(Although if they can get us singing robots the next time, that will surely save us from the torture from all these actors with zero singing skills lip-syncing to their lifeless recordings)
The nerd in me: this is cool
The Chinese in me: Nice try. Robot dancing doesnโt save how boring the Spring Festival Gala has become.
Landed initial support for ESM in Node.js SEA: github.com/nodejs/node/...
Similar to CJS entrypoints, it only supports importing builtins, so generally require bundling. @nodeland.dev is working on support for VFS in SEA that will unlock loading other modules within SEA github.com/nodejs/node/...
(Plug: or you can come to my town webengineshackfest.org )
Sounds like a cool idea, though I am more in the camp of โa town reachable by trainโ than โa castle that needs to be reached by carโ ;)
I got thanked with good karma on GitHub.
Failed catastrophically at the โdonโt look at GitHubโ weekend challenge.
But on the bright sideโฆ
Started iteration on ESM support in the Node.js embedder API with new overloads that likely will be less prone to ABI breakages as more features are added..
github.com/nodejs/node/...
Initial support has released in 25.6.0
nodejs.org/en/blog/rele...
Or you need to step up your game in Spanish ๐ febrile -> febril
This was fun to hack on - a gdb unwinder for V8 JIT-compiled frames on x64.
chromium-review.googlesource.com/c/v8/v8/+/75...
Also interesting to learn this trick from the gdb source: caller's rsp before call = callee's rbp + 16, and this seems to be a conventional CFA in debuggers
I think I figured out what's going on. Here is another blog post about tinkering with Node.js Core on ARM64 Windows (and tips about reducing the wait time on Windows) joyeecheung.github.io/blog/2026/01...
New blog post on the journey of the new --build-sea flag and how SEA injection works
joyeecheung.github.io/blog/2026/01...
This just landed! Thanks @addaleax.bsky.social and @legendecas.bsky.social for the reviews! It will be out in the next semver-minor release of 25, and likely backportable to older LTS - the new workflow is a compatible improvement to the existing postject-based SEA building workflows from v18.x.
To be fair I think it doesnโt need to be me, it just needs a contributor with enough time and energy and hopefully who can do it at work hours (I did, thanks to sponsorship by Bloomberg). The slow progress of Node.js development largely comes from lack of contributors, especially funded ones
Following the naming scheme that Elon Musk also used to name his own children already feels like biting the bait, when that platform didnโt even get built as X originally in the first place ๐
Good read. A submission to the European Commission's call for evidence on Towards European Open Digital Ecosystems (importance of OSS for EU tech sovereignty, security and competitiveness). It ends with:
> If you work in OSS, consider adding your voice. The feedback period ends February 3, 2026.
I think with the direction this PR is going, there's supposedly a way out of this: instead of relying on system APIs to load the addons (e.g. with memfd_create + dlopen on Linux, but not available on Windows), we can build custom loaders and map the libraries ourselves, or at least fallback to that
Now is the time to realize I have been compiling with host arch = x64 the whole time because for whatever reason I have been using x64 python the whole time to run the configure script ๐
They are mostly already on v24, the changes are primarily just flipping the status in the documentation.
Also @aditeigh.bsky.social and I are looking into what else need to be done to enable built-in http proxy support and custom/system CA support by default, hopefully in 26 and possibly as semver-major. Tracking issues:
github.com/nodejs/node/...
github.com/nodejs/node/...
v8.queryObjects(): I wrote about the motivation of this API for more reliable memory leak testing in joyeecheung.github.io/blog/2024/03...
--heapsnapshot-near-heap-limit: see documentation here: nodejs.org/api/cli.html...
Startup snapshot APIs: I gave a talk about this a few years ago at Node Congress: gitnation.com/contents/nod...
There are several features that have been stable de facto, but nobody remembered to send a PR to bump the stability index ๐
I marked them in bulk while I was at it.
crypto.hash(): a faster alternative to crypto.createHash() for one-shot hashing. See github.com/nodejs/perfo...
Then there are also the module compile cache going stable and module.registerHooks() becoming release candidate. I gave a talk at JSConf Japan recently covering the evolution of these features: www.youtube.com/watch?v=MYVn...
First and likely the most anticipated, marking require(esm) as stable. I wrote a blog post about the journey of it going from experiment to stability: joyeecheung.github.io/blog/2025/12...
This release contains a bunch of PRs I recently submitted to mark features I contributed to as stable/release candidate. Here is a thread about them ๐งต:
I believe thatโs one of the several projects that inspired nodejs.org/api/single-e... (note that this feature has existed since v18, the PR merely moves the injection process into core). The difference is that SEA building does not require installing compilers, itโs just binary surgery
This is a mitigation, not a guarantee.
Stack space exhaustion recovery is NOT specified by ECMAScript. V8 does it on a best-effort basis.
If the recursion depth can be controlled by attackers, explicitly limit the depth.
This is what the React and Next.js teams fixed in vercel.com/kb/bulletin/....
We appreciate your patience and understanding as we work to deliver a secure and reliable release.
Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address:
- 3 high severity issues
- 4 medium severity issues
- 1 low severity issue
nodejs.org/en/blog/vuln...
The Node.js package configuration guide is now live! ๐
Whether you're creating your first package or migrating to ESM, this guide walks you through it with examples.
https://nodejs.github.io/package-examples
If you mean first week of March then I might have a conflict ๐ฅน
Although I am thinking about writing a blog post on it, because I keep forgetting how it works whenever I take a break from helping out with SEAโฆ.and I only help out at a rate of once a month/two months, so the memory is very patchy
