Weekly GitHub Report for Node

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v23.10.0

1.2 Version Information:

Released on March 13, 2025, this version introduces the --experimental-config-file feature, allowing developers to use JSON configuration files to simplify flag management for the test runner and other experimental features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, improved error handling, and various documentation and tooling enhancements.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. Floats in JSON.parse are converted into integers: This issue reports that when running Node.js version 25.6.0 on an Apple M1 Pro Mac using Docker with the --platform linux/amd64 flag, JSON.parse incorrectly converts floating-point numbers into integers, losing the decimal precision. The user notes that this problem does not occur when running the same Node.js version without the platform flag or on version 24, suggesting a possible compatibility issue with Docker's emulation on ARM architecture.

   • Commenters confirmed the issue does not reproduce on Windows or native amd64 systems, and the problem appears linked to running the amd64 Docker image on an ARM-based Mac. The user explained the need for the amd64 platform flag due to dependencies on architecture-specific modules, and ultimately decided to roll back to Node.js v24 to avoid the issue while awaiting further resolution.
   • Number of comments this week: 9

2. [TLS] [CRYPTO] [FEATURE REQUEST] Improve ergonomics of tls.getCACertificates('system') errors on Windows: This issue reports a problem with the tls.getCACertificates('system') function on Windows, where the presence of certain certificates in the Windows certificate store that fail X509 to PEM conversion causes the entire function to throw an error without identifying the problematic certificate. The user requests improved error handling that would allow the function to skip invalid certificates, optionally warn about them, and return the valid ones, thereby making it easier to diagnose and work around issues caused by malformed or incompatible certificates.

   • The comments show a contributor expressing interest in addressing the issue and receiving confirmation that contributions are welcome, followed by discussion clarifying that the request is essentially a feature enhancement to improve error handling and suggesting that the solution might involve adding options to control error behavior rather than being strictly Windows-specific.
   • Number of comments this week: 5

3. Discussion: An ESM-first Node: This issue proposes creating a separate branch or fork of Node.js that removes CommonJS support entirely to experiment with an ESM-only workflow, while keeping the main branch unchanged to maintain compatibility. The discussion highlights significant challenges due to the deep integration and widespread reliance on CommonJS in the ecosystem, including many packages and frameworks that transpile ESM to CommonJS or monkey-patch CommonJS internals, making a full removal difficult without broader ecosystem changes.

   • The comments emphasize the complexity of maintaining an ESM-only branch due to shared code and frequent refactoring, the ecosystem's heavy dependence on CommonJS, and suggest that ecosystem-wide migration efforts would be more effective than removing CommonJS support from Node.js itself.
   • Number of comments this week: 4

4. Various AIX tests pass on Node 22, fail on later supported versions: This issue addresses the observation that certain AIX tests pass consistently on Node 22 but begin to fail intermittently on later supported Node versions, prompting an investigation into whether these failures stem from changes in the test cases or functional changes in Node itself. The issue includes detailed test run results across multiple AIX machines and highlights specific tests such as test-emit-after-destroyed and wpt/test-streams that exhibit flaky or low-rate failures in newer Node releases.

   • The comments provide additional diagnostic details, noting that the test-emit-after-on-destroyed test fails rarely with a SIGILL error on a specific line and that wpt/test-streams failures began appearing between certain Node versions with a crash signal. Further tracking suggests the failures may have started between v24.2.0 and v24.8.0, with ongoing investigation to pinpoint the exact cause.
   • Number of comments this week: 2

5. [AIX] Validate testing on AIX 7.3: This issue addresses the need to validate and execute tests on AIX 7.3 systems, which are currently not active in the continuous integration environment, to identify any platform-specific problems. It involves running tests outside of Jenkins initially and then enabling the AIX 7.3 machines in the CI pipeline to ensure proper testing coverage on this operating system version.

   • The comments discuss initial test failures related to network interface configurations on AIX 7.3, specifically issues with IPv6 addresses on the en1 interface causing assertion errors and test timeouts. A workaround involving disabling the IPv6 address on en1 is suggested, along with a note on a recent fix for a common test failure unrelated to AIX.
   • Number of comments this week: 2

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

As of our latest update, there are no stale issues for the project this week.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 15

Summarized Issues:

• UDP and DTLS Enhancements: Multiple issues propose improvements to UDP and DTLS functionality in Node.js, including creating a new DTLS primitive library based on the UDP core and adding readable and writable stream interfaces to UDP datagram sockets. These enhancements aim to improve data transfer concurrency and protocol support while addressing complexities such as multicast handling.
• issues/61630, issues/61631

• File System API Improvements: Several issues focus on extending and improving the Node.js fs module by adding reliable methods to check for FileHandle instances, supporting synchronous read/write operations, and enabling writing from Blob and web ReadableStream sources. These proposals seek to enhance file operation handling, interoperability with web APIs, and stream processing efficiency.
• issues/61637, issues/61645, issues/61684

• Platform-Specific Testing and Validation: Issues related to AIX platform testing investigate intermittent test failures on newer Node versions and the need to validate and enable AIX 7.3 systems in continuous integration. These efforts aim to identify platform-specific problems and ensure stable test coverage across supported environments.
• issues/61657, issues/61660

• Windows Installation and Certificate Handling Issues: Problems on Windows include a failure in the Boxstarter-based Visual Studio 2022 workload installation due to an unhandled argument exception, and the tls.getCACertificates('system') function failing when encountering problematic certificates without proper error handling. Both issues highlight the need for more robust error management in Windows-specific workflows.
• issues/61690, issues/61636

• Performance and Module Loading Problems: A significant performance regression in a SIMD WebAssembly base64 decoder and recurring module loading errors inside Docker Desktop due to incorrect file paths have been reported. These issues affect runtime efficiency and application stability in containerized environments.
• issues/61695, issues/61697

• Data Parsing and Coverage Reporting Bugs: Issues include JSON float parsing errors on Apple M1 Pro Macs running linux/amd64 Docker images, where floats are incorrectly converted to integers, and test coverage reports incorrectly including code from mocked CommonJS modules imported into ESM modules. These bugs impact data accuracy and testing reliability.
• issues/61704, issues/61709

• TLS and URL Deprecation Handling: Problems with TLS socket error handling when peers send invalid non-TLS data cause unhandled errors and process termination, while use of url.resolve() triggers unexpected deprecation warnings despite prior revocation. These issues affect security robustness and developer experience with deprecated APIs.
• issues/61714, issues/61724

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 11

Summarized Issues:

• Event Handling and Test File Metadata Issues: When running tests with the isolation option set to "none", the test:enqueue event incorrectly omits the file field that should specify the test filename, which contradicts the documented expected behavior. This causes problems in tracking and managing test files during execution.
• issues/61565

• Schema Validation Errors: The node-config-schema.json file contains errors where properties like minItems are wrongly applied to string types instead of arrays, causing failures in strict schema validators. This issue highlights the need for additional validators to lint and prevent such schema mistakes.
• issues/61595

• TypeScript Support and Tooling Enhancements: There is a request to add support for stripping TypeScript type declarations within node_modules when running TypeScript natively to fix errors after publishing projects. Additionally, a developer proposed AngriL DevTools, a free online platform offering JSON formatting, Base64 encoding/decoding, timestamp conversion, YAML to JSON conversion, and API testing tools to improve Node.js developer workflows.
• issues/61634, issues/61647

• File Upload Errors: Attempts to upload the file huggingface_inference.ipynb.txt to the GitHub repository resulted in errors, reported in two separate but identical issues. These errors prevent successful file uploads and need resolution to allow proper repository updates.
• issues/61667, issues/61668

• Undici Library Bugs and Backports: A critical bug in Node.js 25.6.0 caused by undici 7.19.2 leads to crashes when using fetch due to an ArrayBuffer.prototype.slice error on detached buffers, fixed in undici 7.20.0. There is also an effort to backport an undici upgrade fixing a memory leak in res.body.clone() from Node.js 24.x to 22.x to avoid unreliable workarounds.
• issues/61679, issues/61689

• Memory Leak and Resource Management: A high-severity memory leak in Node.js is caused by resources not being properly closed, leading to continuous memory growth and potential crashes. The proposed fix involves using try-finally blocks to ensure resources are released correctly.
• issues/61692

• Concurrency and Race Conditions: A medium-severity race condition exists in the Node.js source code due to unsynchronized concurrent access to a shared variable, risking data inconsistency. The issue suggests implementing proper concurrency control mechanisms to resolve this problem.
• issues/61693

• Sporadic Crashes from Uncaught Exceptions: Node.js 22.8.0 experiences sporadic crashes on Linux platforms caused by uncaught exceptions inside setImmediate callbacks, leading to fatal V8 errors and aborts during the embedded libuv event loop. The issue lacks a clear reproduction path or known triggers, complicating diagnosis and resolution.
• issues/61705

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 46

Key Open Pull Requests

1. deps: update V8 to 14.5: This pull request updates the V8 JavaScript engine to version 14.5 in the Node.js project, addressing previous issues encountered with version 14.4, adapting the NODE_MODULE_VERSION for compatibility, applying various patches and fixes including platform-specific adjustments, and updating build tools and tests accordingly.

• URL: pull/61681

• Associated Commits: f2ea9, acab4, bf1d6, 2f78f, 39e51, 5396f, 1af46, abeff, 0426d, dc308, 06a4d, 18f08, 32509, 405db, 54ea5, 9d29c, ce42b, 64b02

2. src: implement initial simdjson parser: This pull request implements an initial SIMDJSON parser in the Node.js source code, including enhancements such as parser error macros, JSON parsing from buffers, additional invalid JSON and UTF-16 test cases, and multiple benchmarking tools to evaluate performance improvements.

• URL: pull/61641

• Associated Commits: cdab6, 010b3, e6e48, 8968a, c3e4a, b17e5, e4ad7, d4f4b, d85f1, a4861, 89b4a, f7b22, 92caf, bd403, 381e3, 80ce6

3. src: fix --build-sea default executable path: This pull request fixes the default executable path for the --build-sea option in the source code, addressing issue #61579, and includes tests and cleanup to ensure proper functionality.

• URL: pull/61708

• Associated Commits: bff93, 8b62e, ebb07, a756a, d2f53, 3e0ab, 94a3b, bf058, 6b6a2, 643a7

Other Open Pull Requests

• HTTP/2 stability and socket handling: Multiple pull requests address stability and resource management in HTTP/2 by fixing crashes caused by zombie sessions and race conditions in socket reuse. These changes prevent assertion failures, process crashes, and socket corruption by properly closing sessions and guarding against double calls during request and response lifecycle events.
  • pull/61702, pull/61710

• File handle management and leak fixes: Several pull requests improve file handle management by exposing the FileHandle class with identification methods and fixing file handle leaks in REPL history initialization and HTTP/2 respondWithFile function. These fixes ensure proper closing of file descriptors to prevent ERR_INVALID_STATE errors and improve reliability in file operations.
  • pull/61650, pull/61706, pull/61707

• Compression and memory allocation tracking: A pull request refactors compression allocation tracking by extracting zlib tracking into a dedicated class, adding allocation tracking for zstd streams, and improving memory release on stream closure. These changes enhance diagnostic capabilities and optimize memory management for compression methods in Node.js.
  • pull/61717

• Documentation clarifications and updates: Multiple pull requests clarify Node.js behaviors and update documentation, including the dereferencing behavior of fs.copyFile(), differences between Node.js fetch() and browser Fetch API, and correcting Visual Studio build tool documentation. These updates improve developer understanding and accuracy of Node.js documentation.
  • pull/61669, pull/61633, pull/61652

• Test runner improvements and coverage fixes: Several pull requests enhance the test runner by adding linting rules to prevent duplicate test paths, fixing regression in AssertionError constructor name preservation, supporting aborting test execution, and correcting branch coverage calculations to exclude ignored lines. These changes improve test reliability, accuracy, and developer experience.
  • pull/61618, pull/61648, pull/61651, [pull/61715](https://github.com/pull/61715], pull/61656

• Performance optimizations: A pull request optimizes the buffer.concat method by removing unnecessary indirection, splitting copy paths, and using more efficient allocation methods, resulting in measurable performance improvements demonstrated by benchmarking.
  • pull/61721

• Module system enhancements: One pull request introduces support for dynamic import() and import.meta in embedder-run modules by adding new module identification and compilation types, and refactoring existing compilation code to use built-in resolution logic.
  • pull/61654

• Diagnostics channel improvements: A pull request adds a new WindowChannel and a using syntax to the diagnostics_channel module, refactoring internal implementations to eliminate unnecessary closures and improve scope management.
  • pull/61680

• Web Streams API alignment: A pull request renames the type option in Duplex.toWeb() to readableType to align with the webstreams standard, maintaining backward compatibility with a silent alias.
  • pull/61632

• Build and caching workflow updates: Pull requests update shared build workflows to use a canonical environment variable for sccache, preventing cache key suffix issues, and include a debug run for sccache testing purposes.
  • pull/61640, pull/61643

• V8 engine backports for riscv64: Two backports fix stack pointer handling in the V8 MacroAssembler for riscv64 architectures, preventing data corruption caused by signal handlers interrupting JIT-compiled code and resolving a long-standing heisenbug in Node.js.
  • pull/61666, pull/61670

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 47

Key Closed Pull Requests

1. net: add setTOS and getTOS to Socket: This pull request implements the setTOS(tos) and getTOS() methods on net.Socket to enable DSCP tagging for traffic prioritization by adding support for setting and retrieving the Type of Service field on both IPv4 and IPv6 sockets, with platform-specific handling and accompanying tests for validation and functionality.

• URL: pull/61503

• Associated Commits: eb53d, 9e7a1, 14b3f, f339c, d32f2, 71ecb, c0407, 8439c

• Associated Commits: eb53d, 9e7a1, 14b3f, f339c, d32f2, 71ecb, c0407, 8439c

2. test_runner: fix test enqueue when test file has syntax error: This pull request fixes the test enqueue process in the test runner to handle cases where a test file contains a syntax error, while also adding location information to the test placeholder.

• URL: pull/61573

• Associated Commits: 09ab6, 742a5, 3a2b9, ffdc9, 1e6e3

• Associated Commits: 09ab6, 742a5, 3a2b9, ffdc9, 1e6e3

3. [v24.x backport] build: test on Python 3.14: This pull request backports changes to the Node.js v24.x branch to enable testing on the officially released Python 3.14 version by removing the now-unnecessary pre-release flag from the GitHub Actions setup and updating commit messages to reflect the stable release status.

• URL: pull/61370

• Associated Commits: f3ea5, a0f41

• Associated Commits: f3ea5, a0f41

Other Closed Pull Requests

• DNS SRV Lookup Fix on Windows: This pull request fixes a regression in Node.js v24.13.0 on Windows that caused DNS SRV lookups to fail with ECONNREFUSED by correcting the detection logic for the c-ares fallback resolver. It ensures that any single loopback server is treated as a fallback regardless of the port number, restoring proper DNS resolution behavior for services like MongoDB.
  • pull/61453

• ECMAScript Modules Support in Embedder API: This pull request introduces initial support for ECMAScript modules (ESM) in the embedder API by extending the LoadEnvironment function to handle ES modules. It adds new types such as ModuleFormat and ModuleData for specifying module entry points and provides new overloads of LoadEnvironment to facilitate module loading and execution with backward-compatible callback mechanisms.
  • pull/61548

• OpenSSL Version Update in Test Tools: This pull request updates the OpenSSL version to 3.5.5 specifically within the test-shared tools of the Node.js project to ensure compatibility and improvements in the testing environment.
  • pull/61551

• SEA Module Error Information Enhancement: This pull request enhances the SEA (Secure ECMAScript Agent) module by adding detailed error information output when filesystem operations fail. This improvement aids debugging and error handling in the module.
  • pull/61581

• assertSnapshot Testing Utility Unification: This pull request unifies common patterns in the assertSnapshot testing utility, including platform-specific path separators, line endings, trailing spaces, Node.js version strings, and process IDs in warning messages. The unification eliminates the need for customizing ad-hoc snapshot patterns.
  • pull/61590

• node-config-schema Validation Fix: This pull request fixes the node-config-schema by correcting the misuse of minItems and explicitly adding an empty "required": [] array to document no required properties. This enables successful validation in both standard and requireValidation modes with @exodus/schemasafe, while noting that string validation remains unaddressed.
  • pull/61596

• REPL Flaky Test Fix: This pull request fixes a flaky test in the REPL by adding an explicit closeHandle() method to the ReplHistory class and modifying REPLServer.close() to wait for the history file handle to be properly closed. These changes prevent errors caused by premature garbage collection of the file handle.
  • pull/61614

• Watch Mode Tests Race Condition Fix: This pull request fixes a race condition in the watch mode tests by implementing an event-driven approach that waits for the stderr 'data' event when a "Failed running" message is detected in stdout but stderr is still empty. This prevents intermittent test failures caused by premature assertions on incomplete stderr output.
  • pull/61615

• Documentation Improvements and Fixes: This pull request enhances the documentation by adding more information about codemods related to deprecation and fixes a copy-paste error. It also includes updates in the util.md file to improve clarity.
  • pull/61642

• README Grammatical Correction: This pull request corrects a minor grammatical error in the "Verifying binaries" section of the README.md by changing the phrase "commands to how to" to "commands on how to," improving clarity and readability.
  • pull/61653

• C++ File Utilities Consolidation and Refactor: This pull request consolidates the C++ ReadFileSync and WriteFileSync utilities by moving them from src/util.cc to src/node_file_utils.cc and refactors their implementations to reuse code. It enhances file reading and writing with improved buffer management, overflow handling, support for special cases like zero-byte and non-seekable files, and replaces hard aborts with error codes to improve robustness.
  • pull/61662

• GitHub Actions Runners Optimization: This pull request updates several meta GitHub Actions runners that perform simple tasks such as labeling pull requests, checking activity, and sending Slack notifications to use the more resource-efficient ubuntu-slim runner instead of ubuntu-latest. This aims to reduce compute usage and energy consumption.
  • pull/61663

• TLS Modules Backport to v24.x: This pull request backports the refactors of the _tls_common and _tls_wrap modules to the v24.x branch, replicating the original changes while omitting the process.emitWarning calls and the unit tests related to deprecation warnings.
  • pull/61044

• REPL Completion Logic Backport: This pull request backports the change that moves the REPL completion logic into an internal module to improve code organization and maintainability.
  • pull/61046

• SQLite run() Result Object Optimization: This pull request optimizes the SQLite run() result object creation by using DictionaryTemplate caching to reduce allocation overhead. This results in a significant improvement of approximately 17–24% in INSERT performance while maintaining unchanged SELECT performance.
  • pull/61432

• Resolve Hook Invocation Fix for Synthetic Modules: This pull request addresses the issue of the resolve hook being invoked twice during the synthetic module evaluation step of imported CommonJS modules by adding an option to prevent redundant invocation since the resolution and loading have already been completed.
  • pull/61529

• Test Suite Watch Feature Conditional Skip: This pull request updates the test suite by incorporating the skipIfNoWatch() utility function into the test/parallel/test-fs-promises-watch-iterator.js file to conditionally skip tests when the watch feature is unavailable.
  • pull/61531

• Windows Installation Script Update: This pull request updates the Windows installation script for additional development tools by upgrading the Visual Studio build tools workload from version 2022 to the latest 2026 release. This ensures compatibility with recent versions of node-gyp and npm.
  • pull/61562

• SQLite Bindings Improvements: This pull request improves SQLite bindings in the Node.js project by transferring ownership of malloc-backed UTF-8 string buffers to SQLite to eliminate extra copies for large text binds. It also uses sqlite3_bind_blob64() to prevent truncation of large BLOB parameters.
  • pull/61580

• Documentation Link Correction: This pull request updates the documentation by correcting the link for the server.dropMaxConnection property to ensure accurate and accessible reference information.
  • pull/61584

• ada Dependency Update and Unicode Support: This pull request updates the ada dependency to version 3.4.2 and adds support for Unicode 17, following the resolution of previously failing web-platform tests.
  • pull/61593

• test-single-executable-application-empty Flaky Test Fix: This pull request addresses the intermittent failure of the test-single-executable-application-empty test on Windows by modifying the buildSEA function to gracefully handle postject WASM build failures. It allows the test to be skipped during infrastructure issues while still throwing descriptive errors when workflow verification is enabled.
  • pull/61616

• Duplicate DOMException Web Platform Tests Removal: This pull request removes a duplicate subset of DOMException-specific web platform tests that are now covered by the comprehensive webidl test run. This resolves a wpt.fyi processing conflict that previously marked test runs as invalid.
  • pull/61617

• test-performance-eventloopdelay Flaky Test Fix: This pull request fixes the flaky test-performance-eventloopdelay test by wrapping assertions in a setImmediate callback to ensure histogram sampling completes before checks. It also adds an explicit check for histogram.count > 0 to provide clearer error messages when no samples are recorded, preventing intermittent failures on IBM sharedlibs containers.
  • pull/61629

• Boxstarter Installation Link Correction: This pull request updates the tools/bootstrap/README.md file to correct the Boxstarter installation link by changing it from option 2 to option 3 in the BUILDING.md documentation. This reflects the addition of the WinGet installation method and ensures accuracy across the v25.x, v24.x, and v22.x branches.
  • pull/61638

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.

Access Last Week's Newsletter:

• Link