The Node.js March 24, 2026 Security Releases — Node.js v25.8.2 (Current), v24.14.1 (LTS), v22.22.2 (LTS), and v20.20.2 (LTS) have just been released to address nine vulnerabilities (two of ‘high’ severity) covering a broad variety of areas like TLS, HTTP/HTTP2, the permission model, HMAC verification, URL processing, and V8 hashing (more on that next!)

The Node.js Team

Developing a Minimally HashDoS Resistant, Yet Quickly Reversible Integer Hash for V8 — Can a hash be both resistant to hash flooding (a.k.a. HashDoS) and quickly reversible? That’s the puzzle the Node team had to tackle in V8 for this week’s security release. This post on the official Node blog is extremely technical, but one of the most educational in years.

Joyee Cheung

Clerk M2M Tokens Now Support JWT Format for Faster Auth — Verify machine-to-machine tokens locally with no network request. Self-contained JWTs carry machine ID, claims, and expiration.

Clerk sponsor

Where Did 400 Megabytes of Memory Go? — A meticulous deep dive into working out why a Node-powered WebSocket k8s pod was using way more memory than its peers, despite process.memoryUsage() painting a rosy picture. Powerful techniques worth referring to when you need to investigate similar issues.

Fernando S.

The Three Pillars of JavaScript Bloat — Three reasons your node_modules is bigger than it should be: needless ES3-era compat packages, micro-libraries with a single consumer, and ponyfills for APIs that shipped years ago. Luckily, this article offers some solutions for trimming the fat.

James Garbutt

Announcing Knip v6: The Fast Way to Declutter Your Projects — Knip has established itself as a go-to tool for finding and removing unused files, exports, and dependencies. v6 leans on oxc-parser for 2-4x performance gains (tearing through a huge repo like Astro in two seconds) and is a drop-in upgrade.

Lars Kappert

Your API Shouldn't Wait on a Pipeline for Fresh Data — TimescaleDB extends Postgres so analytics hits live data. No second database, no sync lag, no stale responses. Get started for free.

Tiger Data (creators of TimescaleDB) sponsor

Knex.js 3.2: The SQL Query Builder is Back — Knex is a popular ‘batteries included’ SQL query builder that supports Postgres, MySQL, SQL Server, SQLite3, and other SQL oriented database systems.

knex

Vavite 6: Develop Server-Side Applications with Vite — Use Vite for your backend Node.js code too, so you get one unified toolchain for everything, including hot reloading for both front and back-end. v6 brings Vite 7/8 support, server-side HMR, and separate server mode (e.g. for Bun.serve).

Fatih Aygün

htmlparser2 12.0: A Fast and Forgiving HTML and XML Parser — Consumes documents and calls callbacks, but it can generate a DOM as well. There’s a live demo here. Works in both Node and browser.

Felix Böhm

Announcing TypeScript 6.0 — TypeScript 6.0 is designed to bridge the way from its self-hosted compiler to the Go-powered native compiler future of TypeScript 7.0 (which, we're told, is almost ready to go, too).