#593 — September 16, 2025 |
🗓️ We're taking next week off, so we will be back in your inbox again on Tuesday, September 30. |
|
![]() |
![]() |
Node.js v24.8.0 (Current) Released — The big new feature is added support for inspecting HTTP/2 network calls made from Node in Chrome DevTools. There have also been some cryptography related enhancements and Michaël Zasso |
pnpm 10.16 Adds Support for Delayed Dependency Updates — The alternative efficient npm package manager has added a way to specify a ‘minimum release age’ for package dependencies, so a setting of ‘1440’ (minutes) will mean only packages released more than one day ago will be installed. This can help avoid malicious versions of packages which are quickly withdrawn. Zoltan Kochan |
![]() Advanced Redis & Valkey Hosting for Node Apps — Memetria K/V helps Node.js developers host Redis OSS and Valkey with key-level visibility, memory tracking, and performance analytics—at any scale. Memetria sponsor |
IN BRIEF:
|
Oh No, Not Again: A Meditation on npm Supply Chain Attacks — Noting that “npm has become the largest and easiest way to ship malware”, Tane points a finger at Microsoft, the custodians of the npm registry. Tane Piper |
How To Set-Up Express.js 5 for Production in 2025 — A walkthrough of the basic dev process for the latest version of Express, complete with TypeScript, ESLint, Prettier, file structure, and logging. Jan Hesters |
Automating the Release Process for a Desktop App with GitHub Actions — Dolt Workbench is an SQL workbench packaged as an Electron app and distributed for several platforms. Eric explains how the Dolt team has automated the process and shares the code for their GitHub workflows. Eric Richardson (DoltHub) |
Secure Your Agentic Apps with Auth for GenAI — Secure your agentic apps with features like User Authentication for AI agents, Token Vault, and more with Auth0’s Auth for GenAI (exclusively in Developer Preview). Auth0 sponsor |
📄 How to Keep 📄 The State of QUIC Support in Node.js – A look at the many year story of bringing native QUIC support to Node and how Node 25 should get the first implementation in place. Pavel Romanov 📄 Using Node's Native Test Runner with TypeScript and React Matthew Brown 📄 Compiling Multiple CSS Files into One – Using either PostCSS or a custom Node.js script with no dependencies. Geoff Graham |
🛠 Code & Tools |
![]() |
Feedsmith 2.0: Web Feed Parsing and Generation Library — As well as parsing feeds of various types, you can also create RSS, Atom, JSON Feed, and OPML files with many common namespaces (iTunes, Podcast, Media RSS, Dublin Core, etc.) – here’s a quick start tutorial for using it both in browsers or Node. GitHub repo. Maciej Lamberski |
Trash 10.0: Move Files and Directories to the 'Trash' — Rather than deleting files outright (e.g. Sindre Sorhus |
openapi-typescript-server: Codegen TypeScript Servers from OpenAPI — CLI and runtime library to help you implement type-safe APIs documented in OpenAPI specs. Jason Blanchard |
|
|
📢 Elsewhere in the ecosystem |
A roundup of some other interesting stories in the broader landscape: |
![]() |
|