Weekly GitHub Report for Node: August 11, 2025 - August 18, 2025 (12:02:17)
Weekly GitHub Report for Node
Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.
Table of Contents
I. News
1.1 Recent Version Releases:
The current version of this repository is v23.10.0
1.2 Version Information:
Released on March 13, 2025, this version introduces the --experimental-config-file feature, allowing developers to use JSON configuration files to simplify flag management for the test runner and other experimental features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, improved error handling, and various tooling and documentation enhancements.
II. Issues
2.1 Top 5 Active Issues:
We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.
-
sqlite:
statement.setReadNullAsUndefined(): This issue proposes adding a feature to SQLite's JavaScript interface that allowsNULLvalues read from the database to be returned asundefinedinstead ofnull. This distinction is important because in JavaScript,nullandundefinedhave different semantic meanings, and returningundefinedcan reduce unnecessary data serialization and better represent sparse or optional data fields.- The comments discuss the practical importance of distinguishing
nullfromundefined, especially for serialization and web API efficiency, with examples of sparse data use cases. A pull request implementing thesetReadNullAsUndefined()method on statements has been submitted, and further discussion includes references to similar needs in other libraries and ORMs, highlighting broader community interest in this feature. - Number of comments this week: 5
- The comments discuss the practical importance of distinguishing
-
Problems building with
--without-ssland openssl-related options inNODE_OPTIONS: This issue addresses a build failure that occurs when Node.js is configured without SSL support but the environment variableNODE_OPTIONSincludes OpenSSL-related flags like--use-openssl-ca. The failure happens during thenode_mksnapshotstep, producing an obscure error, and the issue suggests either ignoringNODE_OPTIONSin this context, improving error messages, or allowing these OpenSSL flags to be treated as no-ops when SSL is disabled.- The comments discuss copying existing handling of
NODE_OPTIONSfrom the main Node.js code to thenode_mksnapshottool to prevent the failure, the need for better documentation and clearer error messages around this build step, and the potential implications of disablingNODE_OPTIONSduring snapshot creation, especially if runtime options are accessed in the snapshot. - Number of comments this week: 4
- The comments discuss copying existing handling of
-
Jest unit tests failing after upgrading to 24.6.X: This issue describes a problem where Jest unit tests fail after upgrading to Node.js version 24.6.0, specifically when using the
NODE_OPTIONS=--experimental-vm-modulesflag. The user reports consistent test failures with errors indicating module linkage problems and attempts to import files after the Jest environment has been torn down, whereas the tests worked correctly on Node.js version 24.5.- The commenters request a minimal reproduction to better understand the issue and reference a recent related change in the Node.js codebase. The original poster and others confirm the problem can be reproduced, and a minimal reproduction example is shared to aid in troubleshooting.
- Number of comments this week: 4
-
Neither NODE_USE_ENV_PROXY nor use-env-proxy work with npm run dev (next dev): This issue reports that setting the environment variable NODE_USE_ENV_PROXY does not enable proxy support when running a Next.js development server with the command npm run dev, despite it working in other contexts like n8n. The user is seeking a way to have Next.js respect the NODE_USE_ENV_PROXY setting or an alternative method to enable proxy support for fetch requests within Next.js.
- The comments clarify that Next.js manages its own environment and patches global fetch, which likely prevents NODE_USE_ENV_PROXY from working as expected. The user is advised to seek help in the Next.js community, and there is discussion about whether using alternative fetch implementations or providing a minimal reproduction repository could help diagnose the issue.
- Number of comments this week: 3
-
tlsSocket.getEphemeralKeyInfo() - doesn't display information for hybrid groups: This issue reports that the
tlsSocket.getEphemeralKeyInfo()method in Node.js does not return any information when using hybrid cryptographic groups introduced in OpenSSL 3.5, instead returning an empty object. The reporter provides reproducible code examples and expects the method to return detailed key information for hybrid groups similar to how it does for standard ECDH groups, highlighting a gap in current support for post-quantum hybrid keys.- The comments clarify that the current API only supports 'DH' and 'ECDH' types and has not yet been updated for hybrid or post-quantum keys introduced in OpenSSL 3.5. A contributor expresses interest in addressing this by extending the implementation to recognize hybrid keys dynamically and adding appropriate tests, indicating a planned enhancement rather than a bug.
- Number of comments this week: 3
2.2 Top 5 Stale Issues:
We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.
- Flaky GC-related tests with V8 12.2: This issue addresses flaky garbage collection (GC)-related tests that have become unreliable with the update to V8 version 12.2, specifically highlighting problems with the
test-shadow-realm-gc-module,test-shadow-realm-gc, andtest-net-write-fully-async-hex-stringtests. The discussion suggests skipping these tests temporarily due to their instability caused by changes in V8's GC strategy, with a note that the current testing methods may not accurately detect native memory leaks and that a more robust testing approach needs to be developed in the future. - Flaky
test-worker-arraybuffer-zerofillwith V8 12.2: This issue concerns the flaky behavior of thetest-worker-arraybuffer-zerofilltest when running with V8 version 12.2, where the test intermittently fails due to a timeout after approximately 300 seconds. The problem may stem from either a genuine bug or broken timing assumptions causing lost messages, and the current approach is to mark the test as flaky while adding additional logging to aid in debugging. - Support loading dynamic addon modules (
.nodefiles) when embedding the Node.js shared library without needing to link withnode.def: This issue addresses the challenge of loading dynamic Node.js addon modules (.nodefiles) on Windows when Node.js is embedded as a shared library, without requiring the embedding executable to link with thenode.deffile to reexport necessary symbols. The proposed feature suggests modifying the delay load hook to optionally use an environment variable to locate the Node.js shared library, enabling addon modules to load correctly without linking constraints, though potential security concerns with this approach remain uncertain. - Please make Node.js embeddable (e.g. libnode): This issue requests the creation of an embeddable version of Node.js, such as a
libnodelibrary, to allow projects to integrate the Node.js runtime and standard library directly within other host environments. The feature aims to address the current difficulty in embedding Node.js, which forces developers to rely on incomplete alternatives like Deno, and would particularly benefit use cases involving embedding Node.js in Rust-based applications. - unable to sign with external OpenSSL engine after usage of crypto.hash: This issue describes a problem where signing data with an external OpenSSL engine (specifically the gost-engine) fails after using the
crypto.createHashmethod in Node.js version 21.7.1. The user reports that while the signature operation works correctly in earlier versions (v21.6.2 and before), it produces an "unsupported" error related to digital envelope routines in the newer versions, indicating a regression likely caused by recent changes in the Node.js crypto subsystem.
2.3 Open Issues
This section lists, groups, and then summarizes issues that were created within the last week in the repository.
Issues Opened This Week: 10
Summarized Issues:
- OpenSSL and Build Issues: Building Node.js with the
--without-ssloption fails during thenode_mksnapshotstep if OpenSSL-related options are set inNODE_OPTIONS, causing obscure errors. The issue suggests thatnode_mksnapshotshould ignore these options, provide clearer errors, or treat such flags as no-ops when OpenSSL is disabled. - issues/59435
- Proxy Environment Variable and Flag Issues: The environment variable
NODE_USE_ENV_PROXYand the flag--use-env-proxydo not enable proxy usage when running a Next.js development server withnpm run dev, although they work in other Node.js contexts. This results in no proxy logs for server fetch requests during development. - issues/59439
- Garbage Collection and Memory Management: Block scoped variables in Node.js v22.18.0 are not properly garbage collected, leading to out-of-memory crashes when creating multiple large objects sequentially within block scopes. Using function scopes avoids this problem, indicating a scope-related memory management issue.
- issues/59442
- TLS and Cryptographic Key Information: The
tlsSocket.getEphemeralKeyInfo()method in Node.js 22.16.0 fails to display information for hybrid cryptographic groups, returning an empty object instead of detailed key info. This is due to lack of support for new hybrid post-quantum key types introduced in OpenSSL 3.5.1. - issues/59452
- SQLite Null Handling Enhancement: A feature request proposes adding
statement.setReadNullAsUndefined()to SQLite in Node.js to return selected SQLNULLvalues as JavaScriptundefinedinstead ofnull. This aims to reduce boilerplate and better handle semantic differences betweennullandundefinedin JavaScript. - issues/59457
- HTTP2 Protocol Errors with Large Files: Downloading large files over 50MB without range processing in a Node.js cluster causes Chrome to encounter an
HTTP2_PROTOCOL_ERROR, specifically anENHANCE_YOUR_CALMerror and stream reset. This indicates issues with handling large payloads over HTTP2 in clustered environments. - issues/59465
- Test Failures with Experimental VM Modules: Jest unit tests fail after upgrading to Node.js 24.6.0 when using the
--experimental-vm-modulesflag, with errors related to module linking and environment teardown. These tests worked correctly in Node.js 24.5, indicating a regression in the experimental VM modules support. - issues/59480
- Interval Clearing Bug on Mac M1: Calling
clearIntervalinside asetIntervalcallback does not stop the interval as expected on Mac M1 platforms using Node.js version 22. This causes tests that should pass to fail consistently, pointing to a platform-specific timer handling issue. - issues/59483
- Linking and Runtime Library Path Issues on macOS: The
bytecode_builtins_list_generatorfails on macOS when linking against an OpenSSL library not in the host system's PATH due to missingLC_RPATHentries. This prevents the executable from locating linked shared libraries at runtime. - issues/59489
- OpenSSL API Modernization: There is a request to port the
ncryptomodule from deprecated HMAC_ APIs to the newer EVP_MAC APIs to comply with OpenSSL's updated framework and maintain hardware acceleration compatibility. - issues/59493
2.4 Closed Issues
This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.
Issues Closed This Week: 3
Summarized Issues:
- Feature Request and Problem Description: This issue involves a feature request titled "Evil" that mentions a problem labeled "E" and suggests a solution called "Gv." However, it lacks detailed explanation or alternative considerations, making the proposal incomplete.
- issues/59441
- Crash on Linux with Node.js 24 Upgrade: A crash occurs on Linux when upgrading to Node.js 24, caused by an assertion failure in V8's hashing code (
Assertion 'len > 32' failed). The issue might be related to native modules but lacks a reproducible test case and does not occur on macOS. - issues/59467
- Node.js Version 22 Installation Instructions: This issue provides detailed instructions for downloading, installing, and verifying Node.js version 22 using nvm (Node Version Manager). It serves as a guide for users needing to manage Node.js versions effectively.
- issues/59494
2.5 Issue Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.
III. Pull Requests
3.1 Open Pull Requests
This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Opened This Week: 32
Key Open Pull Requests
1. util: add remaining errors to wellKnownPrototypes: This pull request adds the remaining primordial error subclasses to the wellKnownPrototypes map in order to properly convert their constructor properties into accessors before freezing their prototypes, addressing issues encountered by projects like Agoric, DCF, and MetaMask related to tampering with these properties.
- URL: pull/59456
- Merged: No
2. sqlite: statement.setReadNullAsUndefined(): This pull request introduces the setReadNullAsUndefined(boolean) method to the StatementSync class in the Node.js SQLite binding, enabling all SQL NULL values to be converted to JavaScript undefined to better handle the null/undefined distinction in JavaScript, along with corresponding tests to verify this functionality.
- URL: pull/59462
- Merged: No
3. feat(readline): add skipHistory option to rl.question() to exclude input from history: This pull request introduces a new boolean skipHistory option to the readline.Interface.question() method that, when set to true, prevents the user input from being saved in the readline history—enhancing privacy for sensitive inputs like passwords—while maintaining default behavior when false, and includes comprehensive tests to verify this functionality.
- URL: pull/59450
- Merged: No
Other Open Pull Requests
- HTTP/2 raw header support: This pull request extends the
h2Stream.respond()method to support raw header arrays, building on previous client-side functionality improvements. It excludes wrappers likerespondWithFileandrespondWithFDdue to their complex header manipulations.
pull/59455
- Code clarity and deprecation cleanup: The remaining usages of the
CRLFvariable were replaced with the explicit string literal\r\n, and the deprecatedCRLFexport was removed from the internal_http_common.jsmodule. This change improves code clarity and aligns with recent deprecation policies.
pull/59466
- OpenSSL compatibility update: The OpenSSL post-quantum cryptography (pqc) checks were updated to support OpenSSL versions from 4.0.0 up to 4.5.0. This ensures the checks remain valid for these newer versions.
pull/59436
- Commit-lint CI workflow enhancements: Concurrency control was added to cancel superseded runs, draft pull requests are now skipped to reduce unnecessary executions, and validator output is captured and posted as comments on failures. Minimal permissions were also granted to enable commenting, improving feedback speed and workflow efficiency.
pull/59438
- Improved stack trace inspection: The
util.inspectfunction was enhanced to hide duplicated stack frames caused by recursive calls in long stack traces, making it easier to identify important parts of the stack. Users are notified about the hidden lines to maintain transparency.
pull/59447
- Memory option validation and test improvements: Validation was added to prevent using
--max-old-space-size-percentagewhen available memory cannot be calculated, avoiding undefined behavior. Thetest-process-constrained-memory.jssuite was also enhanced to support testing in environments where memory calculation may fail.
pull/59460
- Brotli compression support: Support for the Brotli compression algorithm was added to the CompressionStream and DecompressionStream APIs, aligning Node.js with Safari 18.4 and addressing related WHATWG compression specification issues.
pull/59464
- Snapshot config parsing optimization: The Node.js source code was updated to use the simdjson library for parsing the
--snapshot-configoption, aiming to improve parsing efficiency or performance.
pull/59473
- V8 fixes for Linux s390x build: Two upstream V8 fixes were cherry-picked to resolve build failures on Linux s390x architecture with clang by correcting parameter passing and register usage in inline assembly.
pull/59485
- Test reliability improvements: The flaky
test-wasi.jswas split into smaller parts to prevent accumulation of flaky cases, and thetest-wasi-pthreadwas marked as flaky due to persistent CI failures without an available fix.
pull/59488
- Python 3.12.3 compatibility fix: The return value of the
try_check_compilerfunction inconfigure.pywas fixed to resolve aValueErrorcaused by unpacking fewer values than expected on Python 3.12.3.
pull/59434
- node_mksnapshot error handling improvements: Error reporting was improved in the
node_mksnapshottool by enhancing argument processing and addressing issues caused by invalidNODE_OPTIONSenvironment variables that could lead to snapshot generation failures.
pull/59437
- Test runner failed tests rerun option: A new option was proposed for the test runner to allow users to rerun only the tests that have previously failed, improving test iteration efficiency.
pull/59443
- Error inspection highlighting fix: The highlighting of namespaced
node_modulesin error inspections was fixed by matching the full module name instead of just the namespace. Performance was slightly improved by replacing a regular expression with anindexOfcheck.
pull/59446
- Promise comparison update: Deep equal checks in the
assertandutilmodules were updated to fail when comparing promises unless they are the exact same reference. This aligns promise comparison behavior with that ofWeakMapsandWeakSetsand addresses issue #55198.
pull/59448
- Inline snapshot draft implementation: A draft implementation introduced an
inlineSnapshotfeature to the test runner to gather feedback on its functionality and potential improvements before final refinement.
pull/59463
- URLBinding typings additions: The missing methods
getOrigin()andpathToFileURL()were added to theURLBindinginterface typings in the Node.js project.
pull/59468
- Windows compatibility for child_process benchmarks: The child_process benchmark tests were made compatible with Windows by replacing the Unix-specific
echocommand with the Windows equivalentcmd.exe /c echo.
pull/59469
- Security incident response plan: A security incident response plan document was proposed to guide appropriate actions during security incidents, motivated by a recent GitHub UI change exposing the "settings."
pull/59470
- Mock timer fix after clearInterval(): A fix was implemented to prevent a mock timer from being added to the execution queue after
clearInterval()is called by setting the timer's interval toundefined.
pull/59479
- Build configuration update for clang: The build configuration was updated to avoid passing the
-mminimal-toccompiler option when usingclang, as this option is specific togccand not applicable toclang.
pull/59484
- Null pointer check order fix: The order of the
CHECK_NOT_NULLmacro and dereference was fixed to ensureCHECK_NOT_NULL(req_wrap_async)is called beforeASYNC_THROW_IF_INSUFFICIENT_PERMISSIONSpotentially dereferencesreq_wrap_async, preventing possible null pointer issues.
pull/59487
- SQLite integration cleanup: An unnecessary call to
v8::MaybeLocal<v8::Value>::FromMaybe()with an ignored return value was removed to clean up the SQLite integration code.
pull/59490
- New crypto encapsulation methods: New
crypto.encapsulateandcrypto.decapsulatemethods were introduced to support multiple key encapsulation mechanisms including ML-KEM, various DHKEM variants, and RSA Secret Value Encapsulation, leveraging OpenSSL 3.0 and above.
pull/59491
- Crypto documentation update: A new section was added to the
node:cryptodocumentation consolidating and clearly listing the supported asymmetric key types.
pull/59492
3.2 Closed Pull Requests
This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Closed This Week: 17
Key Closed Pull Requests
1. test: split test-fs-cp.js: This pull request addresses the issue of a large, flaky test file causing crashes and unclear failures on Windows by splitting the 70+ test cases in test-fs-cp.js into multiple smaller files, thereby improving test reliability and making it easier to identify and skip failing cases.
- URL: pull/59408
- Merged: 2025-08-10T19:35:43Z
2. esm: sync-ify module translation: This pull request completes the implementation to compile WebAssembly modules synchronously, thereby making the entire module translation process—including compilation and instantiation—synchronous in the Node.js ESM loader.
- URL: pull/59453
- Merged: Yes
3. test: fix connection refused proxy tests with AI assistance: This pull request addresses continuous integration test failures related to connection refused proxy tests by applying AI-assisted debugging to optimize retry logic, enhance error detection with improved regex patterns, and implement platform-specific timeout handling for Debian, Alpine, and AIX systems.
- URL: pull/59482
- Merged: No
Other Closed Pull Requests
- Performance optimizations in streams and crypto modules: Several pull requests focus on improving performance by optimizing internal operations. These include replacing costly array operations in writable streams to reduce CPU and garbage collection overhead, and explicitly moving
shared_ptrobjects in crypto key handling to avoid expensive atomic operations. - [pull/59406, pull/59472]
- Crypto module enhancements and fixes: Multiple pull requests enhance the Node.js crypto module by adding support for ML-KEM KeyObject types with OpenSSL 3.5, fixing the
EVPKeyCtxPointer::publicCheck()function to restore correct control flow, and updating crypto benchmarks to support OpenSSL versions earlier than 3.5 while preventing flaky CI failures. - [pull/59459, pull/59461, pull/59459]
- Test and CI stability improvements: Several pull requests address test failures and CI issues by skipping tests when inspectors are unavailable, fixing case sensitivity in path comparisons on Windows, and improving retry logic and error detection in proxy connection tests with platform-specific timeout handling.
- [pull/59440, pull/59475, pull/59475]
- Documentation updates: There are multiple proposed but unmerged pull requests aimed at updating the README.md file in the Node.js project.
- [pull/59444, pull/59454]
- Code clarity and maintenance: One pull request removes a confusing self-referential assertion and renames a property to improve stack trace clarity, with a note advising against backporting to avoid breakage.
- [pull/59451]
- Project leadership update: A pull request adds RafaelGSS as the performance strategic lead for the Node.js project, indicating his role in leading performance efforts despite the initiative lacking a defined end goal.
- [pull/59445]
- New application proposal: A pull request proposes creating a new application named "my" but it was not merged into the main project.
- [pull/59458]
3.3 Pull Request Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.
IV. Contributors
4.1 Contributors
Active Contributors:
We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.
If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.
| Contributor | Commits | Pull Requests | Issues | Comments |
|---|---|---|---|---|
| jasnell | 18 | 3 | 2 | 56 |
| joyeecheung | 30 | 12 | 6 | 22 |
| panva | 40 | 7 | 1 | 4 |
| aduh95 | 11 | 2 | 0 | 29 |
| himself65 | 14 | 3 | 1 | 17 |
| haramj | 25 | 2 | 0 | 7 |
| theanarkh | 9 | 5 | 0 | 15 |
| RafaelGSS | 20 | 4 | 0 | 2 |
| pckrishnadas88 | 11 | 3 | 0 | 10 |
| addaleax | 4 | 0 | 0 | 17 |