#607 — January 15, 2026 |
|
 |
|
|
⚠️ The Node.js January 13, 2026 Security Releases — Originally expected in December, these releases (of Node.js 25.3.0, 24.13.0, 22.22.0, and 20.20.0) finally landed this week, largely due to their complexity and the scope of the vulnerabilities they tackle. More on that in the next item! The Node.js Project |
|
Mitigating a DoS Vulnerability Related to Matteo Collina and Joyee Cheung |
💡 Sarah Gooding has a higher level write-up of the issue on the Socket blog. |
Clerk Launches API Keys Public Beta — Let your users create API keys that delegate access on their behalf. Verify keys server-side with the auth() helper, control access with scopes, and revoke instantly. Free during beta. Clerk sponsor |
|
The Official Node.js Package Configuration Guide — It’s still under development, but the Node team has begun to share an official guide to putting together and configuring your own packages for Node, whether for the first time or if you’re migrating an existing package to ESM and modern best practices. The Node.js Project |
|
IN BRIEF:
|
|
Stop Turning Everything Into Arrays (and Do Less Work Instead) — A post showing off iterator helpers, a broadly supported set of methods for working with Matt Smith |
|
Node.js Becomes a First-Class Citizen in Microsoft Aspire — Aspire is a Microsoft framework for orchestrating the development and deployment of distributed applications. Originally just targeting .NET, the new Aspire 13 makes JavaScript a first-class citizen, so you can now run Vite, Node.js, and full-stack JS apps with service discovery, built-in telemetry, and production-ready containers. Microsoft |
|
Scale Time-Series Data Without Leaving Postgres — Full PostgreSQL + hypertables, compression, continuous aggregates. Get real-time analytics without the complexity. Tiger Data (creators of TimescaleDB) sponsor |
|
📄 Choosing the Right Node.js Job Queue – Spoiler: “BullMQ is right most of the time.” Jeff Morhous 📄 JavaScript's 📄 How to Learn to Build Apps in 2026 Eric Elliott |
🛠 Code & Tools |
|
Better SQLite3 12.6: Fast and Simple SQLite3 Library — With node-sqlite3 now unmaintained, Better SQLite is perhaps the best way to work with SQLite from Node. v12.6 upgrades to SQLite 3.51.2. It has good docs too. Joshua Wise |
|
📄 tinypdf: Minimal PDF Creation Library — And they really do mean minimal: under 400 lines of code, with no dependencies. It doesn’t support images, custom fonts, encryption, etc. but if you want to get basic shapes and text into a PDF (to generate invoices, say), this is a tidy option. Lulzx |
|
Ohm: A Parsing Toolkit for JavaScript and TypeScript — A powerful library for building PEG-based parsers you can use in interpreters, compilers, analysis tools, etc. and you can even play with its grammar online. Warth, Dubroy, et al. |
|
memlab 2.0: A Framework for Finding JavaScript Memory Leaks — A framework for identifying memory leaks and optimization opportunities that originated from Facebook’s approach to optimizing its main app. Write scenarios, and memlab compares heap snapshots, filters leaks, and aggregates the results. Facebook Open Source |
|
|
📢 Elsewhere in the ecosystem |
|
A roundup of some other interesting stories in the broader landscape: |
|
|