Node Weekly Issue 608: January 22, 2026

#608 — January 22, 2026

Together with

Node.js 25.4.0 (Current) Released — Another gradual step forward for Node with require(esm) now marked as stable, as well as the module compile cache, along with a variety of other minor tweaks. Joyee Cheung of the Node team has written a thread on Bluesky going deeper into this release.

Rafael Gonzaga

💡 Socket also published a good round-up of the Node 25.4 release.

New Course: Backend System Design — Join Jem Young for this detailed video course and develop the system-thinking skills to solve complex backend design challenges related to scaling, data storage, reliability, performance, and more.

Frontend Masters sponsor

🤖 Mastra 1.0: An AI Framework from the Former Gatsby Team — An all-in-one framework (homepage) for building AI powered apps and agents. With v1.0, you can now bundle agents and workflows into existing Node apps using several new adapter packages to run Mastra inside existing Express, Hono, Fastify or Koa apps. Support for Vercel’s AI SDK v6 has also been added.

Sam Bhagwat

IN BRIEF:

Overwhelmed by an increasing number of low-quality reports, the Node.js project has increased its required 'Signal score' for looking into vulnerability reports made via HackerOne.
Over on X, Evan You noticed a neat new 'export CPU profile as Markdown' feature coming to Bun and suggested Node should get something similar. Shortly thereafter, Matteo Collina dropped pprof-to-md.
The AdonisJS team has announced AdonisJS v7 is feature complete and in final testing before a public release in a few weeks.
The Boring JavaScript Stack has hit version 1.0 – it's an 'opinionated full-stack JavaScript project starter' built around Sails, Inertia, Tailwind CSS, and your choice of Vue, React or Svelte.

Scale Time-Series Data Without Leaving Postgres — TimescaleDB: hypertables, 95% compression, 200+ SQL functions. Query billions of rows in milliseconds. Start for free.

Tiger Data (creators of TimescaleDB) sponsor

📄 Dynamic Configuration in Node.js: Beyond Environment Variables – Must admit I’d never thought about this before. Dmitry Tilyupo (Replane)

📄 What Changed in the Node.js January 2026 Security Releases and Why It Matters Estefany Aguilar (NodeSource)

🛠 Code & Tools

Superdiff 4.0: Compares Arrays or Objects and Returns a Diff — Got two similar objects or arrays and want to see the underlying differences? Superdiff has been around a while, but recent updates boost performance, add support for streamed input and using a worker for more efficient diffing in a background thread. The project now has a handy documentation site too.

antoine

Electron 40.0.0 Released — Despite the round number, it’s a gentle update for the ubiquitous cross-platform desktop app framework. It bumps up to Node 24.11.1 (from 22.20.0), V8 14.4, and Chromium 144 (from 142) and adds a variety of minor features.

Michaela Laurencin

💡 Of greater intellectual curiosity is this post about the Electron team's improvements to window resizing on Windows.

np 11.0: A Better npm publish — Makes the process of publishing a package smoother with an interactive UI, checks that you’re publishing from the right branch, checks dependencies, runs tests, pushes commits and tags, etc. Designed for local developer use rather than CI, however.

Sindre Sorhus

🌀 cli-spinners 3.4: Spinners for Use in the Terminal — 70+ simple spinners to signal some sort of progress is occurring.

Sindre Sorhus

fast-json-stringify 6.2: Faster Alternative to JSON.stringify() — Boasts being significantly faster than JSON.stringify() particularly for small payloads, with its performance advantage shrinking as your payload grows.

Fastify

🍊 Orange ORM v4.9 – Object Relational Mapper for Node and TypeScript. SQLite support switches to using better-sqlite3 on Node <22.5.
Turbowatch 2.30.0 – Fast file change detector and task orchestrator for Node.
Typegoose v13.1.0 – Define Mongoose models using TypeScript classes.
ArangoDB.js v10.2.0 – Official client for the ArangoDB graph database.
npm 11.8.0 – The grandaddy of all JavaScript package managers?
BSON Parser 7.1 – BSON (Binary JSON) parser for JavaScript.

📰 Classifieds

🛠️ Auth0 for AI Agents provides a foundation for developers to build AI agents without compromising security or innovation. Start building.

Speed up queries 3x with PostgreSQL 18. Learn AIO, Skip Scan & replication enhancements. Register!

📢 Elsewhere in the ecosystem

A roundup of some other interesting stories in the broader landscape:

Whether you agree or not, Ryan Dahl, the original creator of both Node.js and Deno, drew a lot of attention for a post on X (above) where he shared a thought on the shifting roles of modern software engineers in an agentic world.
Sticking with the topic of AI and agents, Matteo Collina shares a more extensive view in The Human in the Loop noting that "my bottleneck is now review, not coding."
jQuery turned 20 years old last week, and then released jQuery 4.0 alongside the celebrations. The long-standing frontend utility library has now migrated entirely to ES modules making it easier to use in modern builds.
🕒 Temporal Playground is an online sandbox for playing around with the Temporal API.
🐘 If you're a Postgres user, I really enjoyed this article about alternatives to 'soft delete' where rather than use a boolean or datetime flag, you could use a trigger to move a row to an archive table or capture deleted rows from the WAL for archival.
Deno 2.6.5 was released.