‘Twas the Node before Christmas…
#605 — December 16, 2025
🗓️ Today we’re taking a look back over some of the big stories and links that got you clicking this year. Also, Node Weekly will be moving to Thursdays in January 2026, as part of a reshuffle for many of our newsletters.
__
Your editor, Peter Cooper
This is our final issue of the year, with a focus on looking back at what happened with Node in 2025, as well as the most popular items readers enjoyed. First, though, we do have a few items of news:
Node.js v24.12.0 (LTS) Released — Node’s implementation of type-stripping in order to be able to run TypeScript natively reaches a conclusion of sorts with the support being marked as stable for the first time in the active LTS release.
Michaël Zasso
💡 Deno 2.6 was also released with a new npx-like tool called dx to run binaries from npm and JSR packages, a deno audit tool for identifying vulnerabilities in dependencies, and yet more Node.js compatibility enhancements.
CERN Upgrades Its Data Stack: Here’s the Database Behind It — The NextGen Archiver at CERN depends on high-performance ingestion and fast analytics. Discover why TimescaleDB beat pure PostgreSQL and legacy systems with superior throughput, 7–10x compression, and dramatically faster queries.
Tiger Data sponsor
SECURITY RELEASES: The expected December 15 Node.js releases have been bumped back to this Thursday, December 18. New versions of the 25.x, 24.x, 22.x, and 20.x release lines are expected to fix a handful of security vulnerabilities.
MONGOOSE: Valeri Karpov gives us an update on what’s new in Mongoose 9.0, the MongoDB object modeling library for Node.
⚙️ pnpm 10.26 has landed with stricter security defaults for git-hosted dependencies, allowBuilds for granular script permissions, and a new setting to block exotic transitive dependencies.
🏆 The Top Items of 2025
The top items of the year based upon the aggregated number of clicks by readers, whether in email, on the Web, or through our RSS feed:
1. 15 Recent Node Features that Replace Popular npm Packages — Clearly trimming dependencies is on many people’s minds as the most popular item of 2025 was about ditching unnecessary packages for built-in Node alternatives.
Lizz Parody
2. A Modern Guide to Reading and Writing Files in Node — A valuable, comprehensive guide to various methods for working with files, something that doesn’t often get blogged about.
Luciano Mammino
Extract Text from PDFs Using REST APIs — Pull text from PDFs for search, AI, or automation workflows — full Python example included.
Foxit Software sponsor
3. Modern Node.js Patterns for 2025 — Halfway through the year, Ashwin reminded us of various features the modern Node environment provides us, including ES modules, built-in Web APIs, the test runner, watch mode, the permission model, import maps, and more.
Ashwin
4. Node.js Testing Best Practices — A detailed guide to modern testing in Node from a group of developers who know all about it.
Goldberg, Salomon, and Gluskin
5. How V8 Made JSON.stringify More Than Twice as Fast — The V8 team shows off how they made JSON.stringify over twice as fast, at least in V8 13.8 or higher (currently only true of Node v25 which ships with V8 14.1).
Patrick Thier (V8)
6. ⚙️ Node Modules Inspector — A tool that runs pnpm inside your browser, “installs” a package, then analyzes its dependencies.
Anthony Fu
7. Subverting Control with Weak References — Node supports WeakMap and WeakRef for working with weak references and James is a big fan of the extra abstractions they unlock.
James Long
8. The Many, Many, Many JavaScript Runtimes of the Last Decade — A fantastic, well-researched look at the myriad of JavaScript runtimes and engines both past and present, from mainstream picks like Node and Bun, to cloud platforms and more obscure ‘honorable mentions’. A perfect way to round out your knowledge of JavaScript’s runtime story.
Whatever, Jamie
🗓️ Node.js in 2025: Month by Month
JANUARY – We start and end the year in the same place, with the ability of Node being able to run TypeScript being new early in the year, and now ending the year with Node.js v24.12.0 (LTS) making it stable in an LTS release. We also got a major update on progress with Express.js. NodeBB v4.0 was released too.
FEBRUARY – TypeScript 5.8 was a big release for Node developers in particular, with support for require() of ES modules with –module nodenext and an –erasableSyntaxOnly option for generating code that Node 22.6+’s type-stripping features could deal with.
MARCH – The Node.js project got its own official community space on Discord. It now has almost 22,000 members. The Node.js TSC also voted to stop distributing Corepack by default. Express 5.1 was released.
APRIL – Koa 3.0 was released, and Microsoft warned us about Node’s increasing role in malware. A major Node.js collaboration summit also took place in Paris.
MAY – Node.js v24.0 was released. The Glitch platform announced it was shutting down. Platformatic began bringing PHP and Node together.
JUNE – I think everyone took an early summer break as it was very quiet!
JULY – A discussion, still ongoing, began about shifting Node to annual major releases and shortening the LTS timeframe.
AUGUST – TypeScript 5.9 was released.
SEPTEMBER – A messy autumn for npm package security began with a variety of packages being compromised in a phishing attack. In response, pnpm added support for delayed dependency updates. Cloudflare Workers introduced support for Node.js HTTP servers and improved Node compatibility generally. macOS Tahoe users found Electron apps were very laggy due to a change in a private API.
OCTOBER – Node.js v25.0 was released and Node.js 24 became the active LTS release.
NOVEMBER – Type stripping went ‘stable’ in Node v25.2 and Marco Ippolito shared his personal story of how type stripping was shipped. The now-named Shai Halud supply chain attack reared its ugly head in a ‘version 2’ form.
DECEMBER – Where we are now: it’s been a relatively quiet month so far!
📰 Classifieds
✍️ Add e-signatures to your Node.js app in minutes with the BoldSign Node.js SDK—powered by our e-signature API. Get your free API key today.
The Road to Next is a course by Robin Wieruch for learning full-stack web development with Next.js 15 and React 19. The perfect match for JavaScript developers ready to go beyond the frontend.
🎁 P.S. We hope you have a great holiday season and we’ll be back on Thursday, January 8.
