Weekly GitHub Report for Node: March 31, 2025 - April 07, 2025 (12:08:40)

Weekly GitHub Report for Node

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

---

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v23.10.0

1.2 Version Information:

The version released on March 13, 2025, introduces the --experimental-config-file feature, allowing developers to use a JSON configuration file to streamline the use of multiple flags, enhancing the developer experience. Notable updates include improvements in error handling, the addition of the tls.getCACertificates() and v8.getCppHeapStatistics() methods, and updates to root certificates and dependencies, reflecting a trend towards increased configurability and security enhancements.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. createRequire does not respect deleting module from require.cache: This issue describes a bug in Node.js where the createRequire function does not respect the deletion of a module from the require.cache, leading to unexpected behavior when attempting to reload a module. The user expects the module to be reloaded and logged twice, but instead, it is only logged once, indicating that the cache is not being properly cleared.

   • The comments discuss the context of using a custom sync loader with resolve and load hooks, the stripping of cache-busting queries, and the inconsistency between ESM and CJS resolution. The user explains the need for createRequire in a synchronous context and clarifies the use case, while others question the necessity and suggest alternatives. The conversation also touches on the concept of function "poisoning" and dynamic imports.
   • Number of comments this week: 12

2. Consider not stablizing "node:module".stripTypeScriptTypes to reduce baseline SEA binary size: This issue discusses the potential benefits of not stabilizing the stripTypeScriptTypes feature in Node.js to reduce the baseline size of single executable applications (SEA) by avoiding a mandatory dependency on the swc library. The suggestion is to allow users to opt-in for this feature, thereby keeping the binary size smaller unless explicitly needed, similar to the approach used in Deno.

   • The comments discuss the impact of swc on binary size, with a noted increase of around 3MB, and explore alternatives like pre-transpiling code to avoid runtime overhead. There is a clarification that Node SEA does not yet support TypeScript natively, and the discussion includes the possibility of making type stripping an optional dependency. The conversation concludes with the idea that the API can remain stable without being included in SEA by default.
   • Number of comments this week: 8

3. Incorrect handling of Proxy-Connection: close: This issue concerns the incorrect handling of the Proxy-Connection: close header in Node.js HTTP servers, where the server unexpectedly closes the connection instead of keeping it alive as anticipated. The problem arises when a client sends both Connection: keep-alive and Proxy-Connection: close headers, leading to a conflict that results in the server sending a Connection: close response, which is not the expected behavior.

   • A commenter suggests that the issue may not be a Node.js bug but rather a misconfiguration or misunderstanding of HTTP headers, noting that sending both Connection and Proxy-Connection headers with different values is problematic. They mention that the Proxy-Connection header should not be forwarded by intermediaries like nginx, and the correct approach is to drop this header before forwarding. The commenter also highlights that while the Connection header has replaced Proxy-Connection, legacy systems still use the latter, and Node.js behavior is compliant with specifications, allowing for either ignoring or honoring the Proxy-Connection header.
   • Number of comments this week: 1

Since there were fewer than 5 open issues, all of the open issues have been listed above.

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

1. Flaky GC-related tests with V8 12.2: This issue concerns flaky garbage collection-related tests in the V8 12.2 engine, specifically involving the test-shadow-realm-gc-module, test-shadow-realm-gc, and test-net-write-fully-async-hex-string. The problem seems to stem from incorrect assumptions in the tests that are disrupted by V8's new garbage collection strategy, leading to the suggestion of skipping these tests until a more reliable testing method is developed.
2. Flaky test-worker-arraybuffer-zerofill with V8 12.2: This issue concerns a flaky test named test-worker-arraybuffer-zerofill associated with V8 version 12.2, which has been failing intermittently, as indicated by a timeout error in the console output. The problem might be due to a real bug or broken timing assumptions/messages getting lost, and it has been suggested to mark the test as flaky and add logs for better debugging.
3. Support loading dynamic addon modules (.node files) when embedding the Node.js shared library without needing to link with node.def: This issue addresses the challenge of loading dynamic addon modules (.node files) when embedding the Node.js shared library into a different executable without the need to link with node.def. The proposed solution suggests modifying the delay load hook to utilize an environment variable, potentially named NODE_LIBRARY, to facilitate module loading, although the security implications of this approach are uncertain.
4. Please make Node.js embeddable (e.g. libnode): This issue is about a request to make Node.js embeddable by creating a libnode library that would allow Node.js capabilities to be exported and enable N-API access to the host context. The proposal aims to facilitate the integration of Node.js within other environments, such as a Rust-based host process, to support projects that currently face challenges using Node.js as an embedded runtime.
5. unable to sign with external OpenSSL engine after usage of crypto.hash: This issue involves a problem with signing using an external OpenSSL engine after utilizing the crypto.hash function in Node.js, specifically affecting versions v21.7.0 and v21.7.1. The error, which consistently reproduces, is linked to changes in the Node.js codebase and results in an unsupported digital envelope routine error, whereas the code functions correctly in version v21.6.2 and earlier.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 10

Summarized Issues:

• Node.js Module Caching Issues: The createRequire function in Node.js does not respect the deletion of a module from require.cache, causing the module not to reload as expected when using cache-busting techniques in an ESM project. This issue affects developers relying on dynamic module reloading, leading to potential inconsistencies in application behavior.
  • issues/57696

• Node.js TCP Socket Keepalive Bug: Setting a TCP socket's keepalive interval to less than 1000 milliseconds in Node.js is silently ignored, resulting in no keepalive packets being sent. This behavior contradicts the expected functionality as per the documentation, suggesting a need for either a runtime warning or documentation update.
  • issues/57712

• Node.js HTTP Server Connection Handling: Node.js HTTP servers incorrectly handle the Proxy-Connection: close header by closing the connection unexpectedly, leading to failures in subsequent requests. This issue highlights the ambiguity in HTTP RFCs regarding proxy-connection headers and affects server interactions with frontends like nginx.
  • issues/57722

• Node.js Async Hooks Performance: The async_hooks implementation in the deprecated domain module runs at the same speed as the original domain implementation, slowing down servers by approximately 30%. This issue suggests investigating potential optimizations, possibly due to numerous function binding calls.
  • issues/57724

• Node.js Test Runner Global Hooks: Global hooks set up via the --require option in the test_runner subsystem do not trigger as expected across all platforms, unlike the --import option. This results in missing global beforeEach and afterEach hooks during test execution, affecting test reliability.
  • issues/57728

• Node.js AbortSignal.any() Timeout Issue: The AbortSignal.any() function in Node.js version 23.11.0 fails to reliably trigger timeouts, causing the fetch() function to return a response instead of throwing a TimeoutError. This inconsistency is particularly evident when multiple signals are involved, affecting application reliability.
  • issues/57736

• Node.js Memory Allocator Performance: Implementing a hinting mechanism or heuristics in the Node.js memory allocator to utilize 2MB huge pages for large data can significantly improve performance. Benchmarks show gains when using transparent huge pages set to "always" compared to "madvise," suggesting a potential optimization path.
  • issues/57740

• Node.js stripTypeScriptTypes Feature: Not stabilizing the stripTypeScriptTypes feature in Node.js could allow users to manage dependencies like swc themselves, reducing the baseline size of single executable applications (SEA). This approach could lead to more efficient, smaller binaries, similar to Deno, by enabling ahead-of-time transpiling.
  • issues/57744

• Node.js WebcryptoAPI Secure Heap Bug: Certain key management APIs in Node.js webcryptoAPI do not utilize the secure heap as expected when importing specific keys, despite the --secure-heap flag being used. This issue leads to no secure heap consumption, affecting the security of cryptographic operations.
  • issues/57750

• Node.js fs.stat AbortSignal Support: Adding support for an AbortSignal to the fs.stat functions in Node.js would allow these functions to terminate early during teardown by emitting an "abort" event. This feature would align fs.stat with other file system operations that already support this functionality, improving consistency.
  • issues/57751

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 18

Summarized Issues:

• Environment Variable Parsing Issues: The util.parseEnv function has a bug where it incorrectly creates additional environment variables when an equal sign is present in the value. This leads to unexpected outputs and potential security concerns.
  • issues/57411

• HTTP/2 Stream Errors: An "ERR_HTTP2_INVALID_STREAM" error occurs when attempting to end a response on a destroyed stream under high load conditions. This issue is possibly related to the use of res.socket.destroySoon() to terminate HTTP/2 connections.
  • issues/57416

• File Watcher Overlapping Path Bug: The --watch feature in Node.js fails to detect changes and trigger a restart for files with overlapping paths. It works correctly for other files, indicating a specific issue with path overlap.
  • issues/57422

• SQLite Iteration and Access Issues: The StatementSync#iterate function in SQLite fails due to garbage collection, causing the statement to be prematurely finalized. This results in inconsistent behavior such as unexpected termination or data corruption during iteration.
  • issues/57493, issues/57534, issues/57741

• Node.js REPL Built-in Modules Discrepancy: The repl.builtinModules list does not include all Node.js built-in modules as expected. It is suggested to deprecate this in favor of using require('node:module').builtinModules for a complete list.
  • issues/57504

• Regression in Crypto Module: In Node.js version 23.7.0, the crypto.privateDecrypt method fails to decrypt an empty string encrypted with RSA-OAEP. This regression is suspected to be caused by recent changes in the codebase.
  • issues/57553

• JavaScript and TypeScript Syntax Conflict: An accidental breaking change in Node.js version 23.6.0 enabled the --experimental-strip-types flag by default. This causes a syntax conflict between JavaScript and TypeScript, resulting in different outputs.
  • issues/57638, issues/57756

• Node.js Documentation Inconsistencies: The Node.js documentation for Corepack has inconsistencies and accessibility problems following the release of Node.js v23.11.0. Links direct users to outdated documentation or fail to list Corepack entirely.
  • issues/57708

• Test Runner Globbing Pattern Change: The test runner's behavior changed from Node.js version 22 to 23, where the globbing pattern for .ts files no longer matches. This causes tests to pass silently without execution, highlighting the need for better communication of breaking changes.
  • issues/57734

• Intl.NumberFormat Locale Bug: In Node.js version 20.19.0, the Intl.NumberFormat function with the locale "it-IT" fails to include a thousands separator for numbers between 1000 and 9999. This is likely due to changes in the CLDR data in ICU 76.1.
  • issues/57737

• Node.js Version-Specific Bugs: Various bugs are introduced in specific Node.js versions, such as subprocess termination on Windows and TypeScript file recognition errors. These issues highlight the challenges of maintaining backward compatibility.
  • issues/57669, issues/57647

• Proposal for SQLite Utilities Integration: There is a proposal to integrate the dbhash and sqldiff utilities as JavaScript APIs within Node.js. This aims to enhance SQLite functionality by wrapping these utilities for direct use in Node.
  • issues/57637

• SPAM Issue: A closed GitHub ticket labeled as "SPAM" indicates irrelevant or inappropriate content for the Node.js repository.
  • issues/57692

• Web Interface for Shipment Tracking: A web interface for tracking shipments is being implemented, requiring several Node.js packages. Users can input a tracking ID to retrieve and display shipment details.
  • issues/57739

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

---

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 29

Key Open Pull Requests

1. deps: update V8 to 13.6: This pull request proposes updating the V8 JavaScript engine to version 13.6 in the Node.js project, introducing several notable changes such as RegExp.escape, Float16Array, Atomics.pause, WebAssembly Memory64, explicit resource management, and Error.isError, while also addressing various build and compatibility issues across different platforms and configurations.

• URL: pull/57753

• Merged: No

• Associated Commits: de0bf, 736cb, 9e6dd, 7016b, 3eca2, 439cc, 0590f, 45497, a7468, 4d8f3, 61715, 4223a, b4595, ee884, 7e75e, ab6a0, 23df4, ec9ce, 6a24b, 0bc59, cc77d, 384a5, e1a8a, 9ba77, 324e0, b1111, f9753, 1c717, 06a53, 77260, b062a, 727b5, d8cc3, 05eab

2. doc: graduate more experimental APIs: This pull request aims to update the documentation by graduating several experimental APIs, including events.addAbortListener, multiple process APIs, and util.aborted, to stable status in the Node.js project.

• URL: pull/57765

• Merged: No

• Associated Commits: 67af4, f24b0, d3ab6, 8ada8, 15695

3. test: add tests for REPL custom evals: This pull request introduces new tests for custom REPL evaluations in the Node.js project, addressing a previously noted TODO comment, and includes several commits that refine the implementation by incorporating code review suggestions, reorganizing the getReplOutput function, and enabling test concurrency.

• URL: pull/57691

• Merged: No

• Associated Commits: e8b6c, afd03, 4da7e, 63034

Other Open Pull Requests

• NativeSymbolDebuggingContext Improvements: This topic covers improvements to the NativeSymbolDebuggingContext::GetLoadedLibraries function, addressing issues such as random failures in retrieving module file paths and memory leaks. The pull request also includes refactoring to replace GetModuleFileNameExW with GetModuleFileNameW for better reliability.
  • pull/57738

• New Feature - module.detectSyntax: A new feature, module.detectSyntax, is introduced to help libraries determine file syntax without execution. This addition aims to resolve issues faced by libraries, as discussed in the pull request.
  • pull/57731

• getCallSites Function Improvement: The getCallSites function is improved by correcting a typographical error and adding a test for frame count truncation. This ensures the function remains within a valid range and handles decimal fractions correctly.
  • pull/57732

• Corepack Documentation Clarification: Documentation is clarified to state that the Corepack feature will be removed in Node.js version 25 and later. This change addresses user confusion and aligns with a TSC vote decision.
  • pull/57747

• Android Build and Test Fixture Updates: Various build and test fixture issues for Android are addressed, including handling standard input/output files and cross-compilation conflicts. Some patches are specific to Termux, and not all issues are fully resolved.
  • pull/57748

• SQLite DatabaseSync Timeout Options: Timeout options are introduced to the DatabaseSync functionality in SQLite. These changes include adding options and relocating timeout settings to the open configuration.
  • pull/57752

• REPL Documentation Example Clarity: The examples section in the REPL documentation is clarified to prevent misinterpretation. This ensures examples are not mistakenly perceived as part of the preceding section and clarifies alerts.
  • pull/57762

• StringBytes::Encode Error Handling: Error handling in the StringBytes::Encode(...) function is enhanced by deprecating node::Encode(...) and introducing node::TryEncode(...). This ensures proper error handling by returning MaybeLocal<String>.
  • pull/57706

• globSync Function Performance Enhancement: The performance of the globSync function in the Node.js file system module is enhanced. Benchmark results show varying degrees of performance improvements across different test scenarios.
  • pull/57725

• zlib Module Pointer Alignment: A pointer alignment issue in the zlib module is addressed by modifying the AllocForBrotli function. This ensures proper alignment of allocated memory, particularly on Arm 32-bit systems.
  • pull/57727

• AbortController.abort() Message Update: The default message for AbortController.abort() is updated to align with DOM and WebIDL standards. This addresses a discrepancy in the Node.js library.
  • pull/57735

• macOS Test Error Message Update: The expected error message for macOS tests is updated due to changes introduced by the recent macOS 15.4 update. This update addresses test failures on the contributor's machine.
  • pull/57742

• CI Documentation Update: Documentation for Continuous Integration (CI) instructions is updated to enhance protection against malicious pull requests. The Retry button's functionality is altered due to non-matching commit SHAs.
  • pull/57743

• File System Module Position Type Update: The documentation is updated to change the position type from integer to integer | null. This reflects the capability for the position to accept null values.
  • pull/57745

• HTTP Request Performance Enhancement: HTTP request performance in the Node.js project is enhanced by removing the use of async_hooks. Further performance improvements are pending benchmark results.
  • pull/57746

• everysync Module Introduction: The "everysync" module is introduced to the worker_threads package in Node.js. This addition is discussed in a collaborative summit meeting and includes a commit signed by Matteo Collina.
  • pull/57749

• Error Handling Enhancements in Various Modules: Error handling is enhanced in several modules, including crypto_x509, callback.cc, node_messaging, and node_http2. These improvements avoid the use of certain APIs and include style cleanups.
  • pull/57757, pull/57758, pull/57760, pull/57764

• Multiple REPL Instances Example Clarification: The example of running multiple REPL instances is clarified to state they share the same global object. This resolves potential confusion and addresses issue #43118.
  • pull/57759

• Foreign Function Interface (FFI) Implementation: An initial implementation of the Foreign Function Interface (FFI) for Node.js is introduced. This allows developers to call functions from shared libraries with experimental support requiring specific flags.
  • pull/57761

• Corepack Removal from Build Process: The corepack is removed from the Node.js build process, aligning with a TSC vote. This change affects Node.js version 25 and above without disrupting earlier release lines.
  • pull/57763

• AsyncLocalStorage Options Introduction: The defaultValue and name options are introduced to AsyncLocalStorage in Node.js. This aligns with the upcoming AsyncContext specification, allowing developers to set default values and names.
  • pull/57766

• node_env_var.cc Error Handling Enhancement: Error handling within the node_env_var.cc file is enhanced. This improvement is referenced in a previous discussion and includes a commit message detailing the changes.
  • pull/57767

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 53

Key Closed Pull Requests

1. sqlite: add setReturnArrays method to StatementSync: This pull request introduces a new method, setReturnArrays(), to the StatementSync class in the SQLite module, enabling query results to be returned as arrays rather than objects for improved efficiency, particularly when dealing with meaningless or auto-generated column names or a large number of columns, and it addresses issue #57534 on the Node.js GitHub repository.

• URL: pull/57542

• Merged: 2025-04-04T21:26:52Z

• Associated Commits: d90c8, 533be, f9539, cc0b0, ca824, de950, 43bec, f74a9, 77a75

2. tools: enable linter in test/fixtures/source-map/output: This pull request enables a linter in the test/fixtures/source-map/output directory of the Node.js project, involving multiple commits to fix and refine the implementation, and includes updates to the eslint.config.mjs file to ensure code quality and consistency.

• URL: pull/57700

• Merged: 2025-04-04T13:56:40Z

• Associated Commits: 08928, 2d224, fca60, d7618, 3aaf5, eb3db, 5944b

3. util: fix parseEnv incorrectly splitting multiple ‘=‘ in value: This pull request addresses an issue in the parseEnv utility where multiple '=' characters in a single line would incorrectly split into multiple environment variables, ensuring that only the first '=' is used as the key-value delimiter while the rest of the line is treated as the value, thereby fixing the problem described in issue #57411 on GitHub.

• URL: pull/57421

• Merged: 2025-04-06T07:47:28Z

• Associated Commits: be4ee, b0680, 8a094, 12105, af806, 1ac38

Other Closed Pull Requests

• Enable per_context files to access privateSymbols: This topic involves allowing GetPerContextExports to pass IsolateData to InitializePrimordials, which facilitates the compilation of per_context files with privateSymbols from IsolateData. It also addresses related issues such as a crash in MessagePort::MoveToContext and checks for isolate_data during InitializePrivateSymbols.
  • pull/57479

• Crypto-rsa code improvements: This topic covers fixing RSA-OAEP encryption for empty strings and resolving lint errors in the Node.js project. It also includes adding a hasCrypto check in the test-crypto-private-decrypt.js and correcting a bug related to empty strings.
  • pull/57572, pull/57575

• Performance enhancements in Node.js modules: This topic focuses on optimizing the assert and util modules for deep object comparisons, including improvements for comparing sparse arrays and sets. It also involves enhancing the performance of the getPackageType function by modifying the packageJsonReader#getPackageType method.
  • pull/57648, pull/57599

• Linter enablement in Node.js directories: This topic involves enabling a linter in various directories such as test/fixtures/test-runner/output, test/fixtures/eval, and test/fixtures/errors. These changes ensure code quality and consistency by integrating several commits that address linter-related issues.
  • pull/57698, pull/57699, pull/57701

• SQLite improvements in Node.js: This topic includes a minor refactor of the SQLite value conversion process to JavaScript, aimed at facilitating the implementation of a related pull request and reducing code duplication. It also covers backporting changes to the v22.x branch, allowing the use of Buffer and URL as database locations.
  • pull/57571, pull/57533

• WebAssembly (Wasm) execution improvements: This topic addresses executing top-level Wasm files without requiring the package to have a "type": "module". It ensures the ESM loader is always used and includes a comprehensive test case for top-level Wasm execution.
  • pull/57610

• Error message enhancements in Node.js: This topic involves enhancing the ERR_ACCESS_DENIED error message by making it more descriptive and adding a suggestion flag. It also includes removing extra padding from TypeScript error messages and aligning the error message style with Node.js standards.
  • pull/57585, pull/57687, pull/57704

• Test and utility improvements in Node.js: This topic addresses a race condition issue in the test setup of the test_runner by fixing a dangling promise. It also covers error propagation in the SyncCall utility, ensuring stability and correctness during testing.
  • pull/57595, pull/57711

• Miscellaneous updates and fixes: This topic includes various updates such as disabling Abseil deadlock detection in V8 tests, updating the Ada dependency, and reintroducing visa fees in the onboarding documentation. It also covers enabling common flags for SQLite and addressing path checking issues.
  • pull/57582, pull/57693, pull/57730, pull/57621, pull/57425

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

1. worker_threads: add everysync
   • Toxicity Score: 0.55 (Defensive responses, critical feedback, escalating tension.)
   • This GitHub conversation involves username1 proposing a new module, with username2 providing feedback that is initially constructive but becomes increasingly critical. Username1 responds defensively, leading to a tense exchange. The tone shifts from collaborative to confrontational, with username2 expressing dissatisfaction with the progress and username1 feeling misunderstood.

---

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.

Contributor	Commits	Pull Requests	Issues	Comments
aduh95	69	16	0	56
jasnell	56	9	1	59
targos	56	2	0	12
cjihrig	6	1	1	59
dario-piotrowicz	35	13	2	15
BridgeAR	17	5	0	23
anonrig	11	2	1	31
ljharb	2	2	0	37
marco-ippolito	10	5	1	23
mcollina	6	1	5	22