Back to News
7 min read

Node.js Digest #7: Deno's prospects, NPM under attack again, fs reimagined, JavaScript in MySQL

Node.js Digest #7 by Oleksandr Zinevych

Hello everyone! This is Oleksandr Zinevych, Engineering Director at Avenga. After a short winter break, I am back on DOU and continuing to keep you up to date with the latest news from the Node.js world. So welcome to the first digest of 2024 ⭐

Key highlights

🔹Node.js v21.6.1 has been released. Not much exciting news here, but do not forget to update on time.

🔹TypeScript v5.4 beta is available, and you can already try Object.groupBy, Map.groupBy, and much more.

🔹Oracle announced that JavaScript can now be used to write stored functions and stored procedures on MySQL Server.

🔹MikroORM released the sixth version of their library, which is an excellent alternative to the very popular TypeORM.

🔹If you do not like how the native fs module works in Node.js, you might be interested in a new unofficial alternative — humanfs.

NPM, we have problems

Socket published a short report on what happened with npm in 2023. The report contains a lot of statistical data — for example, TypeScript is the most popular npm package by the number of dependent packages, with React coming in second.

In addition, the report includes examples of the longest npm package names, information about the largest npm packages by size, and much more.

What I found particularly interesting is that the company detected over five thousand malicious packages during 2023.

It seems that security and validation of npm package contents is becoming an increasingly pressing problem, because 2024 has only just begun and Sonatype is already reporting how they discovered packages containing videos inside them, as well as the everything package that references all public npm packages in its dependencies, creating a so-called dependency hell and making their removal impossible.

These cases are not as serious as this one, where SSH keys are being directly stolen. On top of that, there is also a serious problem with deprecated packages.

The conclusion here is that the npm ecosystem needs to evolve rapidly to at least somewhat (belatedly) counter modern challenges.

2023 JavaScript Rising Stars

In January, the new edition of the JavaScript Rising Stars 2023 report was published, where you can see what has been happening in the JavaScript ecosystem over the past year.

Of course, the report did not overlook back-end development. According to the data, the top framework for back-end and full-stack development turned out to be Next.js with 17.8K stars on GitHub, while Bun made it onto the bundlers list and took first place with 29.3K stars on GitHub. It is unclear why it was categorized that way, but that is how the authors see it 🤷🏻‍♂️

Naturally, AI was also covered (where would we be without it now) — in this category, the list was topped by Langchain.js, a framework for building applications based on LLM models.

Additionally, among all the most popular projects in the JavaScript world, DrizzleORM — a project by a Ukrainian team that I already mentioned in one of the previous digests — came in at ninth place.

The future of Deno

Recently, Deno v1.40 was released. The new version brought a lot of interesting features. For instance, you can now try the Temporal API in experimental mode, Stage 3 Decorators Proposal, improved Node.js compatibility, and more.

The platform is developing and actively growing from version to version, but it is still not quite a competitor to Node.js. Baldur Bjarnason shared his thoughts on this in his blog.

The author notes that in its attempt to achieve full compatibility with Node.js, Deno is chasing a goal that keeps slipping away, since Node.js is actively evolving.

Moreover, he fairly points out that those who move away from Node.js do not necessarily want to continue using JavaScript on the back end. Therefore, the niche and future of the platform remain unclear. I would love to hear your thoughts on this — share them in the comments 😉📝

State of Web Development Survey

Netlify published the results of their State of Web Development 2023 survey. This report covers web development in general, so there is not a lot of information specifically about back-end technologies.

According to the report results, we can observe how so-called Composable Architectures are maintaining their popularity, Astro is gaining traction, and we can also review some predictions from the Netlify team.

What caught my attention is that about 80% of respondents reported using AI tools in their work and provided general feedback:

While it is still too early to say exactly how the adoption of modern AI tools will change development, it is already clear that we are somewhere in the middle of this process.

Something to read

🔹The Deno blog published a short tutorial on how to build a Cloud-based IDE yourself using their new Subhosting API.

🔹Matteo Collina shared his recommendations on the Platformatic blog about how to work with Environment Variables. Of course, this involves using Fastify and Platformatic, but it is useful regardless.

🔹The Cloudflare blog published a tutorial on how to use their Workers for working with the OpenAI API.

🔹The Senior Product Manager at Microsoft responsible for TypeScript gave a brief interview summarizing what happened with the "language" in 2023 and what to expect in 2024. Not a lot of specifics, but you can get a sense of the direction 😉

🔹A collection of useful practices worth adopting on the back end — a GitHub repository I stumbled upon by accident, but which can be quite useful. Most of them are obvious, so you can treat it as a checklist.

🔹A bit of clickbait 🙃. Smashing Magazine published an article titled "How Marketing Changed OOP in JavaScript". I still did not quite understand how it changed it, but it is an interesting read.

🔹A forecast on how Serverless will evolve in 2024 and what influences it.

🔹Bun continues to impress and announced Bun Shell — the ability to write and execute shell scripts in JavaScript. More details here.

🔹The AWS blog published an article about AWS Amplify and how to work with it. There is not much that is overly complex or extraordinary here, but it can be interesting for general knowledge.

🔹The DrizzleORM team shared a story about how a small fix improved the performance of a specific operation several times over. More details at this link.

Something to watch

🔹Recordings from the fwdays React + TS conference are now available. I recommend watching all that are available, but for us, of course, the most interesting one will be Matteo Collina's talk:

🔹A high-level review of how to work with the Gemini Vision API from Node.js. If you have not heard of it, it is something like ChatGPT from Google, only better (according to various reviews):

🔹Have you already worked with AWS Step Functions? Maybe it is time to get acquainted? FooBar Serverless channel released a short overview of how to use this service:

🔹An interesting AWS Lambda debugging case breakdown by Web Dev Cody:

🔹Not really about Node.js, but if you have ever wondered how spell checkers work, this video is a must-watch:

🔹A complimentary overview of how to migrate from Express to Bun and Hono:

🔹Theo Browne shared his thoughts on what might await web development in 2024:

Library of the month

This month I would like to draw your attention not just to a library, but to an entire framework — hono. It is a framework that has a very small memory footprint and is optimized for working in Edge environments. But what I liked the most is that you can use Node.js, Bun, or Deno with it.

That is all for now. Leave your comments and questions if you have any, and see you in March! 😎

Like the digest? Subscribe to the author to receive notifications about new posts via email.