#​593 — September 16, 2025

Read on the Web

🗓️ We're taking next week off, so we will be back in your inbox again on Tuesday, September 30.
__
Peter Cooper, your editor

Together with  Memetria
Node.js Weekly

Node.js v24.8.0 (Current) Released — The big new feature is added support for inspecting HTTP/2 network calls made from Node in Chrome DevTools. There have also been some cryptography related enhancements and npm gets upgraded to v11.6.

Michaël Zasso

pnpm 10.16 Adds Support for Delayed Dependency Updates — The alternative efficient npm package manager has added a way to specify a ‘minimum release age’ for package dependencies, so a setting of ‘1440’ (minutes) will mean only packages released more than one day ago will be installed. This can help avoid malicious versions of packages which are quickly withdrawn.

Zoltan Kochan

Advanced Redis & Valkey Hosting for Node Apps — Memetria K/V helps Node.js developers host Redis OSS and Valkey with key-level visibility, memory tracking, and performance analytics—at any scale.

Memetria sponsor

IN BRIEF:

Oh No, Not Again: A Meditation on npm Supply Chain Attacks — Noting that “npm has become the largest and easiest way to ship malware”, Tane points a finger at Microsoft, the custodians of the npm registry.

Tane Piper

How To Set-Up Express.js 5 for Production in 2025 — A walkthrough of the basic dev process for the latest version of Express, complete with TypeScript, ESLint, Prettier, file structure, and logging.

Jan Hesters

Automating the Release Process for a Desktop App with GitHub ActionsDolt Workbench is an SQL workbench packaged as an Electron app and distributed for several platforms. Eric explains how the Dolt team has automated the process and shares the code for their GitHub workflows.

Eric Richardson (DoltHub)

Secure Your Agentic Apps with Auth for GenAI — Secure your agentic apps with features like User Authentication for AI agents, Token Vault, and more with Auth0’s Auth for GenAI (exclusively in Developer Preview).

Auth0 sponsor

📄 How to Keep package.json Under Control – Good tips and tool recommendations here. Tom MacWright

📄 The State of QUIC Support in Node.js – A look at the many year story of bringing native QUIC support to Node and how Node 25 should get the first implementation in place. Pavel Romanov

📄 Using Node's Native Test Runner with TypeScript and React Matthew Brown

📄 Compiling Multiple CSS Files into One – Using either PostCSS or a custom Node.js script with no dependencies. Geoff Graham

🛠 Code & Tools

Feedsmith 2.0: Web Feed Parsing and Generation Library — As well as parsing feeds of various types, you can also create RSS, Atom, JSON Feed, and OPML files with many common namespaces (iTunes, Podcast, Media RSS, Dublin Core, etc.) – here’s a quick start tutorial for using it both in browsers or Node. GitHub repo.

Maciej Lamberski

Trash 10.0: Move Files and Directories to the 'Trash' — Rather than deleting files outright (e.g. unlink), this moves them to the ‘trashcan’ equivalent on Windows, Linux, and macOS.

Sindre Sorhus

openapi-typescript-server: Codegen TypeScript Servers from OpenAPI — CLI and runtime library to help you implement type-safe APIs documented in OpenAPI specs.

Jason Blanchard

  • Ow 3.0 – Function argument validation for humans (essentially chainable easy-to-read data validations).

  • 🖼️ terminal-image 4.0 – Display images in the terminal. v4 adds support for Kitty's graphics protocol.

  • npm-publish 4.0 – GitHub Action to publish packages to the npm registry. Now runs on Node 24 with npm 11.

  • jsdom 27.0 – Pure JS implementation of WHATWG DOM and HTML standards.

  • LogTape 1.1 – Simple logging library for all major JS runtimes. Changelog.

  • Undici 7.16 – Node's powerful HTTP client library.

  • Hexo 8.0 – Popular blog framework/ generator.

  • node-soap 1.4 – SOAP client and server library.

📰 Classifieds

$100 off yearly Frontend Masters membership! 250+ courses, personalized learning path, workshops with devs from GitHub & Netflix. Sale ends soon →


Go beyond caching. Redis 8.2 handles 5x more data with 150 new commands and 8 new data structures vs 7.2. Try Redis Pro.

📢  Elsewhere in the ecosystem

A roundup of some other interesting stories in the broader landscape: