Best of Node.jsJanuary 2026

  1. 1
    Video
    Avatar of fireshipFireship·13w

    The unhinged world of tech in 2026...

    A satirical look at tech trends for 2026 covering AI's plateau and continued hype cycle, the emergence of humanoid robots and wearable AI, struggles in the VR/AR space, chip shortage driving nuclear power resurgence, quantum computing breakthroughs with Google's Willow chip, digital IDs and central bank digital currencies in Europe, and JavaScript runtime evolution with Node.js TypeScript support, Deno bundling, and Bun's growing popularity. The job market shows mixed signals with AI creating 'code janitor' roles while threatening mid-level positions, though software engineering growth is still projected at 15% through 2034.

  2. 2
    Article
    Avatar of nodelandAdventures in Nodeland·12w

    The Human in the Loop

    AI has fundamentally changed software development workflows, but human review and judgment remain critical. While AI can generate code rapidly for bug fixes and features, engineers must review every change to ensure correctness, security, and architectural fit. The bottleneck has shifted from coding speed to review capability. The role of programmers who simply execute tasks is obsolete, but software engineers and architects who provide judgment, understand context, and maintain accountability are more crucial than ever. The real risk isn't AI replacing developers, but creating a culture where shipping unreviewed AI-generated code becomes acceptable.

  3. 3
    Article
    Avatar of cloudflareCloudflare·11w

    Introducing Moltworker: a self-hosted personal AI agent, minus the minis

    Moltworker enables running Moltbot (an open-source AI personal assistant) on Cloudflare's infrastructure without dedicated hardware. Built using Cloudflare Workers, Sandbox SDK, Browser Rendering, and R2 storage, it demonstrates how the platform's improved Node.js compatibility and developer tools can host complex AI agents. The implementation includes AI Gateway integration for model management, Zero Trust Access for authentication, and persistent storage through R2. The proof-of-concept is open-sourced on GitHub, requiring only a $5/month Workers subscription to deploy.

  4. 4
    Article
    Avatar of bunBun·13w

    Bun v1.3.6

    Bun v1.3.6 introduces new APIs for tarball creation/extraction (Bun.Archive) and JSONC parsing, adds metafile and virtual files support to Bun.build, and delivers significant performance improvements: Response.json() is 3.5x faster, async/await 15% faster, Promise.race 30% faster, and Bun.hash.crc32 20x faster. The release includes SIMD-optimized Buffer.indexOf, HTTP/HTTPS proxy support for WebSocket, S3 Requester Pays support, --grep flag for bun test, fake timers compatibility with @testing-library/react, SQLite 3.51.2 update, and 45 bug fixes improving Node.js compatibility, bundler stability, and security.

  5. 5
    Article
    Avatar of infoqInfoQ·15w

    Bun Introduces Built-in Database Clients and Zero-Config Frontend Development

    Bun 1.3 introduces zero-configuration frontend development with hot module replacement, a unified database API (Bun.SQL) supporting MySQL, PostgreSQL, and SQLite without external dependencies, and a built-in Redis client claiming 7.9x performance over ioredis. The release includes enhanced package management with dependency catalogs for monorepos, isolated workspace installs, and interactive dependency updates. Performance improvements include 10-30% reduced memory usage in frameworks like Next.js, 60% faster macOS builds, and 9% faster Express benchmarks. Breaking changes affect TypeScript types for Bun.serve() and SQL client usage patterns.

  6. 6
    Article
    Avatar of ergq3auoeReinier·13w

    Full Stack Engineering Course | Build and Deploy a Full Stack PERN Admin Dashboard in 2026

    This comprehensive PERN stack course teaches you to build a production-ready University Management Dashboard from scratch. The tutorial covers PostgreSQL, Express, React, and Node fundamentals, then guides you through implementing multi-role authentication, secure join codes, and Cloudinary media uploads. The course also explores using AI agents for rapid development by attempting to rebuild the entire Google Classroom-style project and comparing human versus automated approaches.

  7. 7
    Article
    Avatar of electronElectron·13w

    Electron 40.0.0

    Electron 40.0.0 has been released with upgrades to Chromium 144.0.7559.60, V8 14.4, and Node 24.11.1. New features include HDR color space support for offscreen rendering, hardware acceleration detection API, system accent color retrieval on Linux, File System API grant persistence, and dynamic ESM imports in preloads. Breaking changes include deprecation of clipboard API access from renderer processes and compression format changes for macOS debug symbols. Electron 37.x.y has reached end-of-support.

  8. 8
    Article
    Avatar of twirThis Week In React·12w

    React Hebdo #265: React Skills, json-render, ViewTransition, Base UI, shadcn, Store, MDX, GTK

    Weekly React newsletter covering AI skills systems from Vercel, Callstack, and Expo; Firefox release enabling View Transition API, CSS anchor positioning, and Navigation API across all browsers; React Store RFC and MDX v3 support in Prettier; React Native updates including Windows/macOS 0.81, Brownie for brownfield apps, and React Navigation 8.0 alpha; Node.js security mitigation for AsyncLocalStorage DoS vulnerability; Astro joining Cloudflare; TC39 meeting progress; and jQuery 4.0 release.

  9. 9
    Article
    Avatar of jswklyJavaScript Weekly·14w

    JavaScript Weekly Issue 767: January 6, 2026

    JavaScript Weekly Issue 767 highlights the 2025 JavaScript Rising Stars, where n8n and React Bits topped the GitHub popularity charts, surpassing shadcn/ui. The newsletter covers recent releases including pnpm 10.27 with enhanced security features, Ink 6.6 for building CLI apps with React, and Color.js v0.6. Featured articles explore compiling JavaScript to C using Static Hermes for Rust interoperability, and Bruno 3.0, an open-source HTTP API client with a redesigned UI and workspace features.

  10. 10
    Article
    Avatar of opensourcesquadOpen Source·14w

    Open Source - PodPDF

    PodPDF is a lightweight PDF generation library for Node.js and Bun that claims to be 5x faster than jsPDF. It's TypeScript native, has zero dependencies, and comes in at just 8 KB minified, making it an efficient option for server-side PDF creation in JavaScript runtimes.

  11. 11
    Video
    Avatar of fireshipFireship·12w

    Bun in 100 Seconds

    Bun is an all-in-one JavaScript runtime that replaces Node.js, npm, bundlers, testing frameworks, and transpilers with a single fast tool. Built with Zig and JavaScriptCore instead of C++ and V8, it offers built-in TypeScript support, database drivers for SQLite and Redis, HTTP server capabilities, and package management—all while maintaining Node.js ecosystem compatibility. Installation is simple, and it eliminates configuration complexity by bundling everything developers need into one binary.

  12. 12
    Article
    Avatar of infoqInfoQ·12w

    Prisma 7: Rust-Free Architecture and Performance Gains

    Prisma ORM 7.0 replaces its Rust-based query engine with a TypeScript implementation, achieving 90% smaller bundle sizes, 3x faster query execution, and lower resource utilization. The release moves generated code out of node_modules for better developer experience, introduces a dynamic configuration file, and delivers 98% fewer types with 70% faster type checking. Migration guides and AI-assisted tooling help developers upgrade from previous versions.

  13. 13
    Article
    Avatar of mgjkq5yleln1wbzrddjfdAbhishek Shrivastav·13w

    Web Developer Roadmap 2026: A Complete MERN Stack Guide with Real Projects

    A structured learning path for aspiring full stack developers covers the MERN stack (MongoDB, Express, React, Node.js) from fundamentals to deployment. The roadmap emphasizes building real projects early, understanding web fundamentals before frameworks, mastering JavaScript core concepts, and creating a portfolio with deployed applications. It includes state management with Redux Toolkit, authentication, database design, performance optimization with Redis, and deployment strategies, while stressing that consistent practice with actual projects matters more than consuming endless tutorials.

  14. 14
    Video
    Avatar of codinggopherThe Coding Gopher·15w

    Bun just killed Node.js

    Bun is an all-in-one JavaScript runtime that consolidates execution, bundling, package management, and testing into a single binary. Built with Zig and JavaScriptCore instead of V8, it eliminates the overhead of multiple tools parsing the same code. Key features include native TypeScript support without compilation, integrated bundler with tree-shaking and code-splitting, content-addressable package caching, and built-in test runner. By sharing internal representations and optimizing at the systems level, Bun achieves faster cold starts, quicker dependency installs, and improved development workflows compared to traditional Node.js toolchains.

  15. 15
    Article
    Avatar of nodejsNode.js·13w

    Node.js — Node.js 24.13.0 (LTS)

    Node.js 24.13.0 LTS (Krypton) is a security release addressing six CVEs. The fixes include adding a default TLSSocket error handler, disabling futimes when permission model is enabled, requiring full read/write permissions for symlink APIs, handling stack overflow exceptions in async_hooks, refactoring unsafe buffer creation to remove zero-fill toggle, and routing TLS callback exceptions through error handlers. The release also updates c-ares to v1.34.6 and undici to 7.18.2.

  16. 16
    Article
    Avatar of nodejsNode.js·11w

    Node.js — Node.js 25.5.0 (Current)

    Node.js 25.5.0 has been released with several notable changes including updated root certificates to NSS 3.119, addition of LIEF as a dependency for Single Executable Application (SEA) generation, a new --build-sea flag to generate SEAs directly with the Node.js binary, an ignore option for fs.watch, SQLite defensive mode enabled by default with new prepare options, and test_runner support for expecting test cases to fail. The release also includes npm upgrade to 11.8.0, various dependency updates (ICU, Ada, zlib), bug fixes across multiple modules, and improvements to build tooling and documentation.

  17. 17
    Article
    Avatar of svelteSvelte Blog·13w

    CVEs affecting the Svelte ecosystem

    The Svelte team has released patches for 5 security vulnerabilities across devalue, svelte, @sveltejs/kit, and @sveltejs/adapter-node. The vulnerabilities include two DoS issues in devalue.parse causing memory/CPU exhaustion, a memory amplification DoS in SvelteKit's remote functions deserializer, a DoS and potential SSRF when using prerendering, and an XSS vulnerability via the hydratable feature. Users should upgrade to devalue 5.6.2, svelte 5.46.4, @sveltejs/kit 2.49.5, and @sveltejs/adapter-node 5.5.1. Most vulnerabilities affect applications parsing user-controlled input or using specific experimental features.

  18. 18
    Video
    Avatar of dreamsofcodeDreams of Code·11w

    We finally have an A.I. assistant that actually works

    Claudebot is an open-source AI assistant that runs on your own server and automates digital tasks like managing emails, updating software, monitoring flight prices, and executing system administration. The tutorial covers setting up Claudebot on a VPS instance, configuring it with LLM providers (OpenAI, Anthropic), connecting messaging apps (Telegram, Discord, WhatsApp), and extending functionality through skills. The assistant can be triggered via messages, cron jobs, webhooks, or email events, making it versatile for automation workflows while maintaining privacy through self-hosting.

  19. 19
    Video
    Avatar of denoDeno·13w

    What's new in Deno 2.6

    Deno 2.6 introduces several major improvements including a new `dx` subcommand (equivalent to npx), granular permission controls with ignore flags, a 2x faster experimental TypeScript type checker written in Go, sourcephase imports for WebAssembly modules, a new `audit` subcommand for scanning dependencies against GitHub CVE database and Socket.dev, enhanced bundler capabilities for web workers and multi-platform targets, and continued Node.js compatibility improvements across file operations, cryptography, and database APIs.

  20. 20
    Video
    Avatar of lowlevellearningLow Level Learning·12w

    sounds about right.

    Three critical vulnerabilities (all rated 9.9+) were discovered in n8n, a workflow automation platform. All three allow authenticated attackers to achieve remote code execution: one through improper control of dynamically managed code using constructor injection, another via sandbox bypass in the Python code node using Pyodide, and a third through unrestricted file upload in the git node. The core issue stems from the difficulty of properly sandboxing arbitrary code execution across multiple workflow nodes, especially when using blacklist-based rather than whitelist-based security approaches.

  21. 21
    Article
    Avatar of opentelemetryOpenTelemetry·13w

    OpenTelemetry JS Statement on Node.js DOS Mitigation

    OpenTelemetry clarifies that a recent Node.js denial-of-service advisory involving async_hooks is not a vulnerability in OpenTelemetry itself. The issue stems from applications relying on unspecified stack space exhaustion behavior. Node.js has fixed this in version 20.20.0 and newer, but the fix won't be backported to Node.js 18. Users should upgrade to Node.js 20+ as the recommended mitigation, with no OpenTelemetry-specific changes required.

  22. 22
    Article
    Avatar of bunBun·11w

    Bun v1.3.7

    Bun v1.3.7 fixes 91 issues and delivers major performance improvements: 50% faster Buffer.from(array), 35% faster async/await, 3x faster array.flat(), and 90% faster padStart/padEnd through a JavaScriptCore upgrade. New features include native JSON5 and JSONL parsers, Bun.wrapAnsi() (33-88x faster than wrap-ansi npm), heap and CPU profiling with markdown output, node:inspector Profiler API, and replMode for Bun.Transpiler. Fetch now preserves header casing, HTTP/2 compatibility is improved for AWS ALB/gRPC/Fauna, and numerous bugs are fixed across bundler, install, test, serve, shell, Node.js APIs, and Windows support.

  23. 23
    Article
    Avatar of freecodecampfreeCodeCamp·14w

    How to Build an In-Memory Rate Limiter in Next.js

    Rate limiters control API request frequency to prevent abuse and manage costs. This guide implements an in-memory rate limiter for Next.js using the fixed window algorithm, tracking requests by unique identifiers and blocking excess traffic with 429 responses. The implementation stores usage data in a Map, automatically clears expired entries, and can be applied to any API route. Artillery load testing confirms the limiter accurately enforces limits (12 requests per 60 seconds) even under high traffic, with 99% of requests maintaining sub-100ms latency.

See all Node.js archives