtual Syntax Highlighting using Prism — Wraps the powerful Prism syntax highlighter to output objects instead of an HTML string so you can manipulate and render it as you wish (e.g. in a VDOM or at the terminal). Lowlight, by the same author, offers the same functionality but backed by highlight.js.
Titus Wormer
OTPAuth: One Time Password (HOTP/TOTP) Library — When you log in to a site with 2FA and you’re asked for six digits from your authentication app, that’s a Time-based One-Time Password (or TOTP). This library for Node, Deno, Bun and the browser lets you work with both TOTPs and HOTPs (HMAC-based OTPs) from JavaScript.
Héctor Molinero Fernández
-
svg2pdf.js v2.5 – JavaScript-only SVG to PDF conversion.
-
MTKruto 0.60.0 – Cross-runtime library for building Telegram clients.
-
strong-soap v4.1.10 – SOAP client with mock server capabilities.
-
Git 2.49 – Not Node specific, but plenty of enhancements.
📰 Classifieds
🇫🇷 The Node & Conquer Conference. In person, in Paris. 4 April 2025. Come learn how to best run Node.js at scale. Sign up here.
👀 Give your eyes a break! MonoLisa is a font optimized for developers. Try now.
📢 Elsewhere in JavaScript
A quick roundup of some other interesting stories in the broader JavaScript landscape, in case you’ve missed them:
-
Oxlint, a Rust-powered JavaScript and TSX linter, is now in beta. It has over 500 rules out of the box and manages to lint Microsoft’s entire TypeScript repo in under a second.
-
It’s just 14 characters of JavaScript, but can you parse it? A fun puzzle from Hillel Wayne, from which you’ll learn a little ancient JavaScript history..
-
Lee Robinson gives us the tour of building modern APIs with Next.js using the App Router and route handlers.
-
Astro 5.5, the latest version of the popular content site framework, has been released.
Got a link for us? Reply and tell us. We can’t include everything but we’ll look at anything you send. Thanks!
Sponsorship: Email [kristina@cooperpress.com](mailto:kristina@cooperpress.com) for details.
Published by Cooper Press Ltd.
Fairfield Enterprise Centre, Louth, LN11 0LS, United Kingdom
发布者