Back to News
6 min read

Node.js Digest #25: Anthropic and Bun, Prisma 7, TypeScript News, and Plenty on Security

Node.js Digest #25 by Oleksandr Zinevych

Hello, community! Oleksandr Zinevych and the Avenga team are here with our final digest of the year, covering the most interesting news from the world of Node.js and everything related to server-side JavaScript.

A Few More Quick News Items

🔹 Addy Osmani is leaving Google Chrome. Where exactly he's heading was unknown at the time of writing this digest, but you can read his farewell message here.

🔹 Node.js v24 is available on AWS Lambda.

🔹 Daniel Rosenwasser shared news about TypeScript 7.0, which, as I wrote in previous digests, will be rewritten. Sounds scary, but it looks like no special problems should be expected during the transition or upgrade... At least, that's what they're promising. Overall, the roadmap and direction of TypeScript looks very logical, and some of the work-in-progress features can already be tried out now. We eagerly await the official releases.

🔹 React Server Components didn't exactly show their best side this month. You're probably aware of the vulnerability that shook the web development world a bit, but if you missed it, I'll leave the news about it here. If you're using Deno Deploy, you can sleep soundly because the team quickly resolved all issues with this vulnerability.

Something to Read

🔹 Heard of Shai-Hulud? No, not the one from Dune, but the one that attacked npm again? Datadog explains in their blog what it is and how it works.

🔹 Have you ever heard the word "functor"? What about "monads"? Maybe you haven't and would like to understand them? Here's a great article by Ibrahim Cesar on a topic that might seem wildly out of place for typical JavaScript development, but will definitely make the neurons in your brain work a little harder.

🔹 What better way to promote Deno Deploy than telling people how easy it is to build a dinosaur game and deploy it on Deno Deploy? I don't think there is one. Read part one here.

🔹 Evan Hahn experiments with immutability and TypeScript.

🔹 Sometimes it's useful to dive into the details of how our everyday tools work. I suggest taking a look at what's new recently in the V8 Garbage Collector. The article itself contains links to others with even more details.

🔹 A bit about efficient dependency management on the e18e blog.

🔹 How to handle errors in Node.js is one of the most common interview questions and a place where some of the most non-obvious bugs hide. I'm sure most of you know how to deal with this, but it's always good to refresh your memory. A fairly detailed description of various cases is here.

🔹 AWS is resurrecting CodeCommit. I personally never used it, but it might be useful for someone.

🔹 You've seen how sometimes a method in a library is marked as deprecated, right? Stefan Judis explains how you can do that.

🔹 Some might say that security and JavaScript are things that, while historically connected, aren't as tightly linked as in Java, C#, or other languages that have always focused on developing modules where security is extremely important.

🔹 I, and everyone reading this digest, would certainly disagree with that statement. JavaScript code can and should be written to meet all security standards. If you're not sure how, here's a little reminder from Stack Overflow.

🔹 Yet another attack exploiting the specifics of npm.

🔹 Chris Ebert compares how AWS Lambda performs across different configurations.

🔹 Someone on the internet is wrong. A flame war about Nest.js started on Reddit. The author criticizes, the community defends.

Something to Watch

Daniel Rosenwasser and Jake Bailey talk about TypeScript. If you'd like to hear about the changes coming in TypeScript 6 and 7, this podcast is exactly what you need.

Can AI work on large projects with a lot of code just as smoothly as it does in various PoCs? Dex Horthy thinks so:

Once again on security and the security concepts every developer should know, from Pragmatic Engineer:

Fireship on Bun and Anthropic:

Event-driven architecture and the typical problems that can arise:

And of course, I recommend watching the talks from this year's JSNation:

That's not all — there are many more videos on the YouTube channel. I recommend watching all of them to stay on top of the trends.

Updates/Releases

🔹 Runtimes: Node.js v20.19.6, Node.js v25.2.1, Node.js v24.11.1, Bun v1.3.4.

🔹 Frameworks: Express v5.2.0, Nest.js v11.1.9, Fastify v5.6.2.

🔹 Libraries: Mongoose v9.0.1, Prisma v7.1.0, Drizzle v0.45.0, Mongoose v9.0.1, openai-node v6.10.0, TypeORM v0.3.28.

A Few More Interesting Things

🔹 You've certainly heard of technical debt, but have you heard of architectural debt? If not, you'll find an article by Frederick Vanbrabant interesting — it's about what it is and how to fight it.

🔹 What does an architecture look like that can efficiently handle 60 million users.

🔹 During the Christmas holidays, just like every year, there'll be time not only to eat a candy each day from a Milka or Kinder advent calendar, but also to solve technical challenges from the advent calendar here.

🔹 If you didn't study computer science at university and would like to catch up now, here's a small guide on how best to approach that.

🔹 And here you can dive into algorithms — even though it's more about Web3, the article is very detailed and will make you recall some university-level math.

🔹 Claude Code isn't just for email, as you might have thought — you can also do some interesting things with it.

To Stay on Top of the Memes

A white wall with a lamp and a picture from itAI-generated content may be incorrect.