Weekly Project News

Subscribe
Archives

Weekly GitHub Report for Node: September 29, 2025 - October 06, 2025 (12:02:46)

Weekly GitHub Report for Node

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.


Table of Contents

  • I. News
    • 1.1. Recent Version Releases
    • 1.2. Other Noteworthy Updates
  • II. Issues
    • 2.1. Top 5 Active Issues
    • 2.2. Top 5 Stale Issues
    • 2.3. Open Issues
    • 2.4. Closed Issues
    • 2.5. Issue Discussion Insights
  • III. Pull Requests
    • 3.1. Open Pull Requests
    • 3.2. Closed Pull Requests
    • 3.3. Pull Request Discussion Insights
  • IV. Contributors
    • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v23.10.0

1.2 Version Information:

Released on March 13, 2025, this version introduces the --experimental-config-file feature, allowing developers to use JSON configuration files to simplify flag management for the test runner and other experimental features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, improved error handling, and various tooling and documentation enhancements.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

  1. Attempting to console.log() DOMException.prototype throws error: This issue reports that attempting to use console.log() on DOMException.prototype in Node.js consistently throws a TypeError because the internal inspection mechanism expects the this value to be a DOMException instance. The user highlights that this behavior differs from browsers, where logging DOMException.prototype either outputs undefined or behaves differently, and the discussion explores the relevant WebIDL specification and console standards to determine whether Node.js's behavior is appropriate or a bug.

    • The comments clarify that the error arises from Node.js's inspection process when accessing the name property on DOMException.prototype, which is consistent with WebIDL's strict type checking but differs from browser consoles that handle this more leniently or silently. Participants agree that while Node.js's behavior is spec-compliant, it may not be ideal or user-friendly, leading to a consensus that this is not a spec violation but could be considered a usability bug within Node.js.
    • Number of comments this week: 6
  2. More aggressive require(esm): This issue addresses the limitation in the current behavior of require(esm) when loading packages with conditional exports, where only certain conditions like require, node, node-addons, and module-sync are considered, causing some packages (e.g., unicorn-magic) to fail loading properly. The feature proposal suggests making require(esm) more aggressive by also testing import branches in the exports field to improve compatibility with packages primarily designed for ESM, even if they do not explicitly support require.

    • The comments discuss the problem of mismatched access patterns between CJS and ESM entry points, noting that packages should ideally support both but many do not. There is also mention of pipeline and release issues blocking progress, clarification on the intended use of import versus default conditions, and a general consensus that while best practices exist, making require(esm) more flexible could improve usability with popular packages unlikely to be updated.
    • Number of comments this week: 5
  3. Shouldn't IncomingMessage url property be named uri instead?: This issue discusses whether the url property of the http.IncomingMessage object in Node.js should be renamed to uri to more accurately reflect that it holds a URI rather than a full URL, as the current naming may cause confusion. The original poster highlights that the property value often represents a path or request-target, which is not a complete URL since it lacks protocol and hostname components, and proposes adding a uri property while deprecating url in future versions.

    • The comments debate the distinction between URLs and URIs, with some arguing that the property value behaves like a URL in practical use, while others clarify that it is technically a request-target or path component derived from a URI, not a full URL. The discussion references relevant RFCs to explain the terminology and concludes that although uri might be more accurate, the term url is more familiar to developers and thus was chosen for the API.
    • Number of comments this week: 4
  4. Warn when package.json contains an invalid "type" value: This issue addresses the need to warn or error when the "type" field in a package.json file contains an invalid value other than the accepted "commonjs" or "module" strings. The reporter experienced confusion because setting "CommonJS" (with incorrect casing) behaved similarly to leaving the field unset, triggering a warning instead of a hard failure, and proposes adding validation to catch such mistakes.

    • The comments include an offer to implement the feature and a suggestion that the validation should be added in the BindingData:ReadPackageJSON function. The discussion clarifies the current behavior differences depending on the "type" value and notes that the TypeScript compiler may also check this field, though it is unclear if it performs its own validation.
    • Number of comments this week: 3
  5. parallel/test-fs-promises-watch-iterator is flaky: This issue reports flakiness in the parallel test test-fs-promises-watch-iterator on macOS, where the test intermittently times out due to a race condition causing some file watch events to be missed. The discussion centers on a proposed patch that adds a delay before writing files to reduce flakiness, with concerns about whether this change might invalidate the test or mask an underlying bug in the file watch iterator implementation.

    • The commenters reproduced the issue and identified a race condition causing missed events, suggesting a delay before file writes to stabilize the test. They debated whether moving the delay earlier in the test setup would preserve the test’s intent, ultimately agreeing that adding a sleep before starting file writes is appropriate and does not diminish the test’s effectiveness as long as no delay occurs between individual file writes.
    • Number of comments this week: 1

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

  1. Flaky GC-related tests with V8 12.2: This issue addresses flaky garbage collection (GC)-related tests that have become unreliable with the update to V8 version 12.2, specifically mentioning tests like test-shadow-realm-gc-module, test-shadow-realm-gc, and test-net-write-fully-async-hex-string. The discussion suggests skipping these tests temporarily due to their instability caused by changes in V8's GC strategy, with plans to find a more reliable testing approach in the future.
  2. Flaky test-worker-arraybuffer-zerofill with V8 12.2: This issue concerns the flaky behavior of the test-worker-arraybuffer-zerofill test when running with V8 version 12.2, where the test intermittently fails due to a timeout after approximately 300 seconds. The problem may stem from either a genuine bug or broken timing assumptions causing lost messages, and the current approach is to mark the test as flaky while adding additional logging to aid in debugging.
  3. Support loading dynamic addon modules (.node files) when embedding the Node.js shared library without needing to link with node.def: This issue addresses the challenge of loading dynamic Node.js addon modules (.node files) on Windows when Node.js is embedded as a shared library, without requiring the embedding executable to link against the node.def file to reexport necessary symbols. The proposed solution involves modifying the delay load hook to optionally use an environment variable to locate the Node.js shared library module handle, enabling addon modules to load correctly without explicit linking, though potential security concerns with this approach remain to be evaluated.
  4. Please make Node.js embeddable (e.g. libnode): This issue requests the creation of an embeddable version of Node.js, such as a libnode library, to allow projects to integrate the Node.js runtime and standard library within other host environments, like Rust-based applications. The current lack of an official embeddable Node.js runtime forces developers to rely on incomplete alternatives, and this feature would enable better reuse of existing tooling and dependencies without requiring significant rewrites.
  5. unable to sign with external OpenSSL engine after usage of crypto.hash: This issue describes a problem where signing data with an external OpenSSL engine (specifically the gost-engine) fails after using the crypto.createHash method in Node.js version 21.7.1 on a Linux Debian system. The user reports that while the signature process works correctly in earlier versions (v21.6.2 and before), it produces an "unsupported" error related to digital envelope routines in the newer versions, likely due to recent changes in the Node.js crypto subsystem.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 15

Summarized Issues:

  • Windows and PowerShell Execution Issues: The npm command fails to run on Windows systems with Node.js version 22 or higher when the PowerShell execution policy is set to "AllSigned" because the npm.ps1 script is not digitally signed, causing a security error that prevents script execution. Additionally, an unexpected app appears during search on Windows 11, indicating unexpected behavior on Windows platforms.
  • issues/60075, issues/60078
  • Child Process and Input Handling Limitations: The child_process.exec and execFile functions do not support setting the stdin option to "ignore", causing commands expecting closed or ignored standard input to hang or time out. This limitation affects proper termination of such commands, impacting usability in certain workflows.
  • issues/60077
  • Async Generator Stream Error Propagation: In Node.js version 22.5, errors thrown within composed async generator streams no longer propagate correctly, causing the stream to hang indefinitely or trigger warnings about unsettled top-level awaits. Earlier versions handled these errors properly, indicating a regression in error handling.
  • issues/60083
  • Package.json Type Field Validation: There is a proposal to add warnings or errors when the "type" field in package.json contains invalid values other than "commonjs" or "module" to prevent silent misconfigurations. Currently, invalid values lead to ambiguous behavior and warnings like MODULE_TYPELESS_PACKAGE_JSON.
  • issues/60085
  • Network Binding and Worker Process Restart Issues: During rolling restarts of worker processes switching network bindings between IPv6 and IPv4 unspecified addresses, only some processes successfully rebind while others fail and enter indefinite retry loops. This causes inconsistent and incomplete rebinding behavior affecting network reliability.
  • issues/60086
  • OpenSSL Compatibility and Test Failures: The parallel/test-tls-ocsp-callback test fails with a TypeError when Node.js is dynamically linked against OpenSSL 3.6.0 due to null value access. There is discussion about updating CI testing from unsupported OpenSSL 3.1 to 3.6 once compatibility is ensured.
  • issues/60088
  • Windows Build Script Failures: Running the vcbuild.bat script on Windows 10 to build Node.js from source does not complete successfully, resulting in missing output and release folders. This prevents successful local builds on Windows environments.
  • issues/60099
  • Async Local Storage Backport Proposal: There is a proposal to backport the change setting AsyncContextFrame as the default for Async Local Storage from Node.js version 24 to version 22, as it has proven stable and safe without breaking changes. This would improve consistency across versions.
  • issues/60102
  • Console Logging and DOMException Prototype Errors: Attempting to console.log() the DOMException.prototype in Node.js throws a TypeError due to invalid this value during property access, unlike browsers which handle this gracefully. This highlights discrepancies in Node.js's console and inspection utilities.
  • issues/60107
  • ESM Package Exports Resolution Enhancement: A proposal suggests enhancing require(esm) in CommonJS modules to more aggressively resolve package exports by considering import condition branches. This aims to improve compatibility with ESM packages lacking explicit support for current conditional exports resolution.
  • issues/60108
  • Watch Mode Crash Handling Improvement: A proposal to add a --watch-exitcrash flag in --watch mode addresses the issue where the node watch process crashes during pnpm install or upgrade and remains stuck without restarting. This would enable better crash handling with external process managers or container restarts.
  • issues/60109
  • Compiler Warnings in QUIC Implementation: Compiler warnings occur in quic/streams.cc due to signed and unsigned integer comparisons, specifically between a long long stream ID and a size_t constant, potentially causing type mismatch problems during compilation.
  • issues/60110
  • QUIC Performance Optimization Suggestions: There is a suggestion to improve the performance of the createBlobReaderStream function in the QUIC implementation by refactoring to avoid recreating functions on every pull call. This could reduce function object creation and enhance efficiency for use cases like video streaming over webtransport.
  • issues/60117
  • QUIC Protocol Testing and Development Tracking: A comprehensive checklist tracks testing of the QUIC protocol implementation, covering core features, session and stream management, datagram support, transport parameters, TLS integration, HTTP/3, error handling, interoperability, performance, API, integration, debugging, network environments, compliance, fuzzing, security, and documentation.
  • issues/60122

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 1

Summarized Issues:

  • Spam or Placeholder Issues: This issue appears to be a placeholder or spam entry with an email-like title and no additional description or comments. It lacks any substantive content or discussion, indicating it may not be a valid or actionable issue.
  • issues/60076

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.


III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 18

Key Open Pull Requests

1. deps: update V8 to 14.2: This pull request proposes updating the V8 JavaScript engine to version 14.2 in the Node.js project, incorporating performance improvements such as enhanced JSON.stringify speed and new features like Uint8Array base64 and hex conversions, while also addressing compatibility issues, patching platform-specific bugs, and updating related build and test configurations.

  • URL: pull/60111
  • Merged: No
  • Associated Commits: 7c74f, cd5bf, 66604, 6bd98, ddfb6, d2e38, 78dc0, c25e8, f1798, f633b, b5a1d, 230c8, efefa, 70024, bd68d, ad8d2, f7522, 67e03, f4285, 58b38

2. perf_hooks: fix stack overflow error: This pull request proposes an alternative fix to address a stack overflow error in the perf_hooks module, as discussed in a previous related pull request.

  • URL: pull/60084
  • Merged: No
  • Associated Commits: cf7a7, d5b5e, 02feb

3. lib: remove redundant destroyHook checks: This pull request aims to remove redundant checks related to destroyHook in the Node.js asynchronous hooks implementation, specifically eliminating duplicate condition verifications already handled by emitDestroy and addressing the incomplete invalid asyncId check that did not account for undefined values.

  • URL: pull/60120
  • Merged: No
  • Associated Commits: 77234, 32376, 0255b

Other Open Pull Requests

  • Documentation updates: These pull requests update various documentation files by removing obsolete team references, correcting typographical errors, and clarifying stream type descriptions in child process options. They improve the accuracy and relevance of the collaborator guide and child process documentation.
    [pull/60065, pull/60114]
  • Dependency and tool updates: These pull requests update dependencies and tools, including upgrading undici to version 6.22.0 and adding cryptographic signature verification for nghttp-related tool updates. These changes enhance security and keep dependencies current.
    [pull/60112, pull/60113]
  • Bug fixes and performance improvements in core modules: Several pull requests address issues such as resource leaks in the HTTP client by handling multiple responses correctly, replacing the spread operator with Reflect.apply in timers for consistency, and fixing a compile warning in QUIC streams. These fixes improve stability and performance in core Node.js modules.
    [pull/60062, pull/60063, pull/60118]
  • V8 engine optimizations: These pull requests cherry-pick V8 commits that improve code caching by ignoring memory tuning flags in hash computation and introduce a fast case optimization for empty getOwnPropertySymbols() to speed up util.inspect and util.isDeepStrictEqual. These changes optimize runtime performance.
    [pull/60069, pull/60105]
  • Build and CI improvements: These pull requests fix the Windows build batch script to ensure it completes successfully by using the call command, mark a flaky test on macOS to reflect its instability, and propose running CI with shared libraries along with adding a nix shell for easier developer onboarding. These changes improve build reliability and developer experience.
    [pull/60098, pull/60115, pull/60121]
  • REPL input validation: This pull request backports a validation check for balanced parentheses in the REPL input to the v22.x branch, ensuring input is properly validated before processing. This enhances REPL robustness.
    [pull/60066]
  • Documentation title formatting: This pull request removes outlier optional title prefixes from documentation titles to enable stricter regular expressions in the doc-kit tool, improving documentation tooling consistency.
    [pull/60087]

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 23

Key Closed Pull Requests

1. sxwx: This pull request titled "sxwx" appears to be a placeholder or test submission without a descriptive body or merged status, containing multiple unrelated commits primarily related to various updates and improvements in the Node.js project, including cryptography enhancements, documentation fixes, benchmark calibrations, and internal code refactoring, but it was not merged.

  • URL: pull/60081
  • Merged: No
  • Associated Commits: 0fab1, 19d2c, 589ef, 52f61, d1eab, 28e6b, 8692e, f86b6, 62c62, 15ede, 323f1, 65858, 67226, 8eeb8, 7beb6, 886e4, ab699, d0022, 27e2d, 0a46a, ec8c7, 28948, 5c9db, 89067, c86c4, 83c95, ebd2d, 4e0af, bcb80, d3ac9, 34f9b, b1898, 42021, cc0cd, 48793, 28225, bfcba, fba8e, d08a1, 95bef, a240a, ac92c, fb614, cbabd, 5af03, 67cb0, 196f5, eefe3, f36de, 56b15, 5c38e, 49490, dddc4, fe1a2, b29c8, 45a8b, fb22c, 255dd, ff533, 96155, 737b4, 35053, 2ea31, 97df3, 5b32b, 5600c, b8fa2, a87f1, 3903e, 2258f, 3ffc3, 92f4c, c34b0, 66fcc, 6428e, 53818, 220ba, ac131, 29738, 07141, 22a86, 94422, fd6cc, 95ab4, e5113, 33e3e, 7a205, 88692, af4ea, 100c2, 4984b, d079d, 49f79, 0319b, 60c1f, 85db7, 14420, 5ed1a, 4ed9d, c8546, c8c6b, 58f40, 15c27, 7c2cb, f1a8f, 64a8b, 1ebe8, db926, e5960, f6ea5, c4626, 5c7b8, ed71a, f551c, 65bee, 97e55, f6f8e, 3a5c9, d9959, d9473, 57f61, c7b0d, 89793, 4612c, 36256, 2a0fc, 23880, f6d6b, 39d73, aa683, 1d8df, cb5c8, c81b1, 55cd2, 3e79d, ce748, 0ec1d, fe889, 327e1, 54c45, 81af7, 4396c, 3c0c1, 0a72b, 24ded, d2ff9, 96926, f4644, f5e2e, e9a09, 5ac6e, 4f4d5, 8ca5f, e4e86, b4908, 6ce89, 4dc19, 1e008, 43007, 0817b, eb1e6, 3312e, d3ee5, ce72f, 157cf, 2e5c8, 65a32, cff13, 3e1ad, c6316, 9ac57, b51fd, 93ee0, 07593, 41369, c2536, 3c36a, 5d1ad, e4e85, 77cf2, 0cc13, 2e2f4, 3b0b6, 1d494, f304b, 76e18, 4a9a0, b2170

2. src: avoid unnecessary string allocations in SPrintF impl: This pull request aims to improve the source code by making the ToLower and ToUpper functions accept more flexible input arguments such as std::string_view and by optimizing the SPrintF implementation to avoid unnecessary string allocations by using std::string_view instead of std::string where possible.

  • URL: pull/60052
  • Merged: No
  • Associated Commits: a0c6a, c9bad

3. build: fix flags for ngtcp2 on IBM i: This pull request fixes build errors on the IBM i platform by adjusting network flags in the ngtcp2 dependency to account for unsupported flags like IPTOS_ECN_MASK, similar to the approach taken for AIX.

  • URL: pull/60073
  • Merged: Yes
  • Associated Commits: a1d62, 2ea85

Other Closed Pull Requests

  • Code optimization and string handling improvements: Several pull requests focus on optimizing string handling and memory usage in the codebase. These include removing unnecessary dereferencing to avoid redundant strlen() calls, generating std::string objects directly to prevent intermediate conversions, removing unnecessary std::string allocations for error messages, and modernizing functions to accept std::string_view arguments instead of raw C strings.
    [pull/60054, pull/60055, pull/60057, pull/60058]
  • Code cleanup and macro improvements: Multiple pull requests address code cleanup by removing unused variables and shadowed functions, as well as improving macro definitions. These changes include removing unused variables identified by clang-tidy, removing shadowed functions already implemented in superclasses, and updating permission macros to prevent multiple evaluations and assumptions about namespaces.
    [pull/60047, pull/60053, pull/60056]
  • Documentation updates and reorganization: Some pull requests update and reorganize documentation files to improve clarity and accuracy. This includes reordering the ML-KEM entry in the asymmetric key types table by security strength, renaming and updating the synopsis documentation to "Start," and specifying the macOS version used for building releases.
    [pull/60067, pull/60106, pull/60080]
  • Test and CI stability improvements: One pull request addresses flaky tests on macOS x64 by marking them as flaky to prevent CI failures, particularly on macos15-x64 where these tests consistently fail and block full CI runs.
    [pull/60068]
  • Project governance update: A pull request formally moves Michael Dawson to emeritus status on the Node.js Technical Steering Committee due to his reduced availability to contribute.
    [pull/60070]
  • Module system fix: A pull request fixes the issue of importing CommonJS modules synchronously by implementing a fix that ensures synchronous loading of CJS modules when importing CommonJS test suites.
    [pull/60071]
  • Build environment updates: Two pull requests update build-related configurations, including raising the minimum required Xcode version to 16.4 and specifying the macOS version used for building releases.
    [pull/60079, pull/60080]
  • New asynchronous logging utility: One pull request proposes the creation of a new asynchronous util.log function designed to provide memory-efficient logging through buffering and batch writes, addressing performance issues discussed in related Node.js threads.
    [pull/60116]
  • Bug fix for async context handling: A pull request fixes a crash caused by an undefined asyncId under the unhandled-rejections=strict mode by correcting asyncContext handling.
    [pull/60103]
  • Minor README updates: Two pull requests propose minimal updates to the README.md file but were not merged into the main project.
    [pull/60104, pull/60119]
  • Placeholder/test pull request: One pull request titled "123" appears to be a placeholder or test submission with minimal description and no merged status.
    [pull/60071]

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.


IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.

Contributor Commits Pull Requests Issues Comments
addaleax 34 10 0 31
jasnell 42 10 2 18
targos 31 6 1 9
joyeecheung 22 7 0 8
aduh95 17 6 0 13
Renegade334 18 5 0 9
legendecas 15 4 0 12
gurgunday 16 7 1 2
miguelmarcondesf 16 1 0 7
richardlau 10 4 1 9

Don't miss what's next. Subscribe to Weekly Project News:
Powered by Buttondown, the easiest way to start and grow your newsletter.