Weekly GitHub Report for Node: October 13, 2025 - October 20, 2025 (12:06:14)
Weekly GitHub Report for Node
Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.
Table of Contents
I. News
1.1 Recent Version Releases:
The current version of this repository is v23.10.0
1.2 Version Information:
Released on March 13, 2025, this version introduces the --experimental-config-file feature, allowing developers to use JSON configuration files to simplify flag management for the test runner and other experimental features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, improved error handling, and various dependency and documentation enhancements.
II. Issues
2.1 Top 5 Active Issues:
We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.
-
Inaccurate Decorator Status Documentation: This issue addresses the inaccurate documentation regarding the status of decorator support in Node.js, specifically pointing out that the current docs misleadingly suggest that decorators will be supported soon, despite no progress being made for over a year. The discussion revolves around whether Node.js should implement decorator transforms or wait for native support in V8, with consensus leaning towards updating the documentation to reflect that decorators remain unsupported until they are natively available in JavaScript engines, rather than implying imminent resolution.
- The comments explore the feasibility and risks of Node.js implementing decorator support before V8 ships it natively, debating the distinction between TypeScript and TC39 decorators and the appropriateness of polyfilling; ultimately, contributors agree to update the docs to remove the misleading "soon" language and clarify that decorators will remain unsupported until native engine support exists, with one user volunteering to submit a documentation fix.
- Number of comments this week: 25
-
perf: use native v8 toBase64() / toHex() in Buffer#toString ?: This issue discusses the potential performance improvements of using native V8 implementations of
toBase64()andtoHex()methods inBuffer#toString()compared to the current JavaScript implementations. It highlights benchmark results showing that native methods can be 1.6-1.7 times faster in certain buffer size ranges, but also notes performance regressions for larger buffers and compatibility considerations.- The comments explore the stability and availability of the native APIs, suggest fallback mechanisms, share benchmark data revealing size-dependent performance variations, and discuss historical context and possible causes for unexpected performance anomalies related to string length and externalized strings.
- Number of comments this week: 7
-
[npx] Cannot run tailwindcss CLI on Windows with Node v20.19 and NVM: This issue describes a problem where the Tailwind CSS CLI fails to run on Windows when using Node.js version 20.19 managed by NVM, specifically when invoked via
npx. The user reports that while the CLI commands work on Linux and macOS, on Windows with NVM the commands fail with an error stating "npm error could not determine executable to run," indicating a problem with executable resolution in this environment.- The discussion clarifies that the issue is isolated to the Windows + NVM setup and does not occur with other
npxcommands, suggesting the problem lies with hownpxresolves the Tailwind CLI executable under these conditions. Commenters recommend testing with different Tailwind versions and Node installation methods to isolate whether the root cause is Tailwind, NVM for Windows, or their interaction, concluding that the problem is unlikely to be with Node.js itself. - Number of comments this week: 5
- The discussion clarifies that the issue is isolated to the Windows + NVM setup and does not occur with other
-
test-runner-watch-mode-kill-signal is flaky: This issue reports that the test named
test-runner-watch-mode-kill-signalis flaky, failing intermittently across multiple platforms including Linux x64, macOS x64, and Linux ARM64. The test frequently times out and has appeared in numerous daily reliability reports, prompting suggestions to split the test into smaller parts and mark the flaky portion accordingly, while clarifying that the test is not actually related to the test runner despite its name.- The comments highlight the persistent flakiness of the test since June, referencing multiple reliability reports and suggesting practical steps such as splitting the test and marking flaky parts. It was also clarified that the test is misnamed and does not involve the test runner, which may influence how the issue is addressed.
- Number of comments this week: 4
-
Performance regression with JSON.parse with reviver: This issue addresses a performance regression observed in JSON.parse when used with a reviver function, following an extension by Tc39 to accept a third argument providing context details. The reporter notes a significant slowdown of 10-50% in such cases, with a partial fix upstreamed that improves performance by about 36% when using arrow functions for the reviver, though this optimization cannot be automatically applied to regular functions due to specification constraints.
- The comments discuss the relationship between JSON as a native V8 module and Node.js, question whether V8 tracks usage of
argumentsorevalto enable optimizations for regular functions, and acknowledge ongoing efforts to explore potential optimizations beyond arrow functions despite the complexity involved. - Number of comments this week: 3
- The comments discuss the relationship between JSON as a native V8 module and Node.js, question whether V8 tracks usage of
2.2 Top 5 Stale Issues:
We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.
- Flaky GC-related tests with V8 12.2: This issue addresses flaky garbage collection-related tests that have become unreliable with the update to V8 version 12.2, specifically mentioning tests like
test-shadow-realm-gc-module,test-shadow-realm-gc, andtest-net-write-fully-async-hex-string. The proposed approach is to skip these tests temporarily due to their instability caused by changes in V8's garbage collection strategy, with plans to find a more robust testing method in the future. - Flaky
test-worker-arraybuffer-zerofillwith V8 12.2: This issue concerns the flaky behavior of thetest-worker-arraybuffer-zerofilltest when running with V8 version 12.2, where the test intermittently fails due to a timeout after approximately 300 seconds. The problem may stem from either an actual bug or broken timing assumptions causing lost messages, and the current approach is to mark the test as flaky while adding additional logging to aid in debugging. - Support loading dynamic addon modules (
.nodefiles) when embedding the Node.js shared library without needing to link withnode.def: This issue addresses the challenge of loading dynamic Node.js addon modules (.nodefiles) on Windows when embedding the Node.js shared library into a different executable without the need to link that executable with thenode.deffile. The proposed feature suggests modifying the delay load hook to optionally use an environment variable to locate the Node.js shared library, enabling addon modules to load correctly without relying on the executable's symbol exports, though potential security concerns remain to be evaluated. - Please make Node.js embeddable (e.g. libnode): This issue requests the creation of an embeddable version of Node.js, such as a
libnodelibrary, to allow projects to integrate the Node.js runtime and standard library within other host environments, like Rust-based applications. The current lack of an easily embeddable Node.js runtime forces developers to rely on incomplete alternatives, and this feature would enable better reuse of existing tooling and dependencies without requiring significant rewrites. - unable to sign with external OpenSSL engine after usage of crypto.hash: This issue describes a problem where signing data with an external OpenSSL engine (specifically the gost-engine) fails after using the
crypto.createHashmethod in Node.js version 21.7.1. The user reports that while the signature operation works correctly in earlier versions (v21.6.2 and before), it produces an "unsupported" error related to digital envelope routines in the newer versions, likely due to recent changes in the Node.js crypto subsystem.
2.3 Open Issues
This section lists, groups, and then summarizes issues that were created within the last week in the repository.
Issues Opened This Week: 21
Summarized Issues:
- OpenSSL Compatibility and Build Issues: Several issues highlight conflicts and build problems related to OpenSSL in Node.js. These include memory corruption and crashes caused by incompatible OpenSSL versions when using the msodbcsql driver, the need for a build option to use system-installed OpenSSL on Linux to avoid segfaults, and a build failure on LoongArch64 due to an undeclared identifier after upgrading V8. These problems affect stability and compatibility across different environments and architectures.
- [issues/60240, issues/60270, issues/60258]
- Crypto Module Security and Functionality: The crypto module has multiple issues affecting correctness and security. One problem is the incorrect double hashing of prehashed inputs when signing or verifying with a null algorithm parameter, causing incompatibility with external systems. Another is a security risk where non-well-formed JavaScript strings produce equal hashes despite being unequal, potentially exposing private keys or data, which calls for enforcing string validation to prevent unsafe cryptographic behavior.
- [issues/60263, issues/60267]
- Documentation Accuracy and Clarity: Several issues address documentation improvements and corrections in Node.js. These include clarifying that
assert.deepStrictEqualcompares the.constructorproperty, fixing multiple minor documentation problems infsandfs/promisesmodules for better clarity, and correcting inaccurate statements about decorator support to reflect its current TC39 Stage 3 status and lack of native support in Node.js. These changes aim to improve developer understanding and reduce confusion. - [issues/60239, issues/60280, issues/60282]
- Performance Regressions and Optimizations: Performance-related issues focus on regressions and potential improvements. A significant regression in
JSON.parsewith a reviver function causes 10-50% slower parsing due to V8 changes, while another explores using native V8 methods forBuffer#toString()encoding to achieve up to 1.7 times faster performance. These highlight ongoing efforts to maintain and enhance Node.js efficiency. - [issues/60247, issues/60249]
- Error Handling and API Behavior: Issues in this category involve unexpected or problematic API behaviors. For example,
vm.Module.evaluate()converts loader errors into rejected promises, preventing synchronous error handling, and thechild_process.exitCodeproperty remainsnullafter process exit contrary to documentation. Additionally, the globallocalStoragereturns an empty proxy instead of throwing errors on invalid files, deviating from spec compliance. These inconsistencies affect developer expectations and error management. - [issues/60242, issues/60285, issues/60303]
- Node.js REPL and Autocompletion Bugs: The REPL autocompletion incorrectly suggests instance properties after
new X.instead of static class properties, causing unexpected behavior and side effects by invoking constructors during completion. This issue impacts developer experience when using the interactive environment. - [issues/60306]
- QUIC Implementation Issues: The QUIC subsystem has problems including lack of support for streaming data bodies, limiting features like WebTransport, and a debug assertion failure on Windows caused by incorrect offset assumptions when processing multiple packets. These issues affect protocol implementation stability and feature completeness.
- [issues/60234, issues/60309]
- Test Suite Stability and Warnings: Test reliability and build warnings are also concerns. A flaky test named
test-runner-watch-mode-kill-signalfrequently times out and fails across platforms, causing instability. Additionally, an unnecessary "NAPI_EXPERIMENTAL is enabled" warning appears when building addons due to an unconditional define in Node core, cluttering build output and potentially confusing developers. - [issues/60297, issues/60311]
- Miscellaneous Bugs and Feature Requests: Other issues include a compiler warning from signed/unsigned integer comparison in a test file, a bug causing infinite loops in
fs.realpathSyncon symlinked directories, and a feature request to support network upload progress monitoring for FormData in Node.js. These cover a range of minor but impactful problems and enhancements. - [issues/60275, issues/60295, issues/60308]
2.4 Closed Issues
This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.
Issues Closed This Week: 4
Summarized Issues:
- Test Flakiness and Timeout Issues: The
parallel/test-without-async-context-frametest is flaky because it frequently hits the default two-minute timeout on macOS and Linux, causing failures in multiple recent CI runs. This indicates a need for improvements in how the test handles timeouts and parallel execution to increase reliability. - issues/60268
- TLS Certificate Validation Errors in Docker: Node.js 24.7.0 experiences TLS certificate validation errors (
UNABLE_TO_GET_ISSUER_CERT_LOCALLY) inside Docker containers because it does not use the system CA certificates by default. The removal of the Comodo AAA Services root certificate from the Mozilla CA bundle causes certain Cloudflare-issued certificates to fail validation unlessNODE_EXTRA_CA_CERTSis set. - issues/60284
- Breaking Change in TypeScript Module Loading: Upgrading Node.js from 22.17.1 to 22.20.0 introduced a breaking change where native TypeScript type stripping treats
.tsconfig files as ES modules. This causes Jest’srequire.resolve()injest.config.tsto fail with a “require is not defined in ES module scope” error, revealing compatibility issues between Node’s new TypeScript support and Jest. - issues/60290
- Incorrect Handling of FileStream Options: The
FileHandle.createReadStreammethod incorrectly ignores thebeginoption (which should bestart), causing the stream to always read from the beginning of the file. This leads to unexpected output when attempting to read a specific byte range from a file. - issues/60292
2.5 Issue Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.
III. Pull Requests
3.1 Open Pull Requests
This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Opened This Week: 29
Key Open Pull Requests
1. quic: For streams allow ReadableStream as body: This pull request enables the body parameter for all created QuicStreams to accept a ReadableStream of Uint8Array, ArrayBuffers, etc., introduces a DataQueueFeeder class for related mechanisms, modifies the interface to handle unidirectional streams without readers, and ensures that a ResumeStream is added after AddStream in QuicSession to fix issues with stream handling.
- URL: pull/60237
- Merged: No
2. doc: deprecations add more codemods: This pull request proposes adding more codemods related to deprecations and fixes an incorrect link in the documentation.
- URL: pull/60243
- Merged: No
3. doc: update decorator documentation to reflect actual policy: This pull request updates the TypeScript documentation to accurately reflect Node.js's policy on decorators by removing misleading language about imminent support and temporary limitations, clarifying that Node.js will not provide polyfills, and stating that decorators will be supported only when implemented natively in JavaScript.
- URL: pull/60288
- Merged: No
Other Open Pull Requests
- Documentation updates and clarifications: Multiple pull requests improve Node.js documentation by clarifying API behaviors and usage. These include highlighting differences in fetch() implementation, updating assert.deepStrictEqual behavior, specifying error argument typing in worker_threads, adding cross-references for file modes, and correcting V8 API buffer.kMaxLength details.
- Security and stability fixes: Some pull requests address security vulnerabilities and improve stability by adding bounds validation to Buffer copy functions and fixing test behavior when compiled without the inspector. These changes prevent memory corruption and ensure correct test status reporting.
- Build and CI improvements: Several pull requests enhance build and continuous integration processes by updating WiX to the latest version, splitting flaky tests to isolate timeouts, removing deprecated build definitions, and fixing compile warnings. These updates improve build reliability and developer experience.
- pull/60251, pull/60274, pull/60281, [pull/60296](https://github.com/pull/60296]
- V8 engine updates and fixes: Multiple pull requests integrate V8 engine fixes and improvements, including a heap profile API addition, a LoongArch64 build fix, and a regex ChoiceNode modifier fix. These changes address architecture-specific issues and enhance V8 functionality.
- Code refactoring and cleanup: Some pull requests simplify and standardize code by removing unreachable conditions, converting methods to getters, renaming parameters for consistency, and refactoring asynchronous loader hooks for clarity. These changes improve code maintainability without altering behavior.
- pull/60235, pull/60246, [pull/60278](https://github.com/pull/60278]
- New features and tooling enhancements: A few pull requests introduce new features such as a permission flag for the inspector, a benchmark runner for test-shared tools, and improved linting output for the Nix linter. These additions enhance developer control and testing capabilities.
3.2 Closed Pull Requests
This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Closed This Week: 30
Key Closed Pull Requests
1. src: use Utf8Value and TwoByteValue instead of V8 helpers: This pull request proposes replacing V8 helper classes with the project's own Utf8Value and TwoByteValue helper classes in the source code to leverage their advantage of using stack storage, and adds a C++ lint rule to enforce avoiding the use of String::Utf8Value in favor of these custom helpers.
- URL: pull/60244
- Merged: No
2. Added differences in fetch docs: This pull request adds a section to the Node.js fetch() documentation that highlights the differences between Node.js's implementation and the standard fetch() API.
- URL: pull/60232
- Merged: No
3. typings: correct internal bindings for worker, http_parser, config: This pull request aims to correct and update TypeScript typings by adding missing properties and methods to the internal bindings for Worker and HTTPParser, while also removing an undefined property from the ConfigBinding to better align with the current Node.js implementation.
- URL: pull/60257
- Merged: No
Other Closed Pull Requests
- Inspector Enhancements: Multiple pull requests improve the Node.js inspector by adding support for handling handshake responses to enable proper websocket inspection and introducing network payload buffer size limits to manage memory usage effectively. Additionally, the inspector_protocol dependency is updated and integrated into a GitHub Actions workflow to streamline maintenance.
- Test Suite Improvements: Several pull requests reorganize and optimize tests, including moving SEA tests to a dedicated directory with platform-specific skips, optimizing wildcard test matches to reduce redundant executions, fixing flaky tests by adjusting expectations or error handling, and enabling correct parallelization by using built-in wildcard support. These changes enhance test reliability and maintainability across different environments.
- Documentation Fixes and Updates: Multiple pull requests address documentation improvements by fixing code examples and heading levels, documenting underdocumented features such as wildcard support in test.py, adding references to testing guides, and clarifying TypeScript decorator policy to reflect Node.js's official stance. These updates improve clarity and developer guidance.
- V8 and Internal Code Updates: Pull requests include the initial implementation of IsolateGroups in V8 to overcome pointer compression limits, refactoring internal code to replace redundant environment lookups with direct isolate and context calls, and updating source code to stop using deprecated V8 APIs. These changes improve performance, compatibility, and maintainability of the Node.js core.
- Security and Stability Fixes: A security vulnerability in the Buffer module is addressed by adding bounds validation and instance checks to prevent out-of-bounds memory access, enhancing Node.js's robustness against memory corruption and segmentation faults.
- Build and Workflow Automation: New GitHub Actions workflows are proposed and integrated, including a workflow for webpack automation and improvements to the inspector_protocol updater script to fix CI execution issues by removing unnecessary git checks. These changes aim to improve automation and continuous integration reliability.
- Code Quality and Compiler Warnings: A default branch is added to an enum switch-case to prevent compiler warnings, ensuring cleaner builds and future-proofing the code against new enum values.
- Unmerged Proposals: Several pull requests propose new files or features such as "DJCE MONTPELLIER," "s," and README.md updates, but these were not merged into the main branch.
3.3 Pull Request Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.
IV. Contributors
4.1 Contributors
Active Contributors:
We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.
If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.
| Contributor | Commits | Pull Requests | Issues | Comments |
|---|---|---|---|---|
| joyeecheung | 17 | 12 | 2 | 30 |
| jasnell | 29 | 12 | 2 | 17 |
| addaleax | 27 | 2 | 0 | 24 |
| aduh95 | 19 | 10 | 0 | 13 |
| legendecas | 20 | 9 | 0 | 12 |
| Renegade334 | 14 | 7 | 4 | 12 |
| richardlau | 7 | 4 | 2 | 15 |
| targos | 18 | 2 | 2 | 4 |
| gurgunday | 13 | 6 | 1 | 2 |
| RafaelGSS | 12 | 4 | 0 | 2 |