Back to News
7 min read

Node.js Digest #3: Bun 1.0, .env Support in Node.js, News from Google, Deno Announcements, State of Serverless

Node.js Digest #3 by Oleksandr Zinevych

Hello everyone, my name is Oleksandr Zinevych, and I work as an Engineering Director (Node.js, Ruby) at Avenga. Welcome to the new Node.js digest covering August and a bit of September (since August was quite sparse on news ๐Ÿ˜‰).

Key Highlights

๐Ÿ”นPrisma 5.2 -- an update to one of the most popular ORMs today. The main improvements relate to how Prisma Client works with Prisma Accelerate and Prisma Data Proxy;

๐Ÿ”นDeno KV in open beta -- the Deno team continues to develop their product, and this time the functionality that Ryan Dahl mentioned at the spring Node.js Congress has entered beta;

๐Ÿ”นTypeScript 5.2 -- developers finally got the long-awaited using declarations and other previously announced improvements;

๐Ÿ”นTurbo is dropping TypeScript;

๐Ÿ”นDeno Deploy announced npm support.

Node.js Updates

On September 4, the new version Node.js v20.6.0 was released. The main killer feature of this release is built-in support for .env files. You can see how this came about in this PR. There are big doubts about whether this built-in functionality can replace our beloved dotenv package -- only time and future Node.js versions will tell. As always, this release includes many other improvements and fixes, the full list of which can be found here.

If you're using older Node.js versions, remember that as of September 11, Node.js v16 moves to EOL, so it's time to think about upgrading to a newer version.

September 7 is the official release date of Bun 1.0. For those who aren't aware, Bun is yet another Node.js killer. Bun had been tested by the community for a long time, and finally, the world saw version 1.0. To celebrate the occasion, the developers even recorded a festive promotional video explaining why Bun is better than Node.js and what comes out of the box:

Bun 1.0 is here

They promise performance that's dozens of times better, out-of-the-box TypeScript support, hot-reloading, backward compatibility with Node.js, and a whole lot more. It certainly looks interesting, but after watching the bun flying from frame to frame, I recommend reading the corresponding thread on YCombinator. Here's one of my favorite comments:

Of course, Bun.js has a number of advantages over Node.js, if you trust the demos and benchmarks, but whether things are really that great on real projects will be shown by community feedback and time.

npm Under Attack! (Again)

August, like the rest of summer, was tough for npm. Another attack, using a similar method that we already mentioned in the previous digest.

In their blog, the Phylum team reported a new attack they caught and investigated in August. On one hand, it's business as usual: a suspicious npm package containing suspicious code. What's interesting is that this time, the malicious code launches a daemon process that makes a request to a third-party server every 45 seconds and executes the received payload. This allows attackers to precisely and deliberately send the right payloads to the right hosts to achieve their malicious goals. You can read the detailed report about this attack right here.

As a reminder: be careful with dependencies on your projects and be very cautious when deciding which npm packages to install and work with, because every attack of this type starts with installing the wrong package ๐Ÿ˜‰

Google's Project IDX

Google continues its experiments in multi-platform application development. This time, they're presenting a new browser-based development environment -- Project IDX.

In essence, it's a VS Code in the browser where you can work with JavaScript/TypeScript projects (React, Angular, Next), with built-in code autocompletion and a chatbot powered by Google's own models. Additionally, deploying your application to Firebase is supported out of the box. At this stage, the project is in preview phase, at the very beginning of development, so I definitely wouldn't call it a VS Code killer or a threat to any of your favorite development environments. However, they promise many new features, including Go and Python support, as well as built-in Android and iOS emulators, which could be quite interesting ๐Ÿค”

At the time of writing this digest, access was only available through a waitlist, so if you'd like to try it, sign up and wait for your invitation.

You can read more about this project at this link, and here you can watch:

Project IDX: Full-stack application development with generative AI

State of Serverless

Datadog published their report on how their customers use the Serverless approach in their projects and for various needs. The report shows that the Serverless approach is becoming increasingly popular among the majority of respondents. For the Node.js community, the pleasant fact is that Node.js is the most popular language used for writing Serverless code:

Also, the cold start time for Lambda functions on Node.js is almost the same as on Python:

Something to Watch

๐ŸŽฌ A new video from Viktor Turskyi about how the internet works. This time, Viktor talks about DNS and what role it plays:

๐ŸŽฌ Juri Strumpflohner, Sr. Director of Developer Experience at Nx, and Lukas Holzer, Staff Engineer at Netlify, discuss how to effectively use the monorepo approach together with the Netlify platform

๐ŸŽฌ On the Serverless Land channel, several interesting streams were published that are worth watching:

-- Harold Sun talks about how you can use Lambda Web Adapter to run web applications on AWS Lambda:

-- Architects Giedrius Praspaliauskas and Luca Mezzalira got together to conduct a small workshop on patterns worth using when working with Serverless architecture:

๐ŸŽฌ Not everyone will enjoy working in such an environment, but if you'd like to work in Vim and have the ability to customize it to your needs, this video is for you:

Something to Read

Node.js reference architecture by Red Hat received an update at the end of July in the form of a section on Transaction Handling. This and other existing sections will definitely be interesting for those who are into architecture.

At the end of August, the massive Google Cloud Next 2023 conference took place, where new products and platform initiatives were presented. Here you can review a summary of everything that was presented at the conference. Be prepared for the fact that there's no such thing as too much AI -- out of 161 announcements, there were 138 mentions of AI ๐Ÿฅฒ

The Deno developers continue to demonstrate how their runtime solves typical problems that Node.js developers face daily. This time, they're talking about configuration hell.

And since we've already mentioned various JavaScript runtimes in this digest, the Snyk blog published an article comparing Node.js, Bun, and Deno.

You've most likely heard of the JamStack approach, which skyrocketed in popularity, but today you barely hear about it anymore. This article goes into more detail about JamStack and why this happened.

A story about how to upload a CSV file with 1 million rows in 10 seconds.

Library of the Month

Opossum -- an implementation of the CircuitBreaker pattern for Node.js -- received a new version with various improvements in August. If you don't know what this pattern is, there's a detailed article by Martin Fowler, and if you don't want to read, there's a video: Node.js Circuit Breaker with Prometheus Metrics