Weekly GitHub Report for Node: August 04, 2025 - August 11, 2025 (22:40:37)

Weekly GitHub Report for Node

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

---

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v23.10.0

1.2 Version Information:

Released on March 13, 2025, this version introduces the --experimental-config-file feature, allowing developers to use JSON configuration files to simplify flag management for the test runner and other experimental features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, various error handling improvements, and multiple dependency and documentation enhancements.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. node 22.18 breaks npm pakcage because of experimental-strip-types enabled: This issue reports that the Node.js 22.18.0 release introduced an experimental feature called experimental-strip-types enabled by default, which breaks builds and test runs in projects using tools like Mocha and ts-node, requiring the addition of the --no-experimental-strip-types flag to restore previous behavior. Users highlight that this change causes errors such as undefined __dirname, module import failures, and assertion errors, and many recommend upgrading testing frameworks (e.g., Mocha to version 11) or disabling the feature to avoid breakage, arguing that such experimental features should not be enabled by default in a minor LTS release.

   • The comments discuss various reproduction scenarios and error messages, confirm the issue affects multiple environments and tools (Mocha, ts-node, esbuild-register), and share workarounds including using --no-experimental-strip-types or upgrading Mocha. Contributors analyze the root causes related to module loading and type stripping, note differences in behavior across versions, and emphasize the importance of providing minimal repros; some confirm that upgrading to Mocha 11 resolves the problem, while others still require disabling the feature due to custom loaders.
   • Number of comments this week: 23

2. Regression: require() with runtime loaders crashes in v22.18.0 – TypeError undefined.getStatus() in getModuleJobForRequire: This issue describes a regression bug introduced in Node.js version 22.18.0 where requiring an ES module with runtime loaders causes a crash due to a missing null check in the internal module loader, resulting in a TypeError when attempting to call getStatus() on an undefined value. The problem specifically affects scenarios involving pure ES modules like the chalk package and was traced back to a commit that changed the module loading behavior from asynchronous to synchronous, allowing an undefined value to be dereferenced.

   • Commenters discussed difficulties reproducing the issue with the minimal example, noting that the problem often appears in complex environments such as Storybook with custom loaders like esbuild-register. Multiple users confirmed the error occurs consistently in v22.18.0 but not in earlier versions, and it was suggested that upgrading to v23.0.0 resolves the issue.
   • Number of comments this week: 7

3. [sqlite] Positional numbered question mark parameters are incorrectly bound as named parameters: This issue reports that in the Node.js SQLite subsystem, positional numbered question mark parameters (e.g., ?1) are incorrectly treated as named parameters rather than positional ones, causing binding errors when running prepared statements. The user demonstrates that while other implementations like Python correctly bind these parameters positionally, the Node.js implementation requires passing an object with named keys, which defeats the intended purpose of numbered positional parameters.

   • The comments discuss the discrepancy between SQLite’s documentation and Node.js’s behavior, with references to Python examples and SQLite’s C API clarifying that ?NNN parameters have names but are intended to be ordinal. Contributors debate whether ?NNN should be treated as positional or named parameters, ultimately agreeing that positional binding makes more sense, and a pull request has been made to address the issue.
   • Number of comments this week: 6

4. When using --watch, restarting the process does not kill child processes: This issue reports that when using Node.js with the --watch flag, restarting the process does not terminate child processes as expected, causing them to continue running until their natural timeout or until the main process is killed. The user highlights an inconsistency in behavior between normal execution and watch mode, where child processes spawned without detachment should be terminated upon restart but are not, leading to potential resource leaks.

   • The comments discuss the underlying challenge that child processes may be designed to outlive their parent and that Linux does not reliably kill child processes when a parent terminates unless specific signals are used. It is noted that the --watch mode simulates restarts without actually terminating the parent process, which explains why child processes persist. The conversation emphasizes that Node.js cannot guarantee killing child processes in all scenarios and suggests that clearer documentation or tooling might be needed to manage child process lifecycles more explicitly.
   • Number of comments this week: 6

5. util.inspect incorrectly formats negative fractional numbers with numericSeparator: true: This issue reports a bug in the util.inspect function where negative fractional numbers between -1 and 0 are incorrectly formatted when the numericSeparator option is enabled, resulting in missing minus signs and duplicated decimal points. The expected behavior is for these numbers to be displayed as valid JavaScript numeric literals with correctly placed numeric separators, but the current output omits the negative sign and inserts an extra decimal point, causing syntactic errors.

   • The comments analyze the root cause in the formatting code, identifying that coercion to string loses the minus sign and causes duplicated decimal points; a suggested fix involves preserving the sign before applying numeric separators or adjusting the string conversion logic. One commenter volunteers to attempt a fix, and another encourages submitting a pull request referencing the issue.
   • Number of comments this week: 3

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

1. Flaky GC-related tests with V8 12.2: This issue addresses flaky garbage collection-related tests that have become unreliable with the update to V8 version 12.2, specifically mentioning tests like test-shadow-realm-gc-module, test-shadow-realm-gc, and test-net-write-fully-async-hex-string. The proposed approach is to skip these tests temporarily due to their instability caused by changes in V8's GC strategy, with plans to find a more robust testing method in the future.
2. Flaky test-worker-arraybuffer-zerofill with V8 12.2: This issue concerns the flaky behavior of the test-worker-arraybuffer-zerofill test when running with V8 version 12.2, where the test intermittently fails due to a timeout after approximately 300 seconds. The problem may stem from either a genuine bug or broken timing assumptions causing lost messages, and the current approach is to mark the test as flaky while adding additional logging to aid in debugging.
3. Support loading dynamic addon modules (.node files) when embedding the Node.js shared library without needing to link with node.def: This issue addresses the challenge of loading dynamic Node.js addon modules (.node files) on Windows when Node.js is embedded as a shared library, without requiring the embedding executable to link against the node.def file to reexport necessary symbols. The proposed feature suggests modifying the delay load hook to optionally use an environment variable to locate the Node.js shared library module handle, enabling addon modules to load correctly in embedded scenarios, though potential security concerns with this approach remain to be evaluated.
4. Please make Node.js embeddable (e.g. libnode): This issue requests the creation of an embeddable version of Node.js, such as a libnode library, to allow projects to integrate the Node.js runtime and standard library within other host environments, like Rust-based applications. The current lack of an official embeddable Node.js runtime forces developers to rely on incomplete alternatives, and this feature would enable better reuse of existing tooling and dependencies without requiring significant rewrites.
5. unable to sign with external OpenSSL engine after usage of crypto.hash: This issue describes a problem where signing data with an external OpenSSL engine (specifically the gost-engine) fails after using the crypto.createHash method in Node.js version 21.7.1 on a Linux Debian system. The error occurs consistently and produces an "unsupported" digital envelope routines error, which did not happen in earlier Node.js versions (21.6.2 and before), suggesting a regression likely introduced by recent changes in the Node.js crypto subsystem.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 19

Summarized Issues:

• Module Specifier and ES Module Handling Issues: Several issues highlight problems with module specifier parsing and ES module behavior in Node.js. One bug causes the module specifier @/foo to be incorrectly accepted as valid due to flawed length checks, while another reports that requiring ES modules with runtime loaders crashes due to missing null checks. Additionally, the REPL's --import flag incorrectly exposes require in ES module scope, violating expected behavior.
• [issues/59359, issues/59366, issues/59374]

• REPL and Input Handling Bugs: The Node.js REPL exhibits multiple issues including incorrect preview formatting for very large bigint operations and a crash triggered by pasting large multiline JSON objects followed by history navigation. These bugs affect usability and stability when working with complex or large inputs in the REPL environment.
• [issues/59361, issues/59431]

• Experimental Features and Release Stability Concerns: The introduction of the experimental-strip-types feature in Node.js 22.18.0 causes build and test failures, particularly with Mocha and ts-node, unless disabled explicitly. This has raised concerns about enabling experimental features by default in minor LTS releases, impacting developer workflows.
• [issues/59364]

• JSON Parsing and simdjson Integration Proposals: There are proposals to expose the internal simdjson parser to userland via an experimental flag or module to enable high-performance JSON parsing and gather feedback. A related suggestion involves using simdjson::pad for string padding to improve parsing, with caution advised for contributors.
• [issues/59373, issues/59389]

• Output Formatting and Inspection Errors: The util.inspect function incorrectly formats negative fractional numbers with numeric separators, producing invalid JavaScript literals. This formatting bug affects the correctness of inspected output for certain numeric values.
• [issues/59376]

• Process and Child Process Management Issues: Using the --watch flag in Node.js does not terminate child processes on restart, causing them to linger unexpectedly. This behavior differs from normal execution and can lead to resource management problems.
• [issues/59380]

• Hook API and Module Loading Failures: Overriding the load hook via registerHooks to ignore CSS imports results in an ERR_INVALID_RETURN_PROPERTY_VALUE error due to invalid return values, causing failures in test environments like Playwright.
• [issues/59384]

• Input History Privacy Flaw: The readline module incorrectly includes sensitive user input entered via rl.question() in its internal history, exposing data that should be excluded.
• [issues/59390]

• Process Exit Diagnostics Enhancement Proposal: A proposal suggests enhancing the process.on('exit') handler to provide more detailed context about dangling promises and other events, aiming to help developers detect subtle bugs caused by missing await statements.
• [issues/59397]

• Development Environment Setup Guidance: A user requests guidance on setting up Visual Studio Code for effective development, navigation, building, and testing within the Node.js codebase repository.
• [issues/59399]

• REPL Customization Feature Request: There is a proposal to add an option to customize the REPL subprompt string, addressing issues caused by a recent change that shortened the subprompt length and negatively impacted dependent software.
• [issues/59401]

• URL Parsing and Windows Path Handling Proposal: A proposal aims to implement Windows file path handling in Node.js URL parsing to convert drive letter patterns into standardized file:/// URLs with forward slashes, ensuring compliance with the WHATWG URL specification.
• [issues/59415]

• JUnit XML Reporting Deficiencies: The Node.js test runner's JUnit XML output lacks the ability to set a custom classname attribute and omits the file attribute in <testcase> elements for failed tests. These omissions affect integration with tools like GitLab that rely on these attributes for proper test report rendering.
• [issues/59417, issues/59422]

• Build Configuration and OpenSSL Option Conflicts: Building Node.js with --without-ssl fails during the node_mksnapshot step if OpenSSL-related options are set in NODE_OPTIONS, causing obscure errors. The issue suggests ignoring or no-oping these options or providing clearer error messages when OpenSSL is disabled.
• [issues/59435]

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 8

Summarized Issues:

• Compression dictionary support in zlib: The Node.js zlib library currently lacks support for zstd compression dictionaries, which causes errors when decompressing archives that require a dictionary. The issue proposes adding functionality to enable dictionary usage during zstd (de)compression to resolve these errors.
• issues/59105

• ESM module evaluation order discrepancies: There is a discrepancy in the evaluation order of ESM modules between Node.js and browsers, where asynchronous dynamic imports (await import()) do not block subsequent JavaScript statements as expected. This leads to race conditions and differing output results across Node.js versions and browser environments.
• issues/59362

• Windows build failures in GitHub Actions: The GitHub Actions workflow for Windows coverage builds is failing on the main branch due to compiler errors related to non-static data members and macro expansions in the QUIC transport code. This issue appears to be compiler-specific since the Jenkins CI on Windows passes without errors.
• issues/59369

• Invalid regular expression syntax on Windows: Running a JavaScript file containing the regular expression /[\w-$]/u in Node.js v24.5.0 on Windows causes a SyntaxError because the regex is considered invalid due to an improper character class. This error causes the process to exit instead of executing the script successfully.
• issues/59378

• Relative paths in Response.redirect: The Response.redirect method currently fails with a TypeError in server-side runtimes like Node.js and Deno when given relative paths such as "/test". This contrasts with browsers where relative paths work because of a default base URL, which is absent in these server-side environments.
• issues/59402

• Issues with no description or comments: Several issues including "Do" (closed), a testing-related issue, and one about a file named Ecz_zm.js contain no description or comments, providing no additional information about their content or purpose.
• issues/59400, issues/59403, issues/59409

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

---

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 40

Key Open Pull Requests

1. tls: add 'as' option to getCACertificates() for X509Certificate output: This pull request adds an 'as' option to the tls.getCACertificates() method, allowing it to return CA certificates either as Buffers (default) or as crypto.X509Certificate instances, includes input validation, updates internal logic accordingly, and provides tests and documentation updates for this new functionality.

• URL: pull/59349

• Merged: No

• Associated Commits: 51c1e, 4821d, 452d3, 6ad51, d83c0, 20f32, 4d143, c5466, 69710, 29ea9, a7600, 96e8a, 34451, 0bc8a, 105f2

2. crypto: modern algorithms in Web Cryptography API: This pull request implements modern cryptographic algorithms and utility functions—including ML-DSA, ChaCha20-Poly1305, SHA-3, and SHAKE variants—into the Web Cryptography API for Node.js, based on a new WICG proposal, while adding feature detection and public key derivation methods and ensuring compatibility with BoringSSL.

• URL: pull/59365

• Merged: No

• Associated Commits: 64ec8, 98cb8, 84aab, dabf6, 95a1b, 1baa9, 72542, d9776, c0a7d, e7587, 7a3b1

3. src: use simdjson::pad: This pull request proposes updating the source code to utilize the simdjson::pad feature, including multiple commits that modify the src/node_modules.cc file and apply lint fixes, as referenced in issue #59389.

• URL: pull/59391

• Merged: No

• Associated Commits: bd3bc, 6823e, fcc2e, fd4ec, 55217, 97e21

Other Open Pull Requests

• Test reliability improvements: Multiple pull requests focus on fixing flaky tests and improving test reliability by addressing issues such as missing session reuse options, invalid argument types, and better assertion handling. These changes include adding delays, fixing client arguments, and replacing mustCall with mustSucceed to clarify test intent and prevent errors.
• [pull/59423, pull/59357, pull/59368, pull/59367]

• HTTP and proxy performance optimizations: Several pull requests optimize HTTP-related functions, including IPv6 hostname normalization, HTTP header processing, and the shouldUseProxy function. These improvements replace regex with string operations, enhance internal logic, and demonstrate significant performance gains through benchmarks.
• [pull/59420, pull/59386, pull/59426]

• Utility module fixes and enhancements: Pull requests address bugs and improvements in the util module, such as fixing negative fractional number formatting in util.inspect() and ensuring error messages include color aliases. These changes improve output correctness and error message clarity.
• [pull/59379, pull/59383]

• Documentation updates: Multiple pull requests update documentation to fix typos, clarify type usage, and improve descriptions, including correcting the use of integer to number, fixing http.md, and clarifying the bsize field in fs.statfs.
• [pull/59421, pull/59354, pull/59407]

• SQLite improvements: Pull requests fix SQLite-related issues by handling bind parameters formatted as positional parameters and adding a unique sqlite-type symbol for the DatabaseSync class to improve type checking and reduce duplicate properties.
• [pull/59350, pull/59405]

• Code clarity and efficiency improvements: Several pull requests replace startsWith checks with strict equality comparisons in various modules, including HTTP and loopback address checks, to improve code clarity and performance without changing behavior.
• [pull/59375, pull/59394, pull/59377]

• Test coverage and reporting enhancements: Pull requests add support for coverage control comments in the test runner and improve JUnit XML reporter by adding file attribute support for better CI/CD integration.
• [pull/59418, pull/59432]

• Security and compatibility updates: Pull requests update OpenSSL post-quantum cryptography checks for compatibility with newer OpenSSL versions and add Intel CET support notes in assembly source files to enable security features during linking.
• [pull/59436, pull/59363]

• Module resolution and inspection improvements: Pull requests introduce a new V8 module resolution API to reduce lookup overhead and add initial WebSocket inspection support in the Node.js inspector using diagnostic events from the undici HTTP client.
• [pull/59396, pull/59404]

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 42

Key Closed Pull Requests

1. meta: clarify pr objection process further: This pull request clarifies the pull request objection process in the collaborator guide by specifying that objections must be made within the PR itself, that all objections carry equal weight regardless of the objector's role, and that revert or fixup PRs following mistakes are subject to the same objection process with potential for fast-tracking if uncontroversial.

• URL: pull/59096

• Merged: 2025-08-06T14:30:53Z

• Associated Commits: 14193, 8266a, 98906, a6ef5, 63a6c, 74af4, 6df48, a42de, 8bea1, e12cd, 87a00, 98273, 67acf, 64a01

2. crypto: support ML-DSA KeyObject, sign, and verify: This pull request adds support in the Node.js crypto module for ML-DSA asymmetric KeyObject types introduced in OpenSSL 3.5, enabling key import/export in multiple formats, key generation, signing, and verification functionalities as part of advancing post-quantum cryptography standards.

• URL: pull/59259

• Merged: 2025-08-06T21:49:30Z

• Associated Commits: 69fc4, ce580, d8d10, 24670, aaa2d, bba6d, a3a2f, 46786, e1598, 7e614, 657b4, fd954, 7b102

3. http: add server.keepAliveTimeoutBuffer option: This pull request introduces a new configurable option, server.keepAliveTimeoutBuffer, which adds an additional buffer time to the HTTP keep-alive socket timeout to help prevent ECONNRESET errors by ensuring the server does not close sockets prematurely, replacing a previously hardcoded constant and including updated documentation and tests.

• URL: pull/59243

• Merged: 2025-08-04T13:47:10Z

• Associated Commits: efe40, 68d89, d7964, 7af84, 57472, 6c807, 6daf1

Other Closed Pull Requests

• Stream Implementation Enhancements: This topic covers the introduction of a minimal DummyWritableStream that provides a no-op writable stream for structural compatibility without actual data handling. This addition improves code clarity and supports consistent internal and testing utilities.
  [pull/59346]

• Windows Path and Compilation Fixes: These pull requests improve handling of Windows reserved device names in UNC paths and fix compilation errors related to Windows coverage in the QUIC implementation by resolving macro conflicts. These changes prevent incorrect skipping of device names and address issue #59369 for better Windows support.
  [pull/59286, pull/59381]

• Crypto Module Updates: This group includes updates to skip unsupported ciphers for BoringSSL compatibility, refactoring WebCrypto key import/export code to prepare for modern algorithms without changing behavior, and removal of the unused DSAKeyExportJob related to Node-only Web Cryptography algorithms. These changes enhance crypto module compatibility and code cleanliness.
  [pull/59388, pull/59284, pull/59291]

• Test Runner and Reliability Improvements: This topic addresses bugs in the JUnit reporter by fixing the isSkipped function and preventing crashes when test events lack details, as well as splitting a large flaky test file into smaller files to improve test reliability and failure identification on Windows.
  [pull/59317, pull/59408]

• TypeScript and Typings Enhancements: This pull request improves internal TypeScript typings by adding detailed type definitions for the encoding_binding internal binding, enhancing type safety and developer experience within the Node.js project.
  [pull/59351]

• Build Configuration and Version Checks: These pull requests add a check for the Apple clang version in the configure script to address version discrepancies and update documentation on minimum required Xcode and Visual Studio versions, alongside fixing OpenSSL version detection in configure.py when using pkg-config. These changes improve build configuration accuracy and documentation.
  [pull/59358, pull/59353]

• Worker Threads Improvements: This set introduces the ability to assign names to worker threads for better identification and logging, and proposes getter/setter methods to protect the global object's _eval property, enhancing encapsulation and usability in the worker_threads module.
  [pull/59213, pull/59258]

• Compression API Enhancements: This pull request adds optional dictionary support to zlib’s zstdCompress and zstdDecompress APIs, enabling improved compression ratios with dictionary buffers supported in both streaming and convenience methods, along with updated tests and documentation.
  [pull/59240]

• Memory API Optimization: This pull request optimizes memory API usage by ensuring the reported constrained memory value is the minimum between constrained_memory and uv_get_total_memory, guaranteeing constrained memory is always reported even if zero.
  [pull/59260]

• Code Quality and Documentation Fixes: These pull requests fix a grammatical error in documentation, remove a deprecated API call from the domain module, and correct broken Markdown reference links related to server.keepAliveTimeoutBuffer in HTTP API docs, improving clarity and maintainability.
  [pull/59344, pull/59339, pull/59356]

• Warning and Environment Variable Additions: This topic includes the introduction of a minor warning about the use and potential invalidation of FastOneByteString and the addition of the environment variable NODE_USE_SYSTEM_CA=1 to complement the existing CLI option for system CA usage in worker processes.
  [pull/59275, pull/59276]

• HTTP Agent Configuration Proposal: This pull request proposes adding a configurable keepAliveTimeoutBuffer option to the HTTP Agent to replace a hardcoded timeout buffer value, including validation, tests, and documentation, but it was not merged.
  [pull/59352]

• Performance and Optimization Enhancements: This pull request marks realm leaf classes as final to enable better compiler optimizations by leveraging virtual method usage extensively in these classes.
  [pull/59355]

• Code Iteration Safety Improvement: This pull request modifies the getErrMessage() function by replacing a for...of loop with an index-based for loop to improve safety in array iteration, following Node.js contributing guidelines.
  [pull/59278]

• Configuration Parsing Improvement: This pull request proposes using the simdjson library to parse the SEA configuration in the Node.js source code to potentially improve parsing performance and efficiency.
  [pull/59323]

• Documentation Consistency Fix: This pull request partially reverts a previous change by renaming the documentation reference from x509.extKeyUsage back to the correct property name x509.keyUsage, ensuring consistency with the actual code implementation.
  [pull/59332]

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

---

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.

Contributor	Commits	Pull Requests	Issues	Comments
jasnell	26	5	2	92
joyeecheung	24	7	7	17
panva	35	7	1	10
haramj	35	3	0	9
aduh95	11	1	0	28
himself65	15	4	1	17
RafaelGSS	20	3	0	5
addaleax	5	1	0	21
theanarkh	10	7	0	9
Renegade334	10	3	0	12