Weekly GitHub Report for Node

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v23.10.0

1.2 Version Information:

Released on March 13, 2025, this version introduces the --experimental-config-file feature, allowing developers to use JSON configuration files to simplify flag management for the test runner and related features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, improved error handling, and various tooling and documentation enhancements.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. [GOOD FIRST ISSUE] [TEST_RUNNER] test_runner: node:coverage ignore comments exclude DA but leave BRDA in lcov output: This issue reports a problem in the Node.js test_runner where the /* node:coverage ignore next */ comment correctly excludes the DA (line coverage) entry from the lcov output but fails to exclude the BRDA (branch coverage) entry, causing inaccurate branch coverage reporting. The expected behavior is that both DA and BRDA entries for ignored lines should be excluded to reflect 100% branch coverage, similar to how the c8 tool handles coverage ignoring, but currently the branch entry remains uncovered, impacting CI/CD pipelines enforcing branch coverage thresholds.

   • The comments reveal interest from a contributor asking if the issue is open for contributions, with maintainers confirming that while tasks are not assigned, contributions are welcome and the contributor may proceed without formal assignment.
   • Number of comments this week: 6

2. [HTTP] HTTP module does not allow sending all valid header values: This issue reports that the HTTP module in Node.js incorrectly rejects certain valid header values that include control characters allowed by the Fetch specification, specifically characters like 0x01, which browsers permit but the module currently throws an error for. The reporter highlights that this strict validation breaks compatibility with web platform tests and suggests relaxing the header validation to align with the Fetch spec while ensuring no regression of past security vulnerabilities related to response splitting.

   • The comments show a newcomer expressing interest in fixing the issue, followed by detailed discussion about the security implications of relaxing header validation rules, a proposed regex-based fix aligning with the Fetch spec, and collaboration offers among contributors; a pull request was submitted and is open for review and further input.
   • Number of comments this week: 5

3. --build-sea NodeJS 25.5.0: Error: Couldn't stat executable node Windows, Command Prompt: This issue reports an error encountered when running the --build-sea command with NodeJS 25.5.0 on Windows Command Prompt, where the executable node cannot be stat-ed, although the same command works in Windows PowerShell and Git Bash. The user provides a minimal configuration and suspects the problem lies in how the executable path is resolved, with a workaround involving hardcoding the full path to node.exe in the configuration file.

   • The comments discuss the possibility that the error is environment-dependent, potentially due to permission issues, and highlight that hardcoding the full path resolves the problem. There is also a suggestion to change the path resolution logic to treat relative paths as relative to the configuration file rather than the current working directory, which could be a breaking change, and a note that using the experimental flag works without hardcoding the path.
   • Number of comments this week: 4

4. [FS] [FREEBSD] [SMARTOS] fs.watch() listener called with null filename argument: This issue reports a problem with the fs.watch() function on SunOS where the listener receives a null filename argument during a file change event, causing the process not to exit as expected. The issue contrasts with the behavior when the recursive option is set to true, which works correctly by outputting the filename and exiting the process.

   • The comments discuss the similarity of this issue on FreeBSD, suggesting it is related to a kernel bug shared between SunOS and FreeBSD. They also note that FreeBSD testing is largely disabled in the Node.js CI, which complicates verification and tracking of this problem on that platform.
   • Number of comments this week: 3

5. --use-system-ca does not work with macOS Keychain: This issue reports that the --use-system-ca flag does not function correctly with the macOS Keychain, as it fails to recognize a trusted certificate chain and instead returns a SELF_SIGNED_CERT_IN_CHAIN error. The user describes the problem occurring consistently when adding a full certificate chain to the Keychain with all trust settings enabled and testing it with a specific script.

   • The comments include a request for more information about the code and its execution to help diagnose the problem, followed by a nonsensical reply that does not contribute to resolving the issue.
   • Number of comments this week: 3

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

As of our latest update, there are no stale issues for the project this week.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 15

Summarized Issues:

• Module crashes and initialization errors: Several issues describe crashes or errors during module initialization or runtime, such as the readline module crashing due to calling .pause() on an undefined input property and the --build-sea command failing on Windows Command Prompt because of executable path resolution problems. These problems highlight regressions and environment-specific bugs affecting stability and usability.
• [issues/61526, issues/61579]

• Network and certificate validation issues: Problems with network operations include the Node.js fetch() function timing out on Windows when connecting to certain Cloudflare IPs despite other tools working fine, and the --use-system-ca flag failing to recognize trusted certificates in the macOS Keychain, resulting in self-signed certificate errors. These issues indicate platform-specific networking and security validation inconsistencies.
• [issues/61537, issues/61561]

• Test framework enhancements and bugs: Multiple issues focus on improving the Node.js test framework, including proposals to add an optional reason string and expected failure message to expectFailure, a bug where the test:enqueue event lacks the expected file field on syntax errors, and flaky test failures caused by unclosed FileHandle objects during garbage collection. These highlight both feature requests and reliability problems in testing.
• [issues/61565, issues/61570, issues/61578]

• API and module feature proposals: Several proposals aim to extend Node.js functionality, such as exposing SQLite virtual table API bindings, adding an Extended JSON parser to improve security and BigInt support, and enhancing util.styleText to accept hex color codes for better terminal styling. These enhancements seek to improve usability, security, and compatibility with modern standards.
• [issues/61539, issues/61543, issues/61577]

• HTTP header validation and standards compliance: An issue reports that the HTTP module incorrectly rejects valid header values containing control characters allowed by the Fetch specification, causing errors when sending such headers. The proposal is to update validation to align with web standards while maintaining security against response splitting attacks.
• [issues/61582]

• Code coverage reporting inaccuracies: A bug in the test_runner causes branch coverage entries (BRDA) to be incorrectly included in lcov output despite coverage ignore comments, leading to inaccurate branch coverage reports that affect CI/CD pipelines.
• [issues/61586]

• Build and compiler infrastructure improvements: There is a proposal to add a continuous integration job to verify reproducible builds of the Node.js binary using the clang compiler on Linux, supporting the transition from gcc to newer compilers.
• [issues/61591]

• Schema validation errors: The node-config-schema.json file contains misplaced properties like "minItems" under a "string" type instead of an "array" type, causing strict schema validators to fail. A validator addition is suggested to lint the schema and prevent such errors.
• [issues/61595]

• Module system experimentation: A proposal suggests creating a separate branch or fork of Node.js that removes CommonJS to experiment with an ESM-only workflow, while keeping the main branch unchanged for compatibility.
• [issues/61611]

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 10

Summarized Issues:

• Test Flakiness and Assertion Errors: Several issues report flaky tests and assertion errors in Node.js, including a test that intermittently fails due to unexpected empty string output instead of the expected compressed HTTP2 response. Another assertion error arises internally in the net module, possibly due to a bug or incorrect internal usage, highlighting instability in test and internal assertion reliability.
• [issues/61501, issues/61507]

• Documentation and Repository Management: Some issues focus on documentation updates and repository housekeeping, such as updating the fs.promises API documentation and handling accidental content posting to the wrong repository that was later deleted. These reflect ongoing maintenance efforts to improve clarity and repository hygiene.
• [issues/61517, issues/61585]

• Build and Environment Configuration Issues: One issue describes a build failure in a Next.js project caused by missing TypeScript module errors when NODE_ENV is set to production, requiring workarounds like running the build twice or changing environment settings. This highlights challenges with dependency management and environment configuration during builds.
• [issues/61541]

• Undocumented Breaking Changes in Assertions: An undocumented breaking change in Node.js v22.16.0 altered the behavior of assert.deepEqual to use strict equality for arrays containing null and undefined, causing previously passing assertions to fail unexpectedly. This change impacts test reliability and requires awareness for proper test adjustments.
• [issues/61583]

• REPL Infinite Loop on Rejected Promises: An infinite loop occurs in the Node.js REPL when typing a dot immediately after creating a rejected Promise, caused by how the REPL parses member access on rejected promises. This issue affects interactive debugging and REPL usability.
• [issues/61594]

• Issues with Sparse or No Details: Some issues provide minimal or no useful information, such as a closed issue titled "Testt," a vague reference to the file index.js without further details, and a cryptic problem labeled "94190510Mx@" related to the Castro project. These lack sufficient context for deeper analysis.
• [issues/61521, issues/61557, issues/61607]

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 44

Key Open Pull Requests

1. test_runner: fix test enqueue when test file has syntax error: This pull request fixes the test enqueue process in the test runner to properly handle cases where a test file contains a syntax error, while also adding location information to the test placeholder and improving related tests.

• URL: pull/61573

• Associated Commits: 09ab6, 742a5, 3a2b9, ffdc9, 1e6e3

2. module: fix extensionless entry with explicit type=commonjs: This pull request fixes an issue where extensionless entry points containing ESM syntax in packages explicitly marked as "type": "commonjs" would silently exit without error by ensuring the CommonJS loader enforces the "commonjs" type and surfaces a SyntaxError for ESM syntax instead of exiting silently.

• URL: pull/61600

• Associated Commits: 27ba1, 682ec, 06a7a, 98a51, 79cdb

3. test_runner: run afterEach for runtime t.skip(): This pull request ensures that the afterEach hook runs when a test is skipped at runtime using t.skip(), addressing an issue where afterEach was previously prevented from running in such cases and thereby leaving resources uncleaned, while maintaining the existing behavior for tests statically skipped with skip: true.

• URL: pull/61525

• Associated Commits: 06205, 332f6, 9979c, 3a29e

Other Open Pull Requests

• SQLite Virtual Tables Support: This pull request adds support for SQLite virtual tables in Node.js by introducing a new database.createModule(name, options) method that wraps sqlite3_create_module_v2(). It enables creation of read-only virtual tables backed by JavaScript data sources with configurable columns, rows, and usage options, while ensuring type validation, SQL injection protection, and proper handling of hidden columns and constraints.
  • pull/61544

• Windows Path Normalization Fix: This pull request fixes an inconsistency in the Windows path normalization function by correctly detecting and normalizing device paths with namespace prefixes but missing trailing colons. This aligns their handling with other reserved device names.
  • pull/61545

• Text Styling Enhancements: This pull request adds support for hex color codes in the styleText utility function, enabling text colorization using hex colors. It also includes related improvements and code refinements.
  • pull/61556

• TextDecoder UTF-16 Improvements: This pull request improves the TextDecoder implementation by adding a fast path for UTF-16 decoding that speeds up utf-16le and utf-16be processing. It introduces fatal and replacement support for these encodings in the without-intl variant, fixes previous incorrect behavior, and unifies the decoding logic into a single streamlined codepath.
  • pull/61559

• Path.isAbsolute() Documentation Clarification: This pull request clarifies the documentation for the path.isAbsolute() method by explicitly stating that it only determines whether a path is absolute and does not validate the safety of the path.
  • pull/61576

• UV_THREADPOOL_SIZE Auto-Configuration: This pull request updates Node.js to automatically set the UV_THREADPOOL_SIZE environment variable based on the system's available parallelism using uv_available_parallelism(). It ensures the value falls within a minimum of 4 and a maximum of 1024 threads when the variable is not explicitly set.
  • pull/61533

• ESM Support in Embedder API: This pull request introduces initial support for ECMAScript modules (ESM) in the embedder API by extending the LoadEnvironment function to handle ES modules. It adds new types such as ModuleFormat and ModuleData for specifying module entry points and provides new overloads of LoadEnvironment that support module-based execution with backward-compatible callback mechanisms.
  • pull/61548

• OpenSSL Version Update: This pull request updates the OpenSSL version to 3.5.5 within the test-shared tool of the Node.js project to ensure compatibility and improvements in testing.
  • pull/61551

• Test Runner Refactor: This pull request refactors the test_runner module to capture process state in main/test_runner.js and pass it as options to the run() function. This avoids direct reads of process.argv and process.cwd() during execution and preserves the public API's independence from process state.
  • pull/61554

• Test Documentation Improvement: This pull request improves the documentation by reordering sections to introduce the describe() and it() aliases before their usage in the "Expecting tests to fail" section, enhancing clarity for first-time readers.
  • pull/61567

• Filesystem Error Information Enhancement: This pull request improves the Node.js project by adding detailed error information output when filesystem operations fail, enhancing debugging and error handling.
  • pull/61581

• assertSnapshot Utility Unification: This pull request unifies common patterns in the assertSnapshot testing utility, such as platform-specific path separators, line endings, trailing spaces, Node.js version strings, and process IDs in warning messages. This eliminates the need for customizing ad-hoc snapshot patterns.
  • pull/61590

• node-config-schema Fix: This pull request fixes the node-config-schema by correcting the misuse of minItems and explicitly adding an empty "required": [] array to document that no properties are required. This enables successful validation in requireValidation mode with @exodus/schemasafe, while noting that string validation remains unaddressed.
  • pull/61596

• UTF-8 Byte Length Optimization: This pull request optimizes the calculation of UTF-8 byte length by leveraging the simdutf library with stringView for large strings while retaining the existing method for small strings. This results in significant performance improvements demonstrated by extensive benchmark results.
  • pull/61601

• ncrypto Updater Script: This pull request introduces a new updater script for the ncrypto tool to eliminate the need to maintain a separate copy of ncrypto within the repository following the release of https://github.com/nodejs/ncrypto/pull/17.
  • pull/61613

• Cluster Module Documentation Enhancements: This pull request enhances the cluster module documentation by adding a comprehensive introduction with key benefits and use cases, including a detailed comparison between Cluster and Worker Threads. It improves code examples with better error handling and logging, incorporates practical patterns and best practices, documents worker lifecycle and communication, covers production considerations and PM2 configuration, provides graceful shutdown and restart examples, and improves overall structure and readability.
  • pull/61527

• Resolve Hook Invocation Prevention: This pull request introduces an option to prevent the resolve hook from being invoked twice during the synthetic module evaluation of imported CommonJS modules. It addresses redundant resolution and loading steps that occur in the extra module._load() call after the full path has already been resolved.
  • pull/61529

• Test Watch Iterator Update: This pull request updates the test in test/parallel/test-fs-promises-watch-iterator.js to utilize the skipIfNoWatch() utility function, improving test handling for environments without file system watch support.
  • pull/61531

• fs.copyFile() Documentation Clarification: This pull request clarifies in the documentation that the fs.copyFile() function dereferences symbolic links by copying the contents of the target file. It includes updates to fs.md, a note in errors.md, and a changelog entry without any runtime or API changes.
  • pull/61534

• Readline Module Regression Fix: This pull request fixes a regression in the readline module by ensuring that the input is initialized before the history manager is set up. This prevents crashes when onHistoryFileLoaded is present and includes a regression test to cover this scenario.
  • pull/61538

• Filesystem globSync Fix: This pull request fixes an issue in the Node.js filesystem module where the globSync function failed to find files when read access was restricted to a specific directory using the --allow-fs-read flag.
  • pull/61552

• Windows Installation Script Update: This pull request updates the Windows installation script for additional development tools by upgrading the Visual Studio build tools workload from version 2022 to the latest 2026. This ensures compatibility with newer versions of node-gyp and npm required for building Node.js.
  • pull/61562

• Alpine Binaries Documentation Update: This pull request updates the documentation to reflect that the binaries are now built with Alpine 3.19, including updated kernel and musl requirements.
  • pull/61569

• Test Embedding Refactor: This pull request splits the test-embedding.js test file into separate parts to facilitate easier isolation and debugging of issues. It enables running the test cases in parallel to improve testing speed and adds more detailed comments explaining the purpose of each test.
  • pull/61571

• events.once() Async Caveats Clarification: This pull request clarifies the asynchronous caveats of the events.once() method by expanding the documentation to highlight that issues arise not only with process.nextTick() but more generally when using sequential await events.once(...) calls. It explains that the async function's execution resumes only after the current call stack completes, potentially causing multiple events to be emitted before resumption.
  • pull/61572

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 40

Key Closed Pull Requests

1. chore: fix typos in docs and comments: This pull request addresses multiple typographical errors in the project's documentation and comments, correcting misspelled words such as "recieve" to "receive" and "paramter" to "parameter," without affecting the runtime behavior of the code.

• URL: pull/61546

• Associated Commits: 2037e, 036c5, d81c4, 7c209, 24f3e, 97e0d, 63201, 41628

• Associated Commits: 2037e, 036c5, d81c4, 7c209, 24f3e, 97e0d, 63201, 41628

2. test_runner: support custom message for expectFailure: This pull request proposes enhancing the test runner's expectFailure option to accept custom string messages and detailed validation configurations, enabling these messages to be displayed in the TAP reporter output and aligning its behavior with existing skip and todo options, while also adding corresponding tests and documentation updates.

• URL: pull/61563

• Associated Commits: 5a150, 13aed, cd8b5, 67a4a, b6060

• Associated Commits: 5a150, 13aed, cd8b5, 67a4a, b6060

3. tools: test building with --experimental-quic: This pull request introduces an experimental compile-time flag --experimental-quic to conditionally enable the QUIC protocol support in Node.js, moves QUIC-related dependencies behind this flag, and adds tests to verify building the project with this new flag.

• URL: pull/61446

• Associated Commits: c1277, 88e8e, 86460

• Associated Commits: c1277, 88e8e, 86460

Other Closed Pull Requests

• Performance improvements in encoding and module lexing: Multiple pull requests focus on enhancing performance by integrating new libraries and experimental changes. One PR experiments with replacing the CommonJS module lexer to gather performance data, while another improves the TextEncoder's encode method by integrating simdutf, boosting encoding speed.
  • pull/61456, pull/61496

• TextDecoder and ICU unification: A pull request unifies ICU and no-ICU implementations of TextDecoder by adding a fatal UTF-8 decoder to the no-ICU version, introducing a UTF-8 fast path, and reducing code duplication. This also normalizes internal handle usage and improves encoding reporting for unsupported but recognized encodings.
  • pull/61409

• Buffer and ArrayBuffer safety fixes: One PR disallows the transfer operation of ArrayBuffer objects on pooled buffers by cherry-picking a V8 commit, fixing related checks and addressing a specific issue. This prevents unsafe operations on non-detachable arraybuffers in the buffer module.
  • pull/61372

• Async_hooks enhancements: A pull request adds a new trackPromises option to async_hooks createHook(), allowing users to opt out of promise-related hooks to reduce overhead and excessive hook invocations. This exposes an internal feature used to minimize noise during async debugging with the V8 inspector.
  • pull/61415

• Security and prototype pollution prevention: One PR updates Node.js code to use the safer StringPrototypeStartsWith from primordials instead of the standard method in lock-related code. This change prevents prototype pollution vulnerabilities in critical sections.
  • pull/61492

• Documentation updates and improvements: Several pull requests update documentation by moving Security-Team info to the core repo, refreshing team lists, adding new CLI options to the manpage, and adding documentation for new TLS options. Another PR regenerates the node.1 man page and prepares for automation.
  • pull/61495, pull/61504, pull/61064, pull/61048

• SQLite integration and stability fixes: A pull request improves SQLite integration by reserving space for local vectors to prevent reallocations, enhancing performance and stability. It also includes fixes for related crashes.
  • pull/61540

• Native code improvements and backports: One PR backports changes moving the import.meta initializer from JavaScript to native C++ code, simplifying the loader and improving initialization efficiency by avoiding JS-C++ transitions.
  • pull/61048

• Test suite enhancements and fixes: Multiple PRs improve test infrastructure by adding environment variable support to test_runner, splitting and simplifying test-fs-watch-ignore tests, skipping flaky SEA tests on certain platforms, and adding tests for V8 components linked in shared libnode.
  • pull/61367, pull/61463, pull/61494, pull/61502, pull/61461

• Bug fixes and reverts: One PR fixes a bug preventing truncation of long strings with the --print option, while another reverts a previous fix for compressed responses in the inspector module due to flaky tests. Another fixes a build issue related to VS2022 compilation when VS2026 support was added.
  • pull/61497, pull/61502, pull/61530

• Build and tooling enhancements: Several PRs add the LIEF tool to the license builder, introduce a new --shared-lief configure flag for optional shared linking with LIEF, and delay file writing exclusively on macOS as part of test adjustments.
  • pull/61508, pull/61532, pull/61536

• Miscellaneous documentation and organizational changes: One PR proposes adding an edit note to the README.md to improve clarity but has not been merged.
  • pull/61524

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.