Back to News
6 min read

Node.js Digest #8: official Node.js mascot, Deno JSR, Node.js documentary, Node.js without npm

Node.js Digest #8 by Oleksandr Zinevych

Hello, community! This is Oleksandr Zinevych, Engineering Director at Avenga, which means it is time for a new issue of the Node.js digest. So without further ado, let us jump straight into the news 👇

Key highlights

🔹Another update: Node.js v21.7.0 — this time they added support for loading .env files, along with the usual assortment of fixes.

🔹A new update to drizzle-orm v0.30.1 landed, bringing support for the op-sqlite driver.

🔹The OpenJS Foundation has taken on standardizing package.json.

🔹TypeScript v5.4 has been officially released. As always, there are plenty of updates, among which the most interesting, in my opinion, are support for Object.groupBy and Map.groupBy methods, as well as the NoInfer type 😉.

🔹The release of Bun v1.0.30, with a lot of bug fixes.

🔹Express is alive and kicking — after more than a year of silence, it received new, albeit minor, updates.

Node.js gets a mascot

Yes, it has happened, and now Node.js has its very own mascot! 👏👏👏

Soon you will be able to buy T-shirts, stickers, backpacks, and notebooks featuring this lovely turtle (but that is not confirmed).

Community opinions about the official mascot are somewhat divided — you can read more here. Many people noted that it looks a bit cartoonish and not serious enough compared to other languages, and I somewhat agree. But still, this is a great event in the Node.js world, so congratulations to all of us! By the way, feel free to share your thoughts about the new official mascot in the comments.

Node.js without npm

In its blog, Socket reported on a discussion about the future of Node.js and npm that is currently taking place in the Technical Steering Committee. It all started with a proposal to enable Corepack by default, which would allow developers to use alternative package managers — yarn, pnpm, and of course npm — without having to explicitly install them. However, the discussion around Corepack, which is already part of the latest Node.js bundles, gradually shifted to the topic of npm's exclusivity and whether it should be separated from the Node.js bundle entirely.

There is no consensus yet and the discussion is still ongoing, but we can rest easy. It is already clear that separating npm from the main bundle is unlikely. First, this would be too big of a change and it is doubtful the community would go along with it.

Second, Node.js and npm are a synergy that, thanks to their combination, has become perhaps the largest platform in terms of packages and contributors — so why would you want to break that?

To put everyone at ease, here is a post from Rafael Gonzaga, who, thanks to his involvement in the platform, has a better understanding and vision of what awaits us:

Deno JSR

The Deno team continues to impress and develop their platform. This time they announced early access to a new alternative to npm — JavaScript Registry.

In their article, the team clearly explains why JSR was created and why it might be time to rethink the role of npm and move beyond working with modules solely through it. Their arguments make perfect sense, especially in light of the massive number of news stories about various attacks exploiting npm's obvious weaknesses.

What I liked most about the new JSR is the quality scoring system, where there are general metrics for evaluating each package, and you can immediately understand whether it is what you need.

Additionally, packages can be written directly in TypeScript and uploaded to JSR, which is a truly great and modern approach. JSR modules can also, as the developers claim, be used in Node.js + npm projects.

You can read what the community thinks about this here.

Horror stories from Netlify

This month I came across a website that can look like a nightmare for those who use Serverless services.

I actually found this site because I saw a tweet on X.com about an outrageously large bill from Netlify — $104K. To be more specific, one bright (or not so bright) day, a Netlify platform user received a letter about a small debt that needed to be paid according to resource usage — namely, $104K.

After their own investigation, it turned out that this was a targeted DDoS attack. In such cases, Netlify asks to pay 20%, and given the very large amount, they were willing to reduce the sum to 5% of the total bill. When the user refused to pay even that amount and wrote a post on Reddit about it, Netlify ultimately decided to cancel the bill — but overall, the situation is terrifying 😬.

The full story is here.

Something to read

🔹Rafael Gonzaga, whom I already mentioned a bit earlier, prepared his retrospective look at Node.js in 2023.

🔹Curious about who is faster: Node.js, Bun, or Deno? Kitson P. Kelly conducted his own research on the topic.

🔹Have you heard about LLRT? If not, it is time to get acquainted and figure out who is faster: Node.js or LLRT when used in AWS Lambdas.

🔹Yet another article about why you need to be careful with npm, and especially with preinstall and postinstall scripts.

🔹A roundup of the latest V8 updates on the AppSignal blog.

🔹Alex Hari shares his ideas about what to do if you cannot use TypeScript but really want to.

🔹If you were curious about what the future holds for Express and where the library is headed, you can check out the discussion on this topic here.

🔹And here you can learn about what interesting things are coming to the Set data structure in the near future.

Something to watch

🔹A fairly comprehensive and detailed tutorial on using AWS Amplify Gen2:

🔹Have not heard of or are not familiar with Drizzle ORM? Here is a short video that will give you a general understanding of what it is:

🔹A bit about deployment from Web Dev Cody:

🔹Best practices for configuring AWS Lambda:

🔹A more detailed look at the Node.js and npm situation from Theo Browne:

🔹A video for those who have not heard about LLRT — the new JavaScript runtime from AWS:

🔹A Node.js documentary is coming soon, and in the meantime you can check out the trailer 🍿🍿🍿

Library of the month

BBC does not just make news — they also contribute to open source. This month I recommend checking out a library that simplifies working with SQS, provided you are already using the AWS SDK.

That is all for now. Leave your comments, share this digest with friends, and ask questions if you have any. See you in April! 😎

Like the digest? Subscribe to the author to receive notifications about new posts via email.