NodeBB v4.0.0 Released: Node.js Powered Forums — Now almost 12 years old, NodeBB continues to offer a classic forum experience in a modern Node.js-shaped guise. The big update for v4 is support for federation between NodeBB instances and the wider fediverse generally. Note that the open source project (repo) is GPL licensed with NodeBB Inc providing a hosted service.

NodeBB, Inc.

The January 21, 2025 Security Releases — Not yet released at the time of publication, but coming to you any moment soon, are fresh releases of the Node 23.x, 22.x, 20.x, and 18.x release lines to tackle some as yet undisclosed security issues.

The Node.js Project

Skip the Auth0 Headaches — Stytch cuts engineering time for auth and fraud, while giving you more control with pre-built UIs, headless SDKs, backend SDKs, and APIs. Plus, no rate limits or price gouging, and expert support on every plan. Check out our Node quickstart guide.

Stytch sponsor

TypeScript Enums: Use Cases and Alternatives — A look into one of TypeScript’s features that has no direct JavaScript parallel (and hence won’t survive Node’s type stripping approach, though there’s always --experimental-transform-types or tsx).

Dr. Axel Rauschmayer

Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar — Recent research has found several malicious packages ‘typosquatting’ the terminal string styling library Chalk and file-watching library Chokidar — targeting Node devs with security issues.

Kush Pandya (Socket)

ArkType 2.0: Runtime Validation Library — An easy-to-deploy solution for schema validation that can infer TypeScript definitions 1:1 and use them as optimized validators for your data, both at runtime and for immediate type-level feedback in your editor.

ArkType

react-nil 2.0: A React 'Null Renderer' — An interesting experiment to use React in situations where you don’t need it to render anything, but you want to use hooks, suspense, context, and other bits of the React lifecycle. Like in, say, a Node app.

Poimandres

Protect Against Bots, Fraud, and Abuse in Real Time — WorkOS Radar protects your app with advanced device fingerprinting — stop fake signups, free tier abuse, bot attacks and brute force attempts today.

WorkOS sponsor

Electron 34.0.0 — The JS, HTML and CSS desktop app framework updates to Chromium 132, Node 20.18.1, and adds a way to access the JavaScript call stack of unresponsive renderers.

Electron Team

file-type 20.0: Detect the File Type of a Buffer, Uint8Array or ArrayBuffer — For example, give it the raw data from a PNG file, and it’ll tell you it’s a PNG file. Uses a ‘magic number’ approach so is targeted solely at non text-based formats. v20 adds support for yet more formats, including JARs, Word/Excel templates, and now supports ZIP decompression.

Sindre Sorhus