Weekly GitHub Report for Node

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v23.10.0

1.2 Version Information:

Released on March 13, 2025, this version introduces the --experimental-config-file feature, allowing developers to use JSON configuration files like node.config.json to simplify flag management for test runners and other experimental features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, improved error handling, and various tooling and documentation enhancements.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. util.parseArgs() omits the first positional argument when used with the --eval= option: This issue reports a bug in the util.parseArgs() function where the first positional argument is omitted when the --eval= option is used in Node.js version 25.2.1 on a Linux platform. The expected behavior is that all positional arguments, including the first one, should be correctly parsed and included, but currently, the first positional argument is missing from the output.

   • The comments discuss that the code currently handles --eval with a space-separated argument but not the --eval= form, explaining the difference in how these are stored in process.execArgv. One contributor volunteers to investigate and fix the issue, and it is suggested that the parsing logic should check for any execArgv item starting with --eval rather than an exact match, noting that the bug also affects the --print option.
   • Number of comments this week: 4

2. Fatal: Check failed: (location_) != nullptr. in node v24.11.1: This issue reports a fatal internal error occurring in Node.js version 24.11.1 during integration tests, triggered by a failed check where a location pointer is unexpectedly null. The user suspects the problem may be related to thread workers or process spawning in their parallel execution library, and notes that the error happens inconsistently but repeatedly when running tests with node --test.

   • The comments include the user providing additional error logs and a detailed test suite that triggers the fault, while maintainers request a minimal reproducible example to assist with debugging; the user acknowledges the complexity of their project and commits to isolating a simpler repro case for further investigation.
   • Number of comments this week: 3

3. SuiteContext missing fullName property that exists at runtime: This issue reports that the SuiteContext object in the Node.js testing API has a fullName property available at runtime, but this property is missing from the official documentation and type definitions. The reporter provides extensive example code and output demonstrating the presence and usage of fullName during test execution, and suggests that the type definitions, including those in DefinitelyTyped, should be updated to include this property.

   • The comments discuss whether the fullName property can ever be undefined, suggesting the type might need to reflect that possibility, and include a screenshot presumably related to the discussion or testing output.
   • Number of comments this week: 2

4. Test Runner docs could use more information on the concept of a Suite: This issue requests enhanced documentation for the Node.js test runner, specifically to better explain the concept of a "suite" and how it differs from tests with subtests. The user highlights the subtle behavioral differences between suites and subtests and emphasizes the importance of clarifying these distinctions to aid developers transitioning from other testing frameworks.

   • The comments include a simple test message from an API automation tool and a demonstration of formatted text with bold, italics, and a hyperlink, but do not contribute further to the discussion about the documentation improvements.
   • Number of comments this week: 2

5. process.env is missing environment variables with numeric names: This issue reports that environment variables with purely numeric names are missing from process.env in Node.js, despite being set in the system environment. It also highlights that having such numeric-named variables causes process.env to become unreadable or throw errors when inspected, indicating a regression in recent Node.js versions.

   • The comments confirm that this problem is not limited to Windows and demonstrate that in newer Node.js versions, numeric environment variables cause process.env to throw a TypeError when inspected, whereas older versions show these variables as undefined but do not crash, suggesting a regression in the handling of numeric environment variable names.
   • Number of comments this week: 2

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

1. Flaky GC-related tests with V8 12.2: This issue addresses flaky garbage collection-related tests that have become unreliable with the update to V8 version 12.2, specifically mentioning tests like test-shadow-realm-gc-module, test-shadow-realm-gc, and test-net-write-fully-async-hex-string. The proposed approach is to skip these tests temporarily due to their instability caused by changes in V8's garbage collection strategy, with plans to find a more robust testing method in the future.
2. Flaky test-worker-arraybuffer-zerofill with V8 12.2: This issue concerns the flaky behavior of the test-worker-arraybuffer-zerofill test when running with V8 version 12.2, where the test intermittently fails due to a timeout after approximately 300 seconds. The problem may stem from either a genuine bug or broken timing assumptions causing lost messages, and the current approach is to mark the test as flaky while adding additional logging to aid in debugging.
3. Support loading dynamic addon modules (.node files) when embedding the Node.js shared library without needing to link with node.def: This issue addresses the challenge of loading dynamic Node.js addon modules (.node files) on Windows when Node.js is embedded as a shared library, specifically without requiring the embedding executable to link with the node.def file to reexport necessary symbols. The proposed feature suggests enhancing the delay load hook mechanism to optionally use an environment variable to locate the Node.js shared library, thereby enabling addon modules to load correctly without the current linking dependency, though potential security concerns with this approach remain to be evaluated.
4. Please make Node.js embeddable (e.g. libnode): This issue requests the creation of an embeddable version of Node.js, such as a libnode library, to allow projects to integrate the Node.js runtime and standard library directly within other host environments. The feature aims to address the current difficulty in embedding Node.js, which forces developers to rely on incomplete alternatives like Deno, and would particularly benefit use cases involving embedding Node.js in Rust-based applications.
5. unable to sign with external OpenSSL engine after usage of crypto.hash: This issue describes a problem where signing data with an external OpenSSL engine (specifically the gost-engine) fails after using the crypto.createHash method in Node.js version 21.7.0 and later. The user reports that while the signature operation works correctly in version 21.6.2 and earlier, it now throws an "unsupported" error related to digital envelope routines, indicating a regression likely caused by recent changes in the Node.js crypto subsystem.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 11

Summarized Issues:

• Node.js Runtime and Compression Errors: Several issues report critical runtime errors and unexpected behaviors in Node.js, including a fatal internal error triggered by parallel test execution with thread workers and process spawning, and a gzip compression bug producing incorrect output with large buffers. These problems cause unpredictable crashes and incorrect data handling, impacting stability and reliability in specific scenarios.
• [issues/60755, issues/60809]

• Testing API and Documentation Inconsistencies: Multiple issues highlight discrepancies and gaps in the Node.js testing API and documentation, such as the undocumented fullName property in SuiteContext and the need for clearer explanations of "suite" concepts to aid developer understanding and transition from other frameworks. These inconsistencies can lead to confusion and misuse of the testing framework.
• [issues/60757, issues/60758]

• Deprecated and Missing Dependencies: There are concerns about deprecated API usage and missing runtime dependencies, including the cpplint tool using deprecated Python APIs and Node.js requiring the libatomic library on Debian/Ubuntu images without handling its installation. These issues cause warnings and runtime failures that complicate development and deployment.
• [issues/60771, issues/60790]

• Environment Variable Handling Issues: An issue reports that environment variables with purely numeric names are missing from process.env, making them inaccessible and causing errors during inspection, despite being valid environment variables. This limits environment variable usability and can cause unexpected errors in applications relying on such variables.
• [issues/60795]

• Argument Parsing Bug: The util.parseArgs() function incorrectly omits the first positional argument when used with the --eval= command-line option, leading to inconsistent and unexpected argument parsing behavior compared to the --eval option without the equals sign. This inconsistency can cause confusion and bugs in command-line argument handling.
• [issues/60808]

• Benchmarking and Performance Contributions: There is an effort to identify and contribute pure JavaScript use cases to the JetStream benchmark suite to improve JavaScript performance in the V8 engine. This initiative aims to enhance benchmarking accuracy and drive performance improvements.
• [issues/60799]

• Deprecation Warning Enforcement: An issue requests that the DEP0158 deprecation warning be properly emitted for a runtime dependency that has been deprecated since Node.js version 16, ensuring developers are informed about deprecated features. This helps maintain code quality and future-proofing.
• [issues/60813]

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 2

Summarized Issues:

• Module errors and external dependencies: The rimraf module fails with an ERR_INVALID_ARG_TYPE during the postinstall cleanup of playwright-chromium on Node.js v24.6.0 or later due to old Playwright browser caches causing Buffer.concat to receive a string instead of a Buffer. This issue is identified as stemming from an external dependency rather than a Node.js core problem.
• issues/60786

• Security vulnerabilities in Docker images: All Node.js Docker images contain the security vulnerability CVE-2025-64756 related to the glob package, and there is no Docker image available that is free from this vulnerability. This highlights a widespread security concern affecting the entire set of official Node.js Docker images.
• issues/60792

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 30

Key Open Pull Requests

1. 2025-11-25, Version 20.19.6 'Iron' (LTS), @marco-ippolito: This pull request proposes the release of Node.js version 20.19.6 "Iron" (LTS) scheduled for 2025-11-25, featuring updates to root certificates with NSS 3.114 and 3.116, multiple dependency upgrades including V8 and OpenSSL, various documentation improvements such as deprecating HTTP/2 priority signaling and clarifying release verification instructions, as well as numerous bug fixes, test adjustments, and tooling enhancements across the project.

• URL: pull/60784

• Merged: No

• Associated Commits: fd9d4, e65b9, 45ec7, acec7, 6443a, 960d0, 3b236, db68c, 19a66, 082e5, cd153, 55611, fa5c5, 9eb94, 62779, 3456e, 20616, a07a2, bb108, 57624, 0cace, caa2d, bc3ff, a7a10, a6e7a, 2c8a7, 4f004, 2a11d, b8d14, 9e8be, 109c4, 3ec53, 7cb03, 8c5c8, 8a504, 4f858, 9543f, e51ef, fba00, e7f6f, 0f644, cbf4f, d0edb, 9f1e5, 69904, 76001, 393ff, 5d61b, 1788f, d1c9d, 409cb, 2426d, a2bcb, e5b4e, b4b5d, de9a3, d943c, dc58b, 1b75a, 4b4e3, b1da3, 14423, 6a530

2. src: implicitly enable namespace in config: This pull request renames the testRunner namespace to test as a breaking change with a migration warning, adds --test and --permission flags to the config file, fixes the outdated webstorage property, and enables --test, --watch, and --permission flags by default when the namespace is passed, thereby implicitly enabling namespaces in the configuration.

• URL: pull/60798

• Merged: No

• Associated Commits: 8f2ce, a2c66, 38085, be02a, 95f4f

3. doc: add fullName property to SuiteContext: This pull request adds documentation for the previously undocumented fullName property of the SuiteContext class, which returns the suite name and its ancestor names in a "Parent > Child" format, clarifies its availability since versions v22.3.0 and v20.16.0, and corrects related version metadata.

• URL: pull/60762

• Merged: No

• Associated Commits: 4a9ad, c55c9, 755c5

Other Open Pull Requests

• Test suite improvements and coverage enhancements: Multiple pull requests focus on improving the reliability and coverage of the Node.js test suite by ensuring that assertions are reached in a greater number of tests and fixing platform-specific issues such as Windows test failures. These changes collectively enhance test robustness and help catch more issues during testing.
  • pull/60751, pull/60759, pull/60760, pull/60761, pull/60763, pull/60803

• Documentation improvements for testing and filesystem stats: One pull request adds a comprehensive "Suites" section to the node:test documentation clarifying suite behavior and aliases, while another clarifies the distinction between fs.Stats and fs.BigIntStats classes to correct misleading impressions. These updates improve developer understanding and reduce confusion.
  • pull/60765, pull/60791

• V8 HeapStatistics API updates and backports: Two pull requests backport and modify the addition of the total_allocated_bytes field and method to the V8 HeapStatistics API, avoiding ABI breakage by introducing Isolate::GetTotalAllocatedBytes and updating related code for compatibility and stability. These changes maintain API consistency across Node.js versions.
  • pull/60801, pull/60800

• Memory usage reporting APIs for workers and child processes: Separate pull requests introduce new APIs to report detailed memory usage for worker threads and child processes, including native bindings, IPC exposure, error handling, regression tests, and documentation updates. These additions provide enhanced observability for memory consumption.
  • pull/60776, pull/60782

• Mock timers and AbortSignal.timeout() integration: A pull request adds support for AbortSignal.timeout() to the test runner's mock timers by implementing store and restore handlers, restoring documentation and validation, and including a regression test to verify correct behavior. This integration improves the mock timer API's completeness.
  • pull/60751

• WASM trap handler conditional installation: One pull request proposes conditionally installing the WASM trap handler based on available virtual memory, avoiding its use when the required 8-16GB virtual memory cage is not accessible, thereby improving robustness by relying on upstream detection rather than static flags.
  • pull/60788

• Temporal API support in filesystem stats: A pull request proposes adding support for Temporal.Instant to the Stats and BigIntStats classes, seeking feedback on naming and implementation before the Temporal feature is finalized or enabled by default. This aims to integrate the new Temporal API into filesystem statistics.
  • pull/60789

• Build configuration and test skipping for TypeScript stripping: A pull request modifies the Node.js build so that when compiled without the Amaro wrapper for TypeScript stripping, the default --strip-types option is false and failing tests are skipped to prevent erroneous failures. This addresses issue #60640 and improves build reliability.
  • pull/60815

• Fixes for Windows debug build crashes and test failures: Two pull requests fix crashes in embedding tests and debug test runs on Windows by extending thread lock scopes and recording initial test modes to prevent incorrect executable usage, thereby unblocking testing and preventing debug-only failures.
  • pull/60802, pull/60807

• Code consistency and performance improvements: A pull request improves code consistency and performance by preferring FunctionPrototypeCall over FunctionPrototypeApply when the argument list is not a predefined array, addressing inconsistent usage and suggesting a future linter rule.
  • pull/60796

• Handling DER decoding errors in system certificates: One pull request addresses DER decoding errors by skipping certificates that cannot be decoded due to SSL implementation issues, improving robustness in certificate processing.
  • pull/60787

• Revert incorrect documentation and assertion module changes: A pull request reverts a previous commit that attempted to correct the order of changes entries because the documented semver-major change never landed on the v25.x branch, maintaining accurate documentation history.
  • pull/60774

• LocalStorage getter regression fix: A pull request fixes a regression in version 25.x by modifying the localStorage getter to avoid returning an empty Proxy and instead issue a warning and return undefined when the required path is missing, restoring behavior consistent with version 24.x.
  • pull/60776

• Deprecation-related codemods from userland migrations team: A pull request introduces additional deprecation codemods contributed by the userland migrations team, ready to be merged independently due to previous reviewer shortages.
  • pull/60811

• Removal of unused private field: One pull request proposes removing an unused private field in the source code, referencing a related previous pull request for context.
  • pull/60802

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 17

Key Closed Pull Requests

1. doc: add section describing differences between Node.js fetch and WHATWG Fetch Standard: This pull request adds a comprehensive new documentation section to the Node.js project that clearly outlines the intentional differences between Node.js’s fetch() implementation and the WHATWG Fetch Standard, covering request and response body extensions, server-side behavioral distinctions, unsupported features, and implementation details to help developers better understand and work with server-side fetch.

• URL: pull/60744

• Merged: No

• Associated Commits: 7d37f, 9fc48

2. doc: correct concurrency wording in test() documentation: This pull request updates the test runner documentation to correct the concurrency terminology by replacing "application thread" with "test process," clarifying that concurrency is implemented using child processes rather than threads, and changing the term "parallel" to "concurrent" for greater accuracy.

• URL: pull/60773

• Merged: Yes

• Associated Commits: d1152, 11fc1

3. util: use RegExp.escape to better escape debugEnv: This pull request proposes replacing a custom regex escaping implementation with the built-in RegExp.escape method to improve the escaping of the debugEnv variable in the utility code.

• URL: pull/60804

• Merged: No

• Associated Commits: 66e9d, bbf76

Other Closed Pull Requests

• Configuration and CI improvements: Multiple pull requests address configuration management and continuous integration enhancements. These include adding permissions support in configuration files, removing unsupported Dependabot options to fix GitHub Actions failures, and correcting paths-ignore settings to prevent unnecessary CI jobs from running.
  [pull/60746, pull/60747, pull/60753]

• Code organization and linting fixes: Several pull requests focus on improving code quality and organization by splitting inspector protocol domains into separate PDL files, fixing linter warnings in test configuration files, and introducing linting for the Temporal global.
  [pull/60754, pull/60772, pull/60793]

• Documentation and examples updates: There are proposals to enhance documentation clarity and examples, including adding a recursive directory removal example to fs.rm() docs and updating the general documentation file, although some of these were not merged.
  [pull/60756, pull/60810]

• Build system enhancements: One pull request proposes adding a CMake workflow to support multi-platform builds, aiming to improve the flexibility and cross-platform compatibility of the project's build system.
  [pull/60816]

• Bug fixes and code simplifications: Pull requests include reverting a problematic localStorage getter error, fixing OpenSSL version parsing for older versions, and simplifying test runner code by reusing helpers and standardizing callback usage.
  [pull/60750, pull/60775, pull/60777]

• Tooling improvements: A pull request modifies tools to dump the config.gypi file as JSON to improve js2c processing when strings contain quotes.
  [pull/60794]

• TLS module enhancement: One pull request proposes using the built-in RegExp.escape method to improve server name escaping in the TLS module, removing the need for a custom regex implementation.
  [pull/60805]

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.