Node Weekly Issue 616: March 19, 2026

#616 — March 19, 2026

Together with

🤖 No AI Code in Node.js Core? A Petition to the Node.js TSC — A long-running discussion about the use of AI-assisted development in OpenJS Foundation projects (Node is one), coupled with a new 19K LOC PR (more on that later), has inspired a long-standing Node contributor to start a petition to restrict code created by AI systems from going into Node’s core.

Fedor Indutny et al.

🗣️ There were many comments on Reddit's /r/node about this topic. The consensus was largely in support of AI, but against huge 10,000+ line PRs generally.

Build AI Agents from Scratch in Node.js — Tool calling, agent loops, evals, web search, and human approval flows -- taught by Scott Moss (Senior Dev at Netflix). Rated 4.86/5 by 90 developers.

Frontend Masters sponsor

Why Node.js Needs a Virtual File System — The idea is simple: hook into node:fs and the module resolver so you can import modules that exist only in memory for things like sandboxing, single executable apps, and test isolation. Matteo Collina has built a node:vfs module for Node core and released a userland package that works today (with some compromises).

Matteo Collina (Platformatic)

😬 The PR for node:vfs was one of the inspirations for the AI petition (above).

IN BRIEF:

⚠️ All maintained Node.js versions (25.x, 24.x, 22.x and 20.x) will get security releases next week (on or after March 24) to address nine vulnerabilities.
At last week's TC39 meeting, several language proposals were advanced including Temporal, Import Text, Error Stack Accessor, and Iterator Includes.
A Node.js PR proposes opt-in support for TLS certificate compression, which could shrink handshake sizes and reduce fingerprintability.
Bun v1.3.11 has been released with Bun.cron for OS-level cron jobs and expression parsing, ANSI and grapheme-aware string slicing, and yet more Node.js compatibility improvements.

Node Worker Threads are Problematic, But Work Great for Us — A practical case study of solving event loop starvation in a WebSocket-based SDK by moving connection internals into a worker thread, while recognizing the constraints of worker_threads compared to threading approaches in other languages.

Aaron Harper (Inngest)

Clerk Core 3: Keyless Mode, Satellite Fixes, Upgrade CLI — Keyless mode for TanStack Start, Astro, and React Router. Satellite domains skip redirects for anonymous visitors.

Clerk sponsor

📄 Rewriting a 12-Year-Old JavaScript Library in TypeScript – Specifically, the Machina finite state machine library. Jim Cowart

📄 Monitoring Your Node.js App's Health on Fly.io Tarun Singh (AppSignal)

🛠 Code & Tools

Edge.js: Running Node Apps Inside a WebAssembly Sandbox — A new runtime (in alpha, for now) that maintains full Node.js compatibility while isolating unsafe execution via WebAssembly. Existing apps and native modules run unmodified with system calls sandboxed through WASIX. There’s more info on Edge.js's homepage.

Syrus Akbary (Wasmer)

jsdom 29.0.0 – Pure JS implementation of WHATWG DOM and HTML Standards for use with Node for testing, scraping, and similar use cases.
node-rate-limiter-flexible 10.0 – Atomic and non-atomic counters for limiting access to resources.
better-sqlite3 12.8 – The popular SQLite library updates to SQLite 3.51.3 and now requires Node 20+.
pnpm/action-setup 5.0 – GitHub Action to install and configure pnpm. Now uses Node.js v24.
🤖 OpenAI v6.32.0 – OpenAI's REST API client. Now with GPT 5.4 mini and nano support.
Node File Trace 1.4 – A tool that determines exactly which files are necessary for an app to run.
XO 2.0 – Opinionated, configurable ESLint 10 wrapper with 'lots of goodies'.
node-oom-heapdump 3.8 – Create a V8 heap snapshot right before OOM.
node-osc 11.3 – No-frills Open Sound Control client and server.
Hookable 6.1 – Awaitable hooks system.

📢 Elsewhere in the ecosystem

Next.js 16.2 has been released. The popular React framework gets much faster next dev startup times, faster rendering, significant Turbopack-related improvements, and some goodies for AI-assisted development.
Should BigInt.PI === 3? Enjoy qntm's tongue-in-cheek proposal to add mathematical constants to BigInt.
🤖 Addy Osmani introduces us to comprehension debt. In a world of agent-produced code, the question is now not “how do we generate more code?” but “how do we actually understand more of what we’re shipping?”
One from the Postgres world: how a single query blew up and consumed 2 terabytes of memory before being taken down by Linux's OOM killer.
 Awesome Mac is a fantastic, well-updated curated directory of macOS software, with a large developer tools section.
And much, much more (including Vite 8!) in this week's issue of JavaScript Weekly.