A Failed Attempt to Shrink All npm Packages by 5% — What if you could shrink all npm package sizes by 5%.. wouldn’t that benefit all of us? Here’s how one developer did just that using Zopfli compression and then made a proposal to the npm maintainers to implement it. While promising, the proposal was ultimately rejected due to a variety of challenges and trade-offs, such as slower publishing speeds. Nonetheless, it’s a good story packed with things to learn from.

Evan Hahn

Things People Get Wrong About Electron — A proud maintainer of the wildly successful Electron cross-platform app framework stands by the technical choices made over the years and defends it against some of the more common criticisms here. If an hour of Netflix is 7 gigabytes, what’s 100MB for an app?

Felix Rieseberg

Reduce Your Apache Kafka Costs + Ops Burden with WarpStream — WarpStream reduces Kafka costs by 80+% by eliminating disks and interzone networking fees and features zero ops auto-scaling. It runs in your private cloud and data is stored in your object storage buckets, so raw data never leaves your environment.

WarpStream sponsor

The January 21, 2025 Security Releases Arrived — Security updates for versions 18.x, 20.x, 22.x, and 23.x, addressing vulnerabilities including a high-severity worker permission bypass. Patches also cover path traversal issues on Windows & HTTP/2 memory leaks.

The Node.js Project

Troubles with Multipart Form Data and fetch in Node — One developer’s pain in debugging somethng that ‘should have just worked’ could be your relief if you run into issues where using fetch for multipart/form-data requests simply isn’t working (due to a missing trailing CRLF).

Phil Nash

How I Open-Sourced My Secret Access Tokens from GitHub, Slack, and NPM (and Who Cared) — A developer accidentally published API tokens to npm via a misconfigured CI pipeline. npm and Slack detected and revoked said tokens, though GitHub did not. The author shares his tale and some advice.

Ivan Borshcho

Is Heroku Still Worth It in 2025? 💸 — You might want to give this guide a read — we took a tour through PaaS alley and found some worthy (💵) alternatives.

Judoscale sponsor

DBOS Transact v2: Lightweight Durable Execution in TypeScript — An open source library for lightweight durable execution built on Postgres. Durable execution means persisting the execution state of your program while it runs, so if it’s interrupted or crashes, it resumes from where it left off – ideal for long-running or business-critical workflows. Docs.

DBOS, Inc.

Bun 1.2: A Big Step Forward for the Fast JS/TS Runtime — I know it's not Node, but JavaScriptCore based Bun continues to up the server-side runtime game with major strides forward in Node.js compatibility in particular with this release. I often try Node scripts with bun and it Just Works™ – this is a good thing.

Ashcon Partovi and the Bun Team

🎨 node-canvas 3.1: A Cairo-Backed Canvas Implementation — We recently linked to Skia Canvas, a Skia and GPU-powered canvas drawing API for Node, but node-canvas is the longer standing library and is particularly easy to deploy and use, especially as it no longer has libuv or V8 dependencies.

Automattic

Emittery: A Simple, Modern Async Event Emitter — A small, async event emitter for Node and the browser, and now with support for AbortController.

Sindre Sorhus