Node Weekly Issue 626: May 28, 2026

#626 — May 28, 2026

Together with

A Production Playbook for Node.js Stream Leaks — You used pipeline() but your streams still leak in production. This guide covers five failure modes that sail past tests and code review, then break under real traffic, from unnoticed disconnects to timeouts that kill the response but leave an upstream fetch running. Useful if you run Node services that stream under load.

Durgesh Rajubhai Pawar

💡 Durgesh covers how backpressure works (and can fail) in a prior part, if you want more of an intro to why streams don't protect you from memory exhaustion on their own.

Build Durable AI Agents That Won't Break in Production (Webinar) — Learn the open-source 5-layer stack and run durable AI agents with Agentspan across LangGraph, OpenAI, and Google SDKs.

Orkes sponsor

Deno 2.8 Hits 76% Node.js Compatibility — A significant release for the JS runtime created by Node’s original creator. Node.js compatibility jumps from 42% to 76.4% (higher than Bun). v2.8 also drops the npm: prefix requirement when adding/installing packages (so deno install is now a drop-in for npm install/pnpm install etc. even in existing Node projects).

Bartek Iwańczuk

IN BRIEF:

npm 11.16.0 has shipped with initial (advisory warning only) support for an opt-in install-script policy using allowScripts. More details here.
The Node team is reconsidering the ABI stability requirement for V8 updates in major Node releases after Node 26 was delayed for V8 14.6.
🇮🇹 NodeConf EU 2026 takes place this September in Italy. The site has had a redesign and the CFP is still open.
macOS on Intel (x64) has become a 'tier 2' platform for Node 26 meaning if binary builds can't be made on the platform, it won't block releases for the others. You can learn more about Node's support tiers here.

Node.js 24.16.0 (LTS) Released — If Node 26 is too cutting edge and LTS is more your vibe, there are still new features to be had including crypto.randomUUIDv7(), util.styleText accepting hex colors, and test-order randomization in Node’s test runner.

Antoine du Hamel

Migrating an Express App to Next.js Using AI Agents — James (who works on Antigravity at Google) demonstrates how to modernize a legacy Express.js app to Next.js App Router and TypeScript. The skills built to do this have been shared for use by anyone.

James O'Reilly (Google)

Using AI to Write Better Code More Slowly — A prolific JavaScript developer says LLMs aren’t just for pumping out bad code quickly, they can indeed help you write higher quality code more slowly.

Nolan Lawson

📄 Building a Custom MCP Server with Node.js Dean Hume

🛠 Code & Tools

ANSIS 4.3: The ANSI Color Library, Now with Hyperlinks — An ESM and CommonJS library for using the power of ANSI escape sequences for coloring and styling text in Node, Bun, Deno, and browser devtools. v4.3 adds support for OSC 8 terminal hyperlinks (supported by many terminal emulators now).

webdiscus

Give Your Agent a DB for Every Task — Most providers cap you at 2 or 3 Postgres projects. ghost gives your agent unlimited. No project limits. Try for free.

Ghost sponsor

🤖 Flue: An Agent Harness Framework from Astro — A TypeScript framework for building agents which run atop Node. Think something akin to Claude Code, complete with tasks, sandboxing, agent skills, etc, but entirely headless and programmable.

Fred K. Schott et al.

📝 DOCX 9.7: Generate Word .docx Files from JavaScript — A mature library for generating docx (Word) files. There’s a CodePen-based demo to show off the basics and over 100 example scripts.

Dolan Miu

🔒 Helmet.js 8.2: Security Hardening for Express Apps — Sets HTTP headers like Content-Security-Policy and Strict-Transport-Security. Aims to be easy to integrate and maintain. v8.2 is the first release in a year.

Hahn and Baldwin

Kysely 0.29.0 – Popular type-safe TypeScript SQL query builder adds compile-time table scoping, a way to enforce read-only access at the type level, and AbortSignal-based query cancellation.
📝 officeParser 7.1 – Parse 'office' files (e.g. docx, pptx, xlsx, odt) into an AST.
TypeSQL 0.24 – Generate typesafe TypeScript APIs from SQL statements. Supports MySQL, Postgres, and SQLite3.
pnpm 11.4 – The alternative package manager gets an update focused on robustness and security improvements.
dns2 3.0 – Pure JavaScript DNS server and client implementation.

📰 Classifieds

⚙️ Middleware, but for AI agents. Compose Claude Code, Codex & Gemini as one TypeScript harness — 100+ agent recipes. agentfield.ai/github.

Autoscaling that doesn’t suck. Try Judoscale and see what all the fuss is about.

📢 Elsewhere in the ecosystem

🤖 The results of the State of Web Dev AI 2026 survey are ready to enjoy. Over 7,000 developers responded and it's packed with stats about concerns, pain points, tool choices, and what things devs are using AI for beyond coding.
Meanwhile, the State of CSS 2026 survey is now open to take.
This JavaScript crossword is a lot of fun, if also very difficult.
Mozilla's Ryan Hunt says goodbye to asm.js as Firefox's JS engine now disables optimizations for it by default.