The story of how require(esm) became stable

Posted by
0

#​606 — January 8, 2026

Read on the Web

🎉 Happy New Year! Also, a quick reminder that Node Weekly is now sent every Thursday as part of a reshuffle for many of our newsletters.
__
Your editor, Peter Cooper

npm to Implement ‘Staged Publishing’ After Turbulent Shift Off Classic Tokens — 2025 was a tricky year for the npm ecosystem with phishing attacks, Shai Hulud, and changes to npm’s token system. For 2026, GitHub has announced even more changes for publishing npm packages with a new ‘staged publishing’ model that will introduce a review period before packages go live.

Sarah Gooding (Socket)

Finally: A Database AI Agents Can Actually Use — Let your AI agents work directly with PostgreSQL, safely. Instant database forks for testing, native vector search for RAG, built-in guardrails for production. Agentic Postgres handles the complexity so your agents can focus on solving problems.

Tiger Data (creators of TimescaleDB) sponsor

require(esm) in Node: From Experiment to Stability — Joyee Cheung is a long-standing core Node.js contributor and largely responsible for Node’s support for require(esm) (i.e. the ability to load ES modules using require). In this new two-part series, she explains what it took to make require(esm) happen and the details of its implementation.

Joyee Cheung

📺 Joyee also covered some of the above in her fantastic talk, Shipping Node.js packages in 2025, given at Nordic.js.

IN BRIEF:

Reddit’s /r/node discussed why Node.js isn’t considered “enterprise” compared to, say, C# or Java.

pnpm‘s lead maintainer, Zoltan Kochan, presents a look back at how 2025 was a transformative year for the project.

Fixing TypeScript Performance Problems: A Case Study — A big monorepo-based TypeScript project was suffering sluggish IntelliSense, long type-checking times, and slow builds, but Solomon’s team found some ways to significantly improve things.

Solomon Hawk

📄 How to Automatically Load .env Files in Node Scripts – It’s a stable built-in feature, since Node 24. Stefan Judis

📄 Benchmarking Express 4 vs Express 5 – As always with benchmarks, be sure to run your own tests before coming to a conclusion. RepoFlow

📄 How Pre-Tenuring Works in V8 Andy Wingo

📄 How to Compile JavaScript to C with Static Hermes Devon Govett

📄 Implementing Streaming JSON in 200 Lines of JavaScript Krasimir Tsonev

🛠 Code & Tools

npmgraph: A Tool to Visualize npm Module Dependencies — Give this Web-based tool one or more npm package names (or a package.json file) to see a visualization of the dependency graph for packages, including where they intersect. Packages can be colored by various criteria (like number of maintainers) and you can download an SVG of the resulting graphs.

Kieffer, Brigante, et al.

Fabric.js 7: A JavaScript HTML5 Canvas Library — Suitable for both browsers and Node (thanks to node-canvas), Fabric provides an object model on top of canvas elements, as well as SVG-to-canvas and canvas-to-SVG features. There are also lots of demos, complete with code, to enjoy.

Bogazzi, Nen, et al.

Stop Credential Stuffing Attacks — Clerk’s Free Client Trust Feature — Automatic 2FA on untrusted devices when valid passwords are used. No config needed. Free for all Clerk plans.

Clerk sponsor

pnpm 10.27 – The alternative, efficient (and increasingly security-focused) package manager gets some tweaks, including a setting to ignore trust policy checks for packages published more than a specified time ago.

🔎 file-type 21.2 – Detect file type from a Buffer, Uint8Array, or ArrayBuffer. v21.2 adds support for Mach-O Universal binaries.

Fast HTML Parser 7.0.2 – High performance HTML parser that generates a simplified DOM, with basic element query support.

Middy 7.0 – Node.js middleware engine for AWS Lambda. Now supports Durable Functions.

Node File Trace 1.2 – A tool that determines exactly which files are necessary for an app to run.

Orange ORM 4.8 – Object Relational Mapper (ORM) for Node, Bun and Deno.

Repomix 1.11 – Pack an entire repository into a single, LLM-friendly file.

hot-shots 12.0 & 12.1 – Node.js client for statsd, DogStatsD, and Telegraf.

📢  Elsewhere in the ecosystem

A roundup of some other interesting stories in the broader landscape:

MicroQuickJS is a new JavaScript engine from Fabrice Bellard, the creator of QuickJS, focused on embedded systems and that can run with as little as 10KB of RAM.

Ultimate Linux is a curious experiment to build a minimal userspace for Linux entirely in JavaScript (and powered by the aforementioned QuickJS).

Addy Osmani shares 21 valuable lessons from spending 14 years at Google. Solid advice for remaining a competent and engaged engineer over time.

The results of the State of HTML 2025 survey are now available.

TIL you can get your GitHub profile pic by adding .png to your GitHub profile page’s URL, i.e. github․com/USERNAMEHERE.png – you can also append .keys to get public keys and .atom to get a feed of public timeline activity.

Categories: Javascript

Related Posts

  • #​608 — January 22, 2026 Read on the Web Node.js 25.4.0 (Current) Released — Another gradual step forward for Node with require(esm) now marked as stable, as well as the module compile cache, along with a variety of other minor tweaks. Joyee Cheung of the Node team has written a thread on Bluesky going deeper

    Posted by
    0

  • #​769 — January 20, 2026 Read on the Web JavaScript Weekly jQuery 4.0 Released — 20 years on from its original release, the ever-popular (in terms of actual usage) library reaches 4.0 with a migration to ES modules (compatible with modern build tools) along with dropping support for IE 10 and older. With jQuery being

    Posted by
    0

  • #​607 — January 15, 2026 Read on the Web ⚠️ The Node.js January 13, 2026 Security Releases — Originally expected in December, these releases (of Node.js 25.3.0, 24.13.0, 22.22.0, and 20.20.0) finally landed this week, largely due to their complexity and the scope of the vulnerabilities they tackle. More on that in the next item! The Node.js

    Posted by
    0

  • #​768 — January 13, 2026 Read on the Web JavaScript Weekly Web Dependencies are Broken; Can We Fix Them? — Lea, who has worked at the heart of Web Standards for years, delivers a compelling (and educational) call to action about a problem every JavaScript developer has encountered: why is managing dependencies and introducing them

    Posted by
    0

  • #​767 — January 6, 2026 Read on the Web 🎉 Happy New Year. JavaScript Weekly is now landing in your inboxes on Tuesdays, so here we are! Let’s see what 2026 brings.__Your editor, Peter Cooper JavaScript Weekly The 2025 JavaScript Rising Stars — At the start of each year, Michael rounds up the projects in the

    Posted by
    0

  • #​766 — December 19, 2025 Read on the Web 🗓️ As it’s the last issue of 2025, a reminder that JavaScript Weekly moves to Tuesdays in January. See you again on January 6, 2026!__Your editor, Peter Cooper JavaScript Weekly It’s the final issue of the year, so we’re going to cover a few new items, then

    Posted by
    0

Leave a Reply

Your email address will not be published. Required fields are marked *

Generated by Feedzy