Weekly GitHub Report for Node: September 29, 2025 - October 06, 2025 (12:07:09)
Weekly GitHub Report for Node
Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.
Table of Contents
I. News
1.1 Recent Version Releases:
The current version of this repository is v23.10.0
1.2 Version Information:
Released on March 13, 2025, this version introduces the --experimental-config-file
feature, allowing developers to use JSON configuration files to simplify flag management for the test runner and other experimental features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, improved error handling, and various tooling and documentation enhancements.
II. Issues
2.1 Top 5 Active Issues:
We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.
-
Attempting to
console.log()
DOMException.prototype
throws error: This issue reports that attempting to useconsole.log()
onDOMException.prototype
in Node.js consistently throws aTypeError
because the internal inspection mechanism expects thethis
value to be aDOMException
instance. The user highlights that this behavior differs from browsers, where loggingDOMException.prototype
either outputsundefined
or behaves differently, and the discussion explores the relevant WebIDL specification and console standards to determine whether Node.js's behavior is appropriate or a bug.- The comments clarify that the error arises from Node.js's inspection process when accessing the
name
property onDOMException.prototype
, which is consistent with WebIDL's strict type checking but differs from browser consoles that handle this more leniently or silently. Participants agree that while Node.js's behavior is spec-compliant, it may not be ideal or user-friendly, leading to a consensus that this is not a spec violation but could be considered a usability bug within Node.js. - Number of comments this week: 6
- The comments clarify that the error arises from Node.js's inspection process when accessing the
-
More aggressive require(esm): This issue addresses the limitation in the current behavior of
require(esm)
when loading packages with conditional exports, where only certain conditions likerequire
,node
,node-addons
, andmodule-sync
are considered, causing some packages (e.g.,unicorn-magic
) to fail loading properly. The feature proposal suggests makingrequire(esm)
more aggressive by also testingimport
branches in the exports field to improve compatibility with packages primarily designed for ESM, even if they do not explicitly supportrequire
.- The comments discuss the problem of mismatched access patterns between CJS and ESM entry points, noting that packages should ideally support both but many do not. There is also mention of pipeline and release issues blocking progress, clarification on the intended use of
import
versusdefault
conditions, and a general consensus that while best practices exist, makingrequire(esm)
more flexible could improve usability with popular packages unlikely to be updated. - Number of comments this week: 5
- The comments discuss the problem of mismatched access patterns between CJS and ESM entry points, noting that packages should ideally support both but many do not. There is also mention of pipeline and release issues blocking progress, clarification on the intended use of
-
Shouldn't IncomingMessage
url
property be nameduri
instead?: This issue discusses whether theurl
property of thehttp.IncomingMessage
object in Node.js should be renamed touri
to more accurately reflect that it holds a URI rather than a full URL, as the current naming may cause confusion. The original poster highlights that the property value often represents a path or request-target, which is not a complete URL since it lacks protocol and hostname components, and proposes adding auri
property while deprecatingurl
in future versions.- The comments debate the distinction between URLs and URIs, with some arguing that the property value behaves like a URL in practical use, while others clarify that it is technically a request-target or path component derived from a URI, not a full URL. The discussion references relevant RFCs to explain the terminology and concludes that although
uri
might be more accurate, the termurl
is more familiar to developers and thus was chosen for the API. - Number of comments this week: 4
- The comments debate the distinction between URLs and URIs, with some arguing that the property value behaves like a URL in practical use, while others clarify that it is technically a request-target or path component derived from a URI, not a full URL. The discussion references relevant RFCs to explain the terminology and concludes that although
-
Warn when package.json contains an invalid "type" value: This issue addresses the need to warn or error when the "type" field in a package.json file contains an invalid value other than the accepted "commonjs" or "module" strings. The reporter experienced confusion because setting "CommonJS" (with incorrect casing) behaved similarly to leaving the field unset, triggering a warning instead of a hard failure, and proposes adding validation to catch such mistakes.
- The comments include an offer to implement the feature and a suggestion that the validation should be added in the BindingData:ReadPackageJSON function. The discussion clarifies the current behavior differences depending on the "type" value and notes that the TypeScript compiler may also check this field, though it is unclear if it performs its own validation.
- Number of comments this week: 3
-
parallel/test-fs-promises-watch-iterator is flaky: This issue reports flakiness in the parallel test
test-fs-promises-watch-iterator
on macOS, where the test intermittently times out due to a race condition causing some file watch events to be missed. The discussion centers on a proposed patch that adds a delay before writing files to reduce flakiness, with concerns about whether this change might invalidate the test or mask an underlying bug in the file watch iterator implementation.- The commenters reproduced the issue and identified a race condition causing missed events, suggesting a delay before file writes to stabilize the test. They debated whether moving the delay earlier in the test setup would preserve the test’s intent, ultimately agreeing that adding a sleep before starting file writes is appropriate and does not diminish the test’s effectiveness as long as no delay occurs between individual file writes.
- Number of comments this week: 1
2.2 Top 5 Stale Issues:
We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.
- Flaky GC-related tests with V8 12.2: This issue addresses flaky garbage collection (GC)-related tests that have become unreliable with the update to V8 version 12.2, specifically mentioning tests like
test-shadow-realm-gc-module
,test-shadow-realm-gc
, andtest-net-write-fully-async-hex-string
. The discussion suggests skipping these tests temporarily due to their instability caused by changes in V8's GC strategy, with plans to find a more reliable testing approach in the future. - Flaky
test-worker-arraybuffer-zerofill
with V8 12.2: This issue concerns the flaky behavior of thetest-worker-arraybuffer-zerofill
test when running with V8 version 12.2, where the test intermittently fails due to a timeout after approximately 300 seconds. The problem may stem from either a genuine bug or broken timing assumptions causing lost messages, and the current approach is to mark the test as flaky while adding additional logging to aid in debugging. - Support loading dynamic addon modules (
.node
files) when embedding the Node.js shared library without needing to link withnode.def
: This issue addresses the challenge of loading dynamic Node.js addon modules (.node
files) on Windows when Node.js is embedded as a shared library, without requiring the embedding executable to link against thenode.def
file to reexport necessary symbols. The proposed solution involves modifying the delay load hook to optionally use an environment variable to locate the Node.js shared library module handle, enabling addon modules to load correctly without explicit linking, though potential security concerns with this approach remain to be evaluated. - Please make Node.js embeddable (e.g. libnode): This issue requests the creation of an embeddable version of Node.js, such as a
libnode
library, to allow projects to integrate the Node.js runtime and standard library within other host environments, like Rust-based applications. The current lack of an official embeddable Node.js runtime forces developers to rely on incomplete alternatives, and this feature would enable better reuse of existing tooling and dependencies without requiring significant rewrites. - unable to sign with external OpenSSL engine after usage of crypto.hash: This issue describes a problem where signing data with an external OpenSSL engine (specifically the gost-engine) fails after using the
crypto.createHash
method in Node.js version 21.7.1 on a Linux Debian system. The user reports that while the signature process works correctly in earlier versions (v21.6.2 and before), it produces an "unsupported" error related to digital envelope routines in the newer versions, likely due to recent changes in the Node.js crypto subsystem.
2.3 Open Issues
This section lists, groups, and then summarizes issues that were created within the last week in the repository.
Issues Opened This Week: 15
Summarized Issues:
- Windows and PowerShell Execution Issues: The npm command fails to run on Windows systems with Node.js version 22 or higher when the PowerShell execution policy is set to "AllSigned" because the npm.ps1 script is not digitally signed, causing a security error that prevents script execution. Additionally, an unexpected app appears during search on Windows 11, indicating unexpected behavior on Windows platforms.
- issues/60075, issues/60078
- Child Process and Input Handling Limitations: The
child_process.exec
andexecFile
functions do not support setting thestdin
option to"ignore"
, causing commands expecting closed or ignored standard input to hang or time out. This limitation affects proper termination of such commands, impacting usability in certain workflows. - issues/60077
- Async Generator Stream Error Propagation: In Node.js version 22.5, errors thrown within composed async generator streams no longer propagate correctly, causing the stream to hang indefinitely or trigger warnings about unsettled top-level awaits. Earlier versions handled these errors properly, indicating a regression in error handling.
- issues/60083
- Package.json Type Field Validation: There is a proposal to add warnings or errors when the "type" field in package.json contains invalid values other than "commonjs" or "module" to prevent silent misconfigurations. Currently, invalid values lead to ambiguous behavior and warnings like MODULE_TYPELESS_PACKAGE_JSON.
- issues/60085
- Network Binding and Worker Process Restart Issues: During rolling restarts of worker processes switching network bindings between IPv6 and IPv4 unspecified addresses, only some processes successfully rebind while others fail and enter indefinite retry loops. This causes inconsistent and incomplete rebinding behavior affecting network reliability.
- issues/60086
- OpenSSL Compatibility and Test Failures: The
parallel/test-tls-ocsp-callback
test fails with a TypeError when Node.js is dynamically linked against OpenSSL 3.6.0 due to null value access. There is discussion about updating CI testing from unsupported OpenSSL 3.1 to 3.6 once compatibility is ensured. - issues/60088
- Windows Build Script Failures: Running the vcbuild.bat script on Windows 10 to build Node.js from source does not complete successfully, resulting in missing output and release folders. This prevents successful local builds on Windows environments.
- issues/60099
- Async Local Storage Backport Proposal: There is a proposal to backport the change setting
AsyncContextFrame
as the default for Async Local Storage from Node.js version 24 to version 22, as it has proven stable and safe without breaking changes. This would improve consistency across versions. - issues/60102
- Console Logging and DOMException Prototype Errors: Attempting to
console.log()
theDOMException.prototype
in Node.js throws aTypeError
due to invalidthis
value during property access, unlike browsers which handle this gracefully. This highlights discrepancies in Node.js's console and inspection utilities. - issues/60107
- ESM Package Exports Resolution Enhancement: A proposal suggests enhancing
require(esm)
in CommonJS modules to more aggressively resolve package exports by consideringimport
condition branches. This aims to improve compatibility with ESM packages lacking explicit support for current conditional exports resolution. - issues/60108
- Watch Mode Crash Handling Improvement: A proposal to add a
--watch-exitcrash
flag in--watch
mode addresses the issue where the node watch process crashes duringpnpm install
or upgrade and remains stuck without restarting. This would enable better crash handling with external process managers or container restarts. - issues/60109
- Compiler Warnings in QUIC Implementation: Compiler warnings occur in
quic/streams.cc
due to signed and unsigned integer comparisons, specifically between along long
stream ID and asize_t
constant, potentially causing type mismatch problems during compilation. - issues/60110
- QUIC Performance Optimization Suggestions: There is a suggestion to improve the performance of the
createBlobReaderStream
function in the QUIC implementation by refactoring to avoid recreating functions on every pull call. This could reduce function object creation and enhance efficiency for use cases like video streaming over webtransport. - issues/60117
- QUIC Protocol Testing and Development Tracking: A comprehensive checklist tracks testing of the QUIC protocol implementation, covering core features, session and stream management, datagram support, transport parameters, TLS integration, HTTP/3, error handling, interoperability, performance, API, integration, debugging, network environments, compliance, fuzzing, security, and documentation.
- issues/60122
2.4 Closed Issues
This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.
Issues Closed This Week: 1
Summarized Issues:
- Spam or Placeholder Issues: This issue appears to be a placeholder or spam entry with an email-like title and no additional description or comments. It lacks any substantive content or discussion, indicating it may not be a valid or actionable issue.
- issues/60076
2.5 Issue Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.
III. Pull Requests
3.1 Open Pull Requests
This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Opened This Week: 18
Key Open Pull Requests
1. deps: update V8 to 14.2: This pull request proposes updating the V8 JavaScript engine to version 14.2 in the Node.js project, incorporating performance improvements such as enhanced JSON.stringify
speed and new features like Uint8Array base64 and hex conversions, while also addressing compatibility issues, patching platform-specific bugs, and updating related build and test configurations.
- URL: pull/60111
- Merged: No
- Associated Commits: 7c74f, cd5bf, 66604, 6bd98, ddfb6, d2e38, 78dc0, c25e8, f1798, f633b, b5a1d, 230c8, efefa, 70024, bd68d, ad8d2, f7522, 67e03, f4285, 58b38
2. perf_hooks: fix stack overflow error: This pull request proposes an alternative fix to address a stack overflow error in the perf_hooks module, as discussed in a previous related pull request.
- URL: pull/60084
- Merged: No
3. lib: remove redundant destroyHook checks: This pull request aims to remove redundant checks related to destroyHook
in the Node.js asynchronous hooks implementation, specifically eliminating duplicate condition verifications already handled by emitDestroy
and addressing the incomplete invalid asyncId
check that did not account for undefined
values.
- URL: pull/60120
- Merged: No
Other Open Pull Requests
- Documentation updates: These pull requests update various documentation files by removing obsolete team references, correcting typographical errors, and clarifying stream type descriptions in child process options. They improve the accuracy and relevance of the collaborator guide and child process documentation.
[pull/60065, pull/60114]
- Dependency and tool updates: These pull requests update dependencies and tools, including upgrading undici to version 6.22.0 and adding cryptographic signature verification for nghttp-related tool updates. These changes enhance security and keep dependencies current.
[pull/60112, pull/60113]
- Bug fixes and performance improvements in core modules: Several pull requests address issues such as resource leaks in the HTTP client by handling multiple responses correctly, replacing the spread operator with Reflect.apply in timers for consistency, and fixing a compile warning in QUIC streams. These fixes improve stability and performance in core Node.js modules.
[pull/60062, pull/60063, pull/60118]
- V8 engine optimizations: These pull requests cherry-pick V8 commits that improve code caching by ignoring memory tuning flags in hash computation and introduce a fast case optimization for empty getOwnPropertySymbols() to speed up util.inspect and util.isDeepStrictEqual. These changes optimize runtime performance.
[pull/60069, pull/60105]
- Build and CI improvements: These pull requests fix the Windows build batch script to ensure it completes successfully by using the
call
command, mark a flaky test on macOS to reflect its instability, and propose running CI with shared libraries along with adding a nix shell for easier developer onboarding. These changes improve build reliability and developer experience.
[pull/60098, pull/60115, pull/60121]
- REPL input validation: This pull request backports a validation check for balanced parentheses in the REPL input to the v22.x branch, ensuring input is properly validated before processing. This enhances REPL robustness.
[pull/60066]
- Documentation title formatting: This pull request removes outlier optional title prefixes from documentation titles to enable stricter regular expressions in the doc-kit tool, improving documentation tooling consistency.
[pull/60087]
3.2 Closed Pull Requests
This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Closed This Week: 23
Key Closed Pull Requests
1. sxwx: This pull request titled "sxwx" appears to be a placeholder or test submission without a descriptive body or merged status, containing multiple unrelated commits primarily related to various updates and improvements in the Node.js project, including cryptography enhancements, documentation fixes, benchmark calibrations, and internal code refactoring, but it was not merged.
- URL: pull/60081
- Merged: No
- Associated Commits: 0fab1, 19d2c, 589ef, 52f61, d1eab, 28e6b, 8692e, f86b6, 62c62, 15ede, 323f1, 65858, 67226, 8eeb8, 7beb6, 886e4, ab699, d0022, 27e2d, 0a46a, ec8c7, 28948, 5c9db, 89067, c86c4, 83c95, ebd2d, 4e0af, bcb80, d3ac9, 34f9b, b1898, 42021, cc0cd, 48793, 28225, bfcba, fba8e, d08a1, 95bef, a240a, ac92c, fb614, cbabd, 5af03, 67cb0, 196f5, eefe3, f36de, 56b15, 5c38e, 49490, dddc4, fe1a2, b29c8, 45a8b, fb22c, 255dd, ff533, 96155, 737b4, 35053, 2ea31, 97df3, 5b32b, 5600c, b8fa2, a87f1, 3903e, 2258f, 3ffc3, 92f4c, c34b0, 66fcc, 6428e, 53818, 220ba, ac131, 29738, 07141, 22a86, 94422, fd6cc, 95ab4, e5113, 33e3e, 7a205, 88692, af4ea, 100c2, 4984b, d079d, 49f79, 0319b, 60c1f, 85db7, 14420, 5ed1a, 4ed9d, c8546, c8c6b, 58f40, 15c27, 7c2cb, f1a8f, 64a8b, 1ebe8, db926, e5960, f6ea5, c4626, 5c7b8, ed71a, f551c, 65bee, 97e55, f6f8e, 3a5c9, d9959, d9473, 57f61, c7b0d, 89793, 4612c, 36256, 2a0fc, 23880, f6d6b, 39d73, aa683, 1d8df, cb5c8, c81b1, 55cd2, 3e79d, ce748, 0ec1d, fe889, 327e1, 54c45, 81af7, 4396c, 3c0c1, 0a72b, 24ded, d2ff9, 96926, f4644, f5e2e, e9a09, 5ac6e, 4f4d5, 8ca5f, e4e86, b4908, 6ce89, 4dc19, 1e008, 43007, 0817b, eb1e6, 3312e, d3ee5, ce72f, 157cf, 2e5c8, 65a32, cff13, 3e1ad, c6316, 9ac57, b51fd, 93ee0, 07593, 41369, c2536, 3c36a, 5d1ad, e4e85, 77cf2, 0cc13, 2e2f4, 3b0b6, 1d494, f304b, 76e18, 4a9a0, b2170
2. src: avoid unnecessary string allocations in SPrintF impl: This pull request aims to improve the source code by making the ToLower and ToUpper functions accept more flexible input arguments such as std::string_view
and by optimizing the SPrintF implementation to avoid unnecessary string allocations by using std::string_view
instead of std::string
where possible.
- URL: pull/60052
- Merged: No
3. build: fix flags for ngtcp2 on IBM i: This pull request fixes build errors on the IBM i platform by adjusting network flags in the ngtcp2 dependency to account for unsupported flags like IPTOS_ECN_MASK, similar to the approach taken for AIX.
- URL: pull/60073
- Merged: Yes
Other Closed Pull Requests
- Code optimization and string handling improvements: Several pull requests focus on optimizing string handling and memory usage in the codebase. These include removing unnecessary dereferencing to avoid redundant
strlen()
calls, generatingstd::string
objects directly to prevent intermediate conversions, removing unnecessarystd::string
allocations for error messages, and modernizing functions to acceptstd::string_view
arguments instead of raw C strings.
[pull/60054, pull/60055, pull/60057, pull/60058]
- Code cleanup and macro improvements: Multiple pull requests address code cleanup by removing unused variables and shadowed functions, as well as improving macro definitions. These changes include removing unused variables identified by clang-tidy, removing shadowed functions already implemented in superclasses, and updating permission macros to prevent multiple evaluations and assumptions about namespaces.
[pull/60047, pull/60053, pull/60056]
- Documentation updates and reorganization: Some pull requests update and reorganize documentation files to improve clarity and accuracy. This includes reordering the ML-KEM entry in the asymmetric key types table by security strength, renaming and updating the synopsis documentation to "Start," and specifying the macOS version used for building releases.
[pull/60067, pull/60106, pull/60080]
- Test and CI stability improvements: One pull request addresses flaky tests on macOS x64 by marking them as flaky to prevent CI failures, particularly on macos15-x64 where these tests consistently fail and block full CI runs.
[pull/60068]
- Project governance update: A pull request formally moves Michael Dawson to emeritus status on the Node.js Technical Steering Committee due to his reduced availability to contribute.
[pull/60070]
- Module system fix: A pull request fixes the issue of importing CommonJS modules synchronously by implementing a fix that ensures synchronous loading of CJS modules when importing CommonJS test suites.
[pull/60071]
- Build environment updates: Two pull requests update build-related configurations, including raising the minimum required Xcode version to 16.4 and specifying the macOS version used for building releases.
[pull/60079, pull/60080]
- New asynchronous logging utility: One pull request proposes the creation of a new asynchronous
util.log
function designed to provide memory-efficient logging through buffering and batch writes, addressing performance issues discussed in related Node.js threads.
[pull/60116]
- Bug fix for async context handling: A pull request fixes a crash caused by an undefined asyncId under the
unhandled-rejections=strict
mode by correcting asyncContext handling.
[pull/60103]
- Minor README updates: Two pull requests propose minimal updates to the README.md file but were not merged into the main project.
[pull/60104, pull/60119]
- Placeholder/test pull request: One pull request titled "123" appears to be a placeholder or test submission with minimal description and no merged status.
[pull/60071]
3.3 Pull Request Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.
IV. Contributors
4.1 Contributors
Active Contributors:
We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.
If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.
Contributor | Commits | Pull Requests | Issues | Comments |
---|---|---|---|---|
addaleax | 34 | 10 | 0 | 31 |
jasnell | 42 | 10 | 2 | 18 |
targos | 31 | 6 | 1 | 9 |
joyeecheung | 22 | 7 | 0 | 8 |
aduh95 | 17 | 6 | 0 | 13 |
Renegade334 | 18 | 5 | 0 | 9 |
legendecas | 15 | 4 | 0 | 12 |
gurgunday | 16 | 7 | 1 | 2 |
miguelmarcondesf | 16 | 1 | 0 | 7 |
richardlau | 10 | 4 | 1 | 9 |