Node Weekly Issue 613: February 26, 2026

#613 — February 26, 2026

Together with

AdonisJS v7 Released: 'Batteries-Included' Node.js Framework — A popular webapp framework that includes auth, ORM, queues, testing, etc. in a cohesive fashion. With v7 comes an all new web site, modernizations, OpenTelemetry integration, new starter kits to rapidly build new apps, barrel file generation, and end-to-end type safety.

Harminder Virk

💡 If you already use Adonis, there's a v6 to v7 upgrade guide.

Clerk Kills Credential Stuffing with Client Trust — Valid password + new device + no MFA enabled = Clerk automatically requires a second factor. Attackers using leaked credentials always fail because they're always on a new device. Zero config. Free on every plan.

Clerk sponsor

IN BRIEF:

Node.js v25.7.0 (Current) and v24.14.0 (LTS) have been released. node:sqlite is now in the 'release candidate' stage.
This week has seen some progress in bringing a native logger module to Node core. Here's a look at the rough, in progress docs for the feature.
🔒 In response to a growing number of low quality vulnerability reports, the Node.js project recently increased the 'signal score' required on HackerOne. Now, they've gone further by not accepting reports from 'new researchers without signal' at all.

How to Prevent Path Traversal Attacks in Node — Path traversal attacks abuse specially crafted file paths to reach files an app didn't intend to expose. Luciano demonstrates a complete scenario, explores mitigations in depth, and includes a handy TLDR if you just want the essentials.

Luciano Mammino

🤖 Getting Started with the Vercel AI SDK in Node — It provides a more abstract way to work with various AI API providers than jumping around different provider libraries.

Valeri Karpov

Adding a Database Is Easier Than Removing One — Extend the one you have instead. TimescaleDB adds hypertables, 95% compression, and continuous aggregates. Try free.

Tiger Data (creators of TimescaleDB) sponsor

📄 Git's Magic Files – Useful guide to the many files that influence git's behavior in areas like ignoring files, language detection, and pre-filling commit messages. Andrew Nesbitt

📄 Why JavaScript Needs Structured Concurrency – And how Effection can provide it. Taras Mankovski

📄 How to Publish to npm from GitHub Actions – Using the new npm OIDC trusted publishing workflow. Gleb Bahmutov

🛠 Code & Tools

numpy-ts: A NumPy Implementation for TypeScript — NumPy is a fundamental piece of the Python scientific computing ecosystem and well-entrenched in many use cases. JavaScript has some options in this regard (e.g. TensorFlow.js), but numpy-ts is an attempt to replace the NumPy experience as closely as possible (currently at 94% API coverage). There’s an online playground if you want to give it a quick spin.

Nicolas Dupont

Edge: A JS-Like Template Engine for Node — A template engine that tries to stick as closely to JavaScript as possible, so you don’t have to learn a lot of new syntax for writing logic into your views (as you do with Nunjucks or Pug, say).

Harminder Virk

bignumber.js 10.0: Library for Arbitrary-Precision Arithmetic — Works around limitations of JavaScript’s Number and BigInt types, such as if you need to work with very large non-integers. Usefully, the library is included on the page so you can play with it in the JS console.

Michael Mclaughlin

Emscripten 5.0.2 – The long-standing LLVM to WebAssembly compiler, which can be used to bring native, low-level code into Node without needing native bindings, gets some cleanups for no-longer-necessary Node hacks.
Hono 4.12 – The multi-runtime, Web Standards-based web framework.
BullMQ v5.70 – Fast, reliable Redis-based distributed queue for Node.
Orange ORM 5.2 – Powerful ORM library.
Basic FTP 5.2 – A simple FTP client library.
ESLint 10.0.2

📰 Classifieds

🚀 HTML to PDF made easy. One simple API that scales. PrinceXML under the hood for full CSS & JS support. EU-hosted, free to start.

📢 Elsewhere in the ecosystem

Deno 2.7 has been released. The alternative runtime, built by Node's original creator, makes its Temporal API support stable, adds Windows on ARM support, gains support for overrides in package.json, improved Node.js compatibility, and more.
NanoVM is an experimental RISC-V Linux userland emulator that can run Node.js and the npm toolchain in the browser. We've featured a few 'run Node.js in the browser' projects recently (almostnode, BrowserPod) – it's an interesting space.
A cute technical trick for using the browser's canvas element to compress textual data from JavaScript.
The React team has unveiled the details of the new React Foundation which has now launched and means React (and its associated projects) are no longer owned by Meta.
Detailed notes for performing a TypeScript 5.x to 6.0 migration. The author suggests it might be handy to feed to an AI agent of your choice.
A developer shares his tale of ditching Rust for Node.