Node Weekly
Plus Node 26.5 intros ESM text imports, Sindre's new node:test ESLint rules, and displaying images in the terminal.

#​632 — July 9, 2026

Read on the Web

Together with  Sentry logo
Node.js Weekly

npm v12 Ships with Install Scripts Off by Default — npm 12 is now GA with many breaking changes. The headline change is lifecycle scripts and implicit node-gyp builds no longer run by default. Socket’s Sarah Gooding writes more about the practical implications including, thankfully, that unknown .npmrc keys will now only warn rather than error as they did in the pre-releases.

GitHub

Your Next.js App Is Already Tracing. Now Make It Useful — When a Next.js page is slow, the hard part is finding which part is responsible: middleware, SSR, an API route, a query, or a fetch call. 🔍 Next.js is already tracing all of it. Here's how to actually see it and put it to use.

Sentry sponsor

Node.js 26.5.0 (Current) Released — Key additions include the ability to import text files into ES modules via import attributes (behind an experimental flag), blob.textStream() (good for streaming large blob content), and being able to sample event-loop delay per iteration via perf_hooks.

Richard Lau

IN BRIEF:

TypeScript 7.0 Released — Over a year after announcing TypeScript would be ported to Go, the final release is out. Don't rush to upgrade: TS 7.0 doesn't ship with an API yet, and 6.0 is still a good stepping stone. If you do upgrade, expect to see huge build time speedups, once moduleResolution: node is switched to nodenext and you've sorted out "types": ["node"].

Microsoft

CVE-2026-48931 Shouldn't Have Been a CVE — A candid post-mortem from a Node maintainer explaining a recent snafu around an HTTP/1.1 poisoning issue he now argues shouldn’t have been a CVE, especially after the fix broke node-fetch, Firebase, and the official Docker images.

Matteo Collina

What's New in ECMAScript 2026 — The ECMAScript 2026 spec was approved last week, and this round-up covers several main new features that made the cut, with all (except Math.sumPrecise) available in Node today.

Pawel Grzybek

📄 You Shouldn't Trust Trusted Publishing – npm added trusted publishing, but it’s authentication, not a safety or quality badge. Matteo Collina has also written about this from the npm perspective before. William Woodruff

📄 Node.js Worker Threads in Production – Hard-won lessons from running worker threads at scale. Aaron Harper (Inngest)

🛠 Code & Tools

terminal-image 5.0: Display Images in the Terminal — Works in any terminal that supports colors by rendering colored blocks, but can render images inline in terminals that support inline graphics. v5.0 improves iTerm2 support by using its native inline image support, rather than the Kitty protocol.

Sindre Sorhus

Full-Text Search in Drizzle Without a Second System — Try the official ParadeDB integration for Drizzle. Search your live Postgres tables. No ETL, no Elasticsearch cluster.

ParadeDB sponsor

eslint-node-test: ESLint Rules for Node's Built-In Test Runner — In Sindre’s own words: “If you use the Node.js test runner (node:test), you may like the new ESLint plugin I cooked up. 64 [now 82] rules to improve your tests, prevent mistakes, and enforce style.”

Sindre Sorhus

✉️ Upyo 0.5: A Cross-Runtime Email Sending Library — A unified, type-safe API for sending emails both on SMTP and HTTP-based (e.g. SendGrid or Amazon SES) providers from Node, Deno, Bun, and edge function runtimes.

Hong Minhee

webpack-dev-server 6.0: The Official webpack Dev Server — Bumps Express up to v5, drops support for older Node versions, adds support to be used as a webpack plugin, and switches to ESM.

webpack

  • XO 4.0 – Opinionated but configurable ESLint wrapper that includes numerous popular ESLint plugins and rules out of the box.

  • ESLint Plugin Perfectionist 5.10 – For when you're really particular about the ordering of things like objects, imports, and types.

  • MongoDB Node.js Driver 7.5 – Official driver for MongoDB. Now supports Queryable Encryption string queries on MongoDB 9.0.

  • 🐍 node-calls-python 1.2 – Call Python from Node directly, in-process, without spawning processes.

  • FoalTS 5.3 – The full-featured Node.js app framework adds a new dev-verbose logging format.

  • Fastify 5.10.0 – The fast and low overhead web framework.

  • feed 6.0 – RSS, JSON, and Atom feed generator library.

📰 Classifieds

📈 Crystallize seeks a remote SRE who thinks in SLOs, not heroics. Node/TS, GraphQL.

Issue 631 #632