Best of Node.jsOctober 2025

  1. 1
    Article
    Avatar of hnHacker News·26w

    How I Almost Got Hacked By A 'Job Interview'

    A developer shares a close call with a sophisticated phishing attack disguised as a legitimate job interview. The scam involved a fake LinkedIn profile from a real company, a coding challenge containing obfuscated malware designed to steal crypto wallets and credentials, and professional social engineering tactics. The attack was discovered by using an AI assistant to scan the codebase for suspicious patterns before execution. The malware was embedded in server-side code with full Node.js privileges and connected to a remote payload that disappeared within 24 hours.

  2. 2
    Article
    Avatar of googledevsGoogle Developers·26w

    Say hello to a new level of interactivity in Gemini CLI

    Gemini CLI v0.9.0 introduces pseudo-terminal (PTY) support, enabling interactive commands like vim, top, and git rebase -i to run directly within the CLI context. The update uses node-pty to spawn processes in a virtual terminal, streaming real-time snapshots of terminal state including text, colors, and cursor position. This architecture supports two-way communication with keyboard input and window resizing, eliminating the need to switch to separate terminals while maintaining full context awareness.

  3. 3
    Article
    Avatar of devtoDEV·24w

    If I Had to Learn JavaScript Again: The Real Journey From 2017 to Today

    A developer shares their 8-year journey learning JavaScript from 2017 to 2025, detailing the messy, non-linear path from HTML/CSS basics through a CCNA networking detour, to building production apps with React, Node.js, and TypeScript. The post provides honest insights about what actually worked: building personal projects, reading others' code, deploying everything, and spending thousands of hours coding. Includes a practical month-by-month learning roadmap, curated resources (javascript.info, Matt Pocock for TypeScript, YouTube channels), and uncomfortable truths about imposter syndrome, job hunting, and the reality that learning never stops.

  4. 4
    Article
    Avatar of xcqehje2iVinay Rawat·27w

    Don't spam expressjs!!

    A call to action addressing contributors from India to stop submitting low-quality pull requests that only modify README files to the Express.js repository. The post highlights concerns about spam contributions that don't add meaningful value to the open-source project.

  5. 5
    Article
    Avatar of nodejsNode.js·24w

    Node.js — Node.js v25.1.0 (Current)

    Node.js v25.1.0 introduces several minor enhancements including an HTTP server option to optimize empty requests, SQLite defensive flag configuration, and a watch config namespace. The release includes updates to root certificates (NSS 3.116), dependency updates for simdjson, corepack, and inspector_protocol, plus V8 visibility improvements. Additional changes cover module loading refactoring, inspector network payload limits, test improvements, and build system updates including Visual Studio 2022 upgrade for Windows.

  6. 6
    Article
    Avatar of bunBun·25w

    Bun v1.3.1

    Bun v1.3.1 fixes 103 issues with significant performance and feature improvements. Key updates include 2× faster builds on macOS for symlink-heavy projects, source maps preserving legal comments, and CommonJS format now inlining import.meta. The test runner adds Vitest's global vi, --pass-with-no-tests and --only-failures flags. Package management improvements include .npmrc email authentication support, faster installs without peer dependencies, and selective hoisting via publicHoistPattern/hoistPattern for isolated installs. Node.js compatibility enhancements include FileHandle.readLines() in fs/promises. Numerous bundler, transpiler, WebSocket, MySQL, and Windows-specific bugs are resolved.

  7. 7
    Article
    Avatar of nodejsNode.js·24w

    Node.js — Node.js v22.21.1 (LTS)

    Node.js v22.21.1 LTS (codename 'Jod') has been released with various bug fixes and performance improvements. Key updates include fixes for HTTP/2 upgrade handling, process execution environment defaults, async context handling in unhandled rejections, and optimizations to array inspection, priority queues, and string operations. The release also includes improvements to benchmarks, tests, and tooling infrastructure.

  8. 8
    Article
    Avatar of electronElectron·24w

    Electron 39.0.0

    Electron 39.0.0 brings upgrades to Chromium 142.0.7444.52, Node 22.20.0, and V8 14.2. The ASAR integrity feature, which validates packaged apps against build-time hashes to prevent tampering, graduates from experimental to stable. New features include hardware acceleration detection, HDR color space support for offscreen rendering, granular accessibility management, and dynamic ESM imports in preloads. Breaking changes include deprecation of the --host-rules command line switch in favor of --host-resolver-rules, always-resizable window.open popups per WHATWG spec, and restructured shared texture OSR paint event data. Electron 36.x.y reaches end-of-support.

  9. 9
    Article
    Avatar of platformaticPlatformatic·27w

    Integrate Python ASGI with Node.js Apps

    Platformatic releases @platformatic/python, enabling Python ASGI applications to run directly inside Node.js processes. The integration eliminates network overhead by using interprocess communication instead of HTTP calls between services. Built on a Rust bridge layer with the http-handler crate, it provides seamless request/response translation between Node.js and Python. Developers can embed FastAPI, Django, or custom ASGI apps alongside Node.js workloads, particularly useful for AI/ML inference, real-time data processing, and gradual migration scenarios. Benchmarks show competitive performance with traditional ASGI servers while offering microsecond-level latency through in-process architecture.

  10. 10
    Article
    Avatar of eslintESLint·28w

    What's coming in ESLint v10.0.0

    ESLint v10.0.0 will drop support for Node.js versions below v20.19.0 and completely remove the deprecated eslintrc configuration system in favor of flat config. Major changes include updated Program AST node range coverage, removal of deprecated rule context members and SourceCode methods, JSX reference tracking, and a new configuration file lookup algorithm starting from the linted file. The alpha release is expected in November 2025, with the final release targeted for January 2026.

  11. 11
    Article
    Avatar of freecodecampfreeCodeCamp·27w

    How to Containerize and Deploy Your Node.js Applications

    Learn how to containerize a Node.js application using Docker and deploy it to the cloud. The guide covers writing a Dockerfile, building and testing container images locally, pushing images to Docker Hub, and deploying to a cloud platform. It explains how containers solve environment inconsistencies, make applications portable, and simplify scaling and updates in production environments.

  12. 12
    Article
    Avatar of mondaymonday Engineering·26w

    Unmasking a hidden singleton

    A load test on monday.com's AI Reports feature revealed a critical race condition caused by a hidden singleton pattern. When multiple users simultaneously generated reports, a WorkdocsAPIService registered as a singleton shared mutable state across concurrent requests, causing workdoc IDs to override each other and trigger 400 errors. The bug remained undetected in production due to low adoption rates and high pod count, which minimized collision probability. The investigation traced through multiple hypotheses before discovering the singleton registration issue, highlighting the importance of load testing, end-to-end concurrent testing, and preferring stateless class designs in asynchronous environments.

  13. 13
    Article
    Avatar of collectionsCollections·28w

    Comprehensive Guide to Becoming a Full Stack Developer

    A comprehensive learning path covers web development fundamentals starting with HTML and CSS, progressing through JavaScript and modern frameworks like React.js, Node.js, and Next.js. The curriculum includes database management with SQL, TypeScript for type safety, AI engineering tools, and over 500 coding challenges. Learners build practical projects including a portfolio site and deploy applications using platforms like Netlify, with all content available through freeCodeCamp's 48-hour video course.

  14. 14
    Article
    Avatar of logrocketLogRocket·26w

    Why is Zod so slow?

    Zod's runtime interpretation architecture makes it significantly slower than AOT-compiled validators like Typia in high-throughput scenarios. While this performance gap is negligible for typical web applications, it becomes critical in systems handling billions of requests. The article explains the interpreter vs compiler trade-off and demonstrates a practical solution: using a build script to convert Zod schemas into optimized JSON Schema validators with ajv, achieving production performance while maintaining Zod's developer experience during development.

  15. 15
    Article
    Avatar of javarevisitedJavarevisited·24w

    Top 5 Frontend Masters Courses for Backend Developers in 2026

    A curated list of five Frontend Masters courses specifically valuable for backend developers, covering full-stack deployment, database fundamentals, API design, DevOps infrastructure, and frontend system design. The courses focus on practical skills like server management, database optimization, production-ready API development, CI/CD pipelines, and understanding API consumption patterns from the client perspective.

  16. 16
    Article
    Avatar of c_communityC/C++ Community·27w

    Built a JavaScript runtime in C to understand how Node.js, Bun & Deno actually work

    Learn how JavaScript runtimes work by building Jade, a minimal runtime in C using JavaScriptCore and libuv. Explores the connection between JavaScript and system-level operations, event loop implementation, and native API exposure. Provides hands-on insight into the architecture behind Node.js, Bun, and Deno.

  17. 17
    Video
    Avatar of asaprogrammerAs a Programmer·24w

    MERN Stack Project: Video Calling Interview Platform with React & Node.js

    Build a complete interview platform featuring video calling, real-time chat, and a code editor supporting JavaScript, Python, and Java. The platform includes session management, screen sharing, message reactions, and code execution in isolated environments. Uses the MERN stack (MongoDB, Express, React, Node.js) with additional tools like Tailwind CSS, Clerk for authentication, Stream for video/chat, and deployment on Savala. Covers proper Git workflow with branches and pull requests, code reviews with Code Rabbit AI, and production deployment configuration including serving both API and React app from a single domain.

  18. 18
    Article
    Avatar of halodocHalodoc·25w

    Find & Fix Node.js Memory Leaks with Heap Snapshots

    Memory leaks in Node.js applications cause gradual memory growth until containers crash or restart. Heap snapshots provide detailed dumps of JavaScript memory at specific moments, revealing which objects consume memory and why they aren't garbage collected. The article demonstrates capturing snapshots using Node.js V8 API, triggering them on app start, via SIGUSR2 signals, and automatically during OOM events. Analysis involves comparing multiple snapshots in Chrome DevTools to identify growing objects, examining retained sizes, and tracing retainer chains to find root causes. Common leak patterns include lingering timers, unremoved event listeners, unclosed RxJS subscriptions, and closures retaining large objects. The solution includes storing snapshots securely in S3 with encryption and automatic expiry, enabling systematic debugging of production memory issues.

  19. 19
    Article
    Avatar of rhdevRed Hat Developer·27w

    Node.js 20+ memory management in containers

    Node.js 20+ automatically adjusts heap size based on container memory limits through cgroup awareness. By default, heap size is 50% of container memory up to 4 Gi, maxing out at 2 GB. The --max-old-space-size flag can override these defaults. The article explains V8 garbage collection behavior, troubleshooting memory leaks, and deployment considerations for OpenShift/Kubernetes environments. Key insight: simply increasing heap size won't fix underlying memory leaks, as OutOfMemory exceptions will eventually occur regardless.

  20. 20
    Article
    Avatar of nodelandAdventures in Nodeland·25w

    Noop Functions vs Optional Chaining: A Performance Deep Dive

    Benchmarks reveal that noop functions are 5.5x to 8.8x faster than optional chaining in JavaScript, executing at 939 million ops/second versus 106-169 million ops/second. The performance gap stems from V8's ability to inline noop functions while optional chaining requires runtime null/undefined checks that can't be optimized away. Frameworks like Fastify leverage this by providing noop logger objects instead of checking for existence. While optional chaining remains suitable for most code due to safety and readability benefits, noop functions offer measurable gains in hot paths and high-frequency operations. TypeScript's strict null checks can push developers toward unnecessary optional chaining when runtime guarantees exist.

  21. 21
    Article
    Avatar of devtoDEV·28w

    How to serve Markdown to AI agents: Making your docs more AI-friendly

    Content negotiation allows servers to serve Markdown instead of HTML to AI coding assistants by detecting the Accept header in HTTP requests. When AI agents request documentation with Accept: text/markdown, the server responds with raw Markdown, reducing token consumption and improving AI comprehension. The implementation involves detecting the Accept header, serving raw Markdown content when requested, and falling back to HTML for browsers. This approach helps AI agents process documentation more efficiently by eliminating HTML markup bloat.

See all Node.js archives