NodeBB, the Node.js powered forum system
#563 — January 21, 2025
NodeBB v4.0.0 Released: Node.js Powered Forums — Now almost 12 years old, NodeBB continues to offer a classic forum experience in a modern Node.js-shaped guise. The big update for v4 is support for federation between NodeBB instances and the wider fediverse generally. Note that the open source project (repo) is GPL licensed with NodeBB Inc providing a hosted service.
NodeBB, Inc.
The January 21, 2025 Security Releases — Not yet released at the time of publication, but coming to you any moment soon, are fresh releases of the Node 23.x, 22.x, 20.x, and 18.x release lines to tackle some as yet undisclosed security issues.
The Node.js Project
Skip the Auth0 Headaches — Stytch cuts engineering time for auth and fraud, while giving you more control with pre-built UIs, headless SDKs, backend SDKs, and APIs. Plus, no rate limits or price gouging, and expert support on every plan. Check out our Node quickstart guide.
Stytch sponsor
IN BRIEF:
Version 11.0 of the popular NestJS framework has been released. We’re waiting for the full blog post to land, but it seems to be a big update (and now uses Express v5). There’s a v10 to v11 migration guide.
Vercel is deprecating the use of Node 18 on August 1, 2025.
GitHub’s Dependabot (the automated dependency update system) no longer supports npm 6 and demands npm 9 or later.
TypeScript Enums: Use Cases and Alternatives — A look into one of TypeScript’s features that has no direct JavaScript parallel (and hence won’t survive Node’s type stripping approach, though there’s always –experimental-transform-types or tsx).
Dr. Axel Rauschmayer
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar — Recent research has found several malicious packages ‘typosquatting’ the terminal string styling library Chalk and file-watching library Chokidar — targeting Node devs with security issues.
Kush Pandya (Socket)
📄 Promise.race and Promise.all Are Not “Fair” – That is to say, they have bias and aren’t entirely random. Chris Krycho
📄 Fetch and HTTP/2 Support in Node, Bun and Deno Georges Haidar
🛠 Code & Tools
ArkType 2.0: Runtime Validation Library — An easy-to-deploy solution for schema validation that can infer TypeScript definitions 1:1 and use them as optimized validators for your data, both at runtime and for immediate type-level feedback in your editor.
ArkType
react-nil 2.0: A React ‘Null Renderer’ — An interesting experiment to use React in situations where you don’t need it to render anything, but you want to use hooks, suspense, context, and other bits of the React lifecycle. Like in, say, a Node app.
Poimandres
Protect Against Bots, Fraud, and Abuse in Real Time — WorkOS Radar protects your app with advanced device fingerprinting — stop fake signups, free tier abuse, bot attacks and brute force attempts today.
WorkOS sponsor
Electron 34.0.0 — The JS, HTML and CSS desktop app framework updates to Chromium 132, Node 20.18.1, and adds a way to access the JavaScript call stack of unresponsive renderers.
Electron Team
file-type 20.0: Detect the File Type of a Buffer, Uint8Array or ArrayBuffer — For example, give it the raw data from a PNG file, and it’ll tell you it’s a PNG file. Uses a ‘magic number’ approach so is targeted solely at non text-based formats. v20 adds support for yet more formats, including JARs, Word/Excel templates, and now supports ZIP decompression.
Sindre Sorhus
😀 Happy DOM 16.7 – Cross-runtime JS implementation of a web browser sans UI. Now with support for simulating local HTTP servers that serve files from the local fileNBSPsystem.
better-sqlite 11.8 – A neat way to use SQLite from Node. Now supporting SQLite 3.48.0.
Faker 9.4 – Generate fabricated data to your heart’s content.
🎶 Ableton.js 3.6 – Control instances of the Ableton DAW from Node.
Nightwatch.js 3.11 – Node.js end-to-end testing framework.
pg-diff 3.0 – PostgreSQL schema and data comparing tool.
qs 6.14 – Query string parsing and stringifying library.
YouTube.js 13.0 – JS client for YouTube’s private API.
Commander.js 13.1 – Node.js CLI app framework.
📰 Classifieds
💭 How can I help my Node.js app to adapt to changing demand? A simple how-to-guide, in three parts.
🚀 Master Fullstack, JS Backends & DevOps at Node Congress 2025! Join 5K devs worldwide on April 17-18. 2 days of talks & workshops!
📢 Elsewhere in JavaScript
A quick roundup of some of other interesting stories in the broader JavaScript landscape, in case you’ve missed them:
Learn Yjs is a nifty, still in-development, set of tutorials for learning how to build realtime collaborative apps using the Yjs CDRT library.
The latest version of Bun has added on-demand front-end bundling to its Bun.serve() feature.
If you’ve not worked with WASM yet, Hemath has an accessible introduction to the basics of WebAssembly.
The popular Astro framework has published a review of what happened with Astro in 2024.
Google has begun to require JavaScript for users making searches.