Node.js Digest #14: Express.js v5.0, Deno 2, and the Hard Life of Open Source
Node.js Digest #14 by Oleksandr Zinevych
Hey, community! Oleksandr Zinevych here, Engineering Director at Avenga. Autumn has arrived, which means it's time for the first fall digest with news about Node.js and beyond ;)
Key Highlights
TypeScript v5.6 — for those eagerly awaiting iterator helpers or disallowing checks that are always truthy or always return null. Besides that, there are a few more not-so-dramatic changes.
In the Redmonk ranking, JavaScript is traditionally the leader among programming languages.
The usual Node.js updates are out — Node.js v20.17.0 and Node.js v22.9.0.
Express.js v4.21.0 — it's not just version 5.0 that's evolving; the good old fourth version is also receiving its improvements and fixes.
date-fns v4.0 — one of the most popular date libraries has added convenient functionality for working with time zones.
Everyone has forgotten, but the trademark owner of JavaScript is Oracle. Now the most prominent figures in the JavaScript world, whose names you definitely all know, have taken on the task of returning ownership of JavaScript back to the community. Here's the open letter that you can not only read but also sign ;)
Supabase and Vercel are now partners.
Deno v2.0 — by the time this digest comes out, one of the biggest updates in the history of the Deno runtime may have fully launched. We'll cover this release in more detail in the next digest.
Also released: Fastify v5.0, Hono v4.6.0, Biome v1.9.
Express.js 5.0
I mentioned in previous digests that Express.js has come back to life. More precisely, the community came back to life and decided to start working on new versions of this legendary framework.
And so, actions speak louder than words — the world has seen the new Express.js v5.0. At the time of writing this digest, the version is still in beta, but you can already see that we can expect the release of most of what's described here.
Despite the framework being quite old, it still tops every survey and ranking. Of course, this is largely because many legacy systems built on it are easier to maintain than to rewrite with something new. But progress and development in the good old Express.js is definitely one of the biggest stories of this year. We wish the team strength and inspiration in working on new features ;)
The Hard Life of Open Source
Contributing to open source has long been a good practice. The number of contributions to large popular projects, as well as projects solving complex and not-so-complex problems, grows every day. On one hand, this growth gives us access to a huge number of ready-made solutions without the need to reinvent the wheel. But is it always safe?
Unfortunately, no. Almost every month there are new stories about how someone tried to carry out an attack through an open source project. The number of collaborators is growing, and it's simply not always physically possible to spot that a PR isn't just fixing a bug — if you know what I mean.
This is especially hard to track on projects where the author is alone and personally decides what and when to add. I recommend reading a great article where, using OpenJS and the JavaScript ecosystem as examples, Matteo Collina and Robin Ginn discuss the current threats and challenges facing the open source community.
Deno 2
Ryan Dahl visited the Stack Overflow podcast, where he shared a bit about what to expect in Deno 2. It's clear that the Deno team is targeting the enterprise segment and will be improving all aspects related to it.
Read also 👇
First and foremost, there will be improvements to the module management system, particularly scalability. So that connecting and maintaining many modules via direct URLs isn't as painful. Naturally, they'll be improving NPM compatibility, because you can't get far in the JavaScript world without it. There will also be performance improvements, an LTS version, and more. You can listen to the full recording here.
As always, there was some criticism of Node.js, but we all understand well that Node.js genuinely deserves some criticism.
Cloudflare Workers and Node.js — Even Better Friends
The Cloudflare team shared in their blog that they've significantly improved Node.js compatibility in their Workers and Pages services.
Not everyone knows this, but while Cloudflare Workers can work with JavaScript or TypeScript, under the hood it's not Node.js but workerd. Consequently, many things familiar in Node.js don't work. To make things function at least somewhat, they initially used polyfills, then expanded the Workers runtime environment itself. Now the Cloudflare team has decided to take a hybrid approach that combines both.
Projects on roadmap.sh
The service with development roadmaps for various technical competencies that many of you know (roadmap.sh) has rolled out a new feature — educational projects. Now, alongside learning roadmaps for the respective technologies, you'll be able to find ideas for educational projects sorted into three difficulty levels from easiest to hardest.
As always, it's up to the user: you need to start the process yourself, push your code to GitHub, and wait for feedback from the community. Whether this will work well and whether users will actively review each other's projects remains to be seen, but the idea itself is really cool.
C in JavaScript
If you're one of those few developers who have had to use more than just JavaScript in Node.js, you know it's a rather painful process. And performance with this approach has its bottlenecks 🫠. It seems the Bun team has decided to add some novelty here as well. As a result — in the new Bun version they're promising more convenient work with C directly from JavaScript. We'll need to see some videos of people testing this on real projects, but it looks a bit better than what currently works in Node.js.
Something to Read
David Linthicum in his article with a rather provocative headline — Serverless cloud technology fades away — reflects on what's happening with Serverless architecture and where it's all going.
Red Hat in their blog outlines a reference architecture for building Node.js applications, and now they've compiled it all into a book.
Some criticism of JSR and Deno in general from David Bushell.
The AppSignal blog published a new article about the 5 most popular libraries for working with HTTP requests.
Tim Jones talks about the life of someone maintaining an open source project, as well as about the pg-boss library itself.
If you need to build an Event Sourcing architecture, you'd probably want to read not just about how to build it, but also about the main problems you might encounter. Michal Ostruszka discusses various pain points of this architecture in his post.
Trevor Lasn demystifies how setTimeout() and setImmediate() work in Node.js. These used to be almost classic interview questions. I hope that's becoming less common.
A collection of 40 white papers on System Design. Even if you're not planning to take or conduct such interviews anytime soon, it's always useful reading for personal growth.
For those who've heard of Supply Chain Attacks: it's worth not just hearing about them, but knowing how to counter them. For those who haven't heard of this beast, it's definitely worth understanding what it is. In the Auth0 blog, Leonardo Zanivan shared key practices that will help with this.
In their blog, the Timescale team shared a bit about how to build semantic search.
Something to Watch
If you've ever wondered why converting a fetch response to JSON requires await, this video is for you.
A short documentary about how Deno was created:
Matt Raney shares his not-so-positive thoughts about Microservices on the NeetCodeIO podcast.
A big video from Web Dev Cody. You can learn how to build a meme generator web service from scratch.
Do you know what graceful shutdown is? If not, this video will be useful.
Library of the Month
Working with child_process natively isn't very convenient. The nano-spawn library tries to solve this problem and make the process just a tiiiny bit more pleasant ;)
