Back to News
6 min read

Node.js Digest #4: A Mascot for Node.js, One Month with Bun, Deno and Cloudflare News

Node.js Digest #4 by Oleksandr Zinevych

Welcome to the new digest covering September.

Key Highlights

🔹 Node v20.8.0 -- as always, a bunch of improvements and fixes.

🔹 Deno Queue -- the Deno team continues to develop their platform and release new interesting features.

🔹 Deno v1.3.7 -- Jupyter Notebooks, improvements to the VS Code extension, testing API, and Node.js compatibility.

🔹 Prisma v.5.4.1 -- in this and the previous version, support for several Serverless databases was added (PlanetScale, Neon, early support for Turso) along with other improvements.

🔹 Google Cloud SQL Node.js Connector -- officially became publicly available and ready for use.

🔹 GitHub Actions are fully transitioning to Node.js v20* by spring 2024.

🔹 Serverless framework has evolved into ampt.

A Mascot for Node.js

Nothing foreshadowed trouble, but it seems that in the near future Node.js will have its own mascot, like Bun or Deno. A discussion has started in the official GitHub repository with ideas, wishes, and proposals. As often happens, it all started on Twitter and then moved to GitHub, where Matteo Collina proposed reimagining the previous Node.js mascot and making it official. For those who aren't aware, the previous mascot looked like this:

In the same thread, developers and community members began sharing their own ideas and thoughts on the new Node.js mascot. Both developer imaginations and Midjourney were put to work. You can see the results here. I'll just add a spoiler: there's a capybara 🦫.

What the OpenJS Foundation will choose and what process will be needed for this -- we'll see in the future.

Node.js After the Arrival of Bun

At the time of this digest's publication, we've been living with the so-called production-ready version of Bun for a bit over a month. It's already clear that you can't easily replace Node.js with Bun on every project, the performance advantages aren't always significant, and the official Bun repository already has more than 1.8K registered tickets.

During this time, the Node.js team faced quite serious criticism on Twitter for supposedly not paying enough attention to Node.js performance and the platform's development in general:

Because of this, some contributors felt compelled to respond and explain why the situation with Node.js looks the way it does:

Matteo Collina even turned his tweet into a separate blog post, where he shared his thoughts on Bun and why things are the way they are with Node.js. And Theo Browne released a video defending the Node.js team and sharing his perspective on Bun.

I'd like to add that, in my opinion, Bun could be a great catalyst for Node.js development. That's why on the official Node.js GitHub we can see proposals like this one appearing.

By the way, last week DOU published an article with a more detailed overview and comparison of Bun and Node.js.

Cloudflare and the New Pricing Policy

Cloudflare is trying to capture new shares of the Serverless market and announced a change in their pricing policy. Now developers will only pay for CPU time and won't pay for the time spent waiting for a response from an external API or other I/O operations. In the old model, when you have an operation where you prepare data and, after sending it to the server, wait 200 milliseconds, and then process for another 2 milliseconds, you had to pay for all 207 milliseconds.

Now, according to the updated pricing policy, you'll only pay for 5 and 2 milliseconds. The difference is significant -- it'll be interesting to see what market share this brings to Cloudflare 🤔.

Be Careful with Dependencies, Not Just npm Anymore

In their new report, the Phylum team explains that attacks through npm dependencies are not only continuing but are also gaining momentum and spreading to new ecosystems like PyPI. Everything works similarly to what I already mentioned in the previous digest, except now the attackers are additionally targeting SSH keys and kubeconfig files.

You can read more about how this happens and which packages have already been flagged in the attack by following the link above. As a personal reminder: nobody will protect you from dangerous dependencies better than yourself, so watch what you install 😉

The good news is that GitHub is joining the fight against malicious packages. You can read about it in their blog here and here.

Something to Watch

  • Sorry, but a bit more about Bun. An interesting video where you can see Bun in action:

  • We've reached a point where documentaries are being made not just about nature, bacteria, history, etc., but also about TypeScript:

  • Luca Mezzalira traditionally talks about AWS and everything related to it. In his new talk, he goes into more detail about AWS Lambdas and how they're built internally:

  • It's been a while since we had anything about patterns. This video covers some Data Streaming patterns:

  • On the Serverless Land channel, several interesting streams were published:

  • A brief overview of what idempotency is:

Something to Read

🔹 Everyone talks about Bun on the server, but few talk about how it works in a Serverless architecture. Mitchell Kossoris decided to investigate this and provided his own benchmarks.

🔹 A very interesting perspective on Bun through the lens of Yarn's history. You may not agree with everything, but it's definitely worth reading both the article itself and the comments.

🔹 A preview of what might be included in the new TypeScript 5.3. Import Attributes might even make it into this version.

🔹 An article about how to integrate AWS Step Functions with Node.js.

🔹 A new article about what's wrong with the current JavaScript ecosystem by Martin Hagemeister. This time it's about polyfills and their impact on the number of dependencies.

🔹 A bit off-topic, but it's simply beautiful. GitHub added some infographics with commits, contributors, repositories, and more. You can check it out here.

🔹 Essential rules for security configuration when working with Node.js.

🔹 Some details about how Deno KV was built with FoundationDB, with answers to questions about why it exists and why it was built this way.

Library of the Month

Want to have a thread pool but with workers in Node.js? Then the workerpool library is for you. It allows you to create a pool of workers and work with them efficiently.