The Multi-Repository TypeScript Problem
Solving cross-repo type safety. - https://www.carrick.tools/blog/the-multi-repository-typescript-problem
#nodejs
Solving cross-repo type safety. - https://www.carrick.tools/blog/the-multi-repository-typescript-problem
#nodejs
www.carrick.tools
The Multi-Repository TypeScript Problem
Navigating Type Safety Across Service Boundaries
❤2
Sidequest.js: A New Scalable Job Execution Option for Node
A modern, scalable background job processor for Node apps that includes a Web-based dashboard, the ability to support multiple backends out of the box, and TS-first ergonomics. - https://sidequestjs.com/posts/intro-to-sidequest/
#nodejs
A modern, scalable background job processor for Node apps that includes a Web-based dashboard, the ability to support multiple backends out of the box, and TS-first ergonomics. - https://sidequestjs.com/posts/intro-to-sidequest/
#nodejs
👍3
Understanding Flame Graphs in Node.js - https://nodesource.com/blog/understanding-flame-graphs-in-nodejs
#nodejs
#nodejs
The NodeSource Blog - Node.js Tutorials, Guides, and Updates
Understanding Flame Graphs in Node.js (and How AI Makes Them Easier with N|Solid)
Flame graphs are one of the most powerful tools for understanding performance bottlenecks, but they can also be one of the hardest to read.
👍3
How We Migrated Our Rush.js Monorepo to Node Type Stripping
Since v23.6 (and in LTS since v22.18.0), Node has supported running (most) TypeScript code by stripping the types out first. The Calm team was excited about the potential for improving productivity and DX, and set a migration in process. Here’s a look at the challenges encountered and what the end results were - https://blog.calm.com/engineering/how-we-migrated-our-rushjs-monorepo-to-node-type-stripping
#nodejs
Since v23.6 (and in LTS since v22.18.0), Node has supported running (most) TypeScript code by stripping the types out first. The Calm team was excited about the potential for improving productivity and DX, and set a migration in process. Here’s a look at the challenges encountered and what the end results were - https://blog.calm.com/engineering/how-we-migrated-our-rushjs-monorepo-to-node-type-stripping
#nodejs
Calm Blog
How we migrated our Rush.js monorepo to Node type stripping — Calm Blog
A case study describing the business rationale, technical challenges, and impact of our migration to Node type stripping
❤1👍1
Speeding Up the JavaScript Ecosystem: Semver
The latest in Marvin’s multi-year series of posts on optimizing heavily used parts of the JavaScript ecosystem: “During the installation process, package managers run a bunch of semver comparisons. The semver library used in npm, yarn and pnpm can be made around 33x faster.” - https://marvinh.dev/blog/speeding-up-javascript-ecosystem-part-12/
#nodejs
The latest in Marvin’s multi-year series of posts on optimizing heavily used parts of the JavaScript ecosystem: “During the installation process, package managers run a bunch of semver comparisons. The semver library used in npm, yarn and pnpm can be made around 33x faster.” - https://marvinh.dev/blog/speeding-up-javascript-ecosystem-part-12/
#nodejs
marvinh.dev
Speeding up the JavaScript ecosystem - Semver
During the installation process, package managers run a bunch of semver comparisons. The semver library used in npm, yarn and pnpm can be made around 33x faster.
👍1
A Major Supply Chain Attack Hits the npm Ecosystem
In July, Socket warned us about a phishing campaign targeting npm package publishers. Sadly, a prolific package author (among others, like DuckDB, who explain how the attack worked on them) fell victim to the scam, resulting in some popular packages becoming compromised - https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
#nodejs
In July, Socket warned us about a phishing campaign targeting npm package publishers. Sadly, a prolific package author (among others, like DuckDB, who explain how the attack worked on them) fell victim to the scam, resulting in some popular packages becoming compromised - https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
#nodejs
Socket
npm Author Qix Compromised via Phishing Email in Major Suppl...
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
👍1
Bringing Node HTTP Servers to Cloudflare Workers
A few weeks ago we linked to an item that noticed Cloudflare Workers' local dev tools had begun to support Express.js apps – now support has come to Workers proper, with support for node:http’s client and server APIs if you enable Node.js compatibility. - https://blog.cloudflare.com/bringing-node-js-http-servers-to-cloudflare-workers/
#nodejs
A few weeks ago we linked to an item that noticed Cloudflare Workers' local dev tools had begun to support Express.js apps – now support has come to Workers proper, with support for node:http’s client and server APIs if you enable Node.js compatibility. - https://blog.cloudflare.com/bringing-node-js-http-servers-to-cloudflare-workers/
#nodejs
The Cloudflare Blog
Bringing Node.js HTTP servers to Cloudflare Workers
We've implemented the node:http client and server APIs in Cloudflare Workers, allowing developers to migrate existing Node.js applications with minimal code changes. This post explains how we built a bridge between the Workers serverless environment and Node.js's…
👍3
UDP in Node.js: A Technical Guide - https://nodevibe.substack.com/p/udp-in-nodejs-deep-technical-guide
#nodejs
#nodejs
Substack
UDP in Node.js: deep technical guide
Links that I found useful this week:
👍4
pnpm 10.16 Adds Support for Delayed Dependency Updates
The alternative efficient npm package manager has added a way to specify a ‘minimum release age’ for package dependencies, so a setting of ‘1440’ (minutes) will mean only packages released more than one day ago will be installed. This can help avoid malicious versions of packages which are quickly withdrawn. - https://pnpm.io/blog/releases/10.16
#nodejs
The alternative efficient npm package manager has added a way to specify a ‘minimum release age’ for package dependencies, so a setting of ‘1440’ (minutes) will mean only packages released more than one day ago will be installed. This can help avoid malicious versions of packages which are quickly withdrawn. - https://pnpm.io/blog/releases/10.16
#nodejs
pnpm.io
pnpm 10.16 | pnpm
Minor Changes
👍2
Oh No, Not Again: A Meditation on npm Supply Chain Attacks
Noting that “npm has become the largest and easiest way to ship malware”, Tane points a finger at Microsoft, the custodians of the npm registry. - https://tane.dev/2025/09/oh-no-not-again...-a-meditation-on-npm-supply-chain-attacks/
#nodejs
Noting that “npm has become the largest and easiest way to ship malware”, Tane points a finger at Microsoft, the custodians of the npm registry. - https://tane.dev/2025/09/oh-no-not-again...-a-meditation-on-npm-supply-chain-attacks/
#nodejs
tane.dev
Oh no, not again... a meditation on NPM supply chain attacks
For enterprise software, the software supply chain presents some of the biggiest risks today to data privacy and security.
👍1
How To Set-Up Express.js 5 for Production in 2025
A walkthrough of the basic dev process for the latest version of Express, complete with TypeScript, ESLint, Prettier, file structure, and logging. - https://www.reactsquad.io/blog/how-to-set-up-express-5-in-2025
#nodejs
A walkthrough of the basic dev process for the latest version of Express, complete with TypeScript, ESLint, Prettier, file structure, and logging. - https://www.reactsquad.io/blog/how-to-set-up-express-5-in-2025
#nodejs
www.reactsquad.io
How To Set Up Express 5 For Production In 2025
Learn how to build an Express 5 app with TypeScript. You'll set up a production-ready project with tools for linting, testing and more.
👍1
Automating the Release Process for a Desktop App with GitHub Actions
Dolt Workbench is an SQL workbench packaged as an Electron app and distributed for several platforms. Eric explains how the Dolt team has automated the process and shares the code for their GitHub workflows. - https://www.dolthub.com/blog/2025-09-11-automating-desktop-release-process/
#nodejs
Dolt Workbench is an SQL workbench packaged as an Electron app and distributed for several platforms. Eric explains how the Dolt team has automated the process and shares the code for their GitHub workflows. - https://www.dolthub.com/blog/2025-09-11-automating-desktop-release-process/
#nodejs
Dolthub
Automating the Release Process for a Desktop Application
We recently automated the release process for the Dolt Workbench desktop application using GitHub Actions. This article discusses how we did it.
👍2
The State of QUIC Support in Node.js
A look at the many year story of bringing native QUIC support to Node and how Node 25 should get the first implementation in place. - https://nodevibe.substack.com/p/state-of-quic-in-nodejs
#nodejs
A look at the many year story of bringing native QUIC support to Node and how Node 25 should get the first implementation in place. - https://nodevibe.substack.com/p/state-of-quic-in-nodejs
#nodejs
Substack
State of QUIC in Node.js
Links that I found interesting this week:
❤2