QR Code
OWT Web Services       http://owtweb.com
[Skip to Content]

Industry News

10/02/2025





















#​755 — October 3, 2025

Read on the Web





JavaScript Weekly








The State of JavaScript 2025 Survey — Each year, Devographics runs an epic survey of as many JavaScript community members as it can and turns the results into an interesting report on the state of the ecosystem – here’s the results from 2024. If you have the time, fill it in, especially as they format it in a way where you can actually learn about stuff as you go.


Devographics






React 19.2 Released — The third release in a year for React, this time introducing new features like <Activity /> (a way to hide and restore the UI and internal state of its children), useEffectEvent, and improvements to Chrome DevTools' performance profiles so you can see more about React’s scheduling and the tree of components it’s working with. Oh, and how about partial pre-rendering?


The React Team






Don’t miss The AI Security Developers Challenge at DevSecCon on Oct 22, 2025 — Participate in the hands-on developer challenge workshop 💻at DevSecCon and get a chance to team up with industry experts from around the globe 🌎. Register for free and walk away with practical tips you can apply directly to your projects 🚀.


Snyk sponsor




IN BRIEF:



RELEASES:




📖  Articles and Videos








How Deno Protects Against npm Exploits — The maintainers of the Deno runtime reflect on the recent npm ecosystem security issues and show off how Deno’s non-permissive explicit ‘secure by default’ model can help.


Andy Jiang






Cleaning House in Nx Monorepo: How I Removed 120 Unused Deps Safely — Another win (mostly) for Knip, a tool that helps you declutter projects by finding unused dependencies.


John James






Tests Are Dead. Meticulous Is Here — Meticulous automatically creates and maintains an E2E UI test suite with zero developer effort.


Meticulous sponsor






You Can Now Make PS2 Games in JavaScript — Last week we mentioned running JavaScript in MS-DOS but you can take it to Sony’s Playstation 2 as well using a system built upon QuickJS.


JSLegendDev






How to Detect Safari and iOS Versions from JavaScript — Naturally, progressive enhancement is the best policy, but if you need to..


Evgeniy Valyaev






Mastering npx: A Cheatsheet for npm and Node Power Users — You’ve almost certainly used the npx command to easily run a command from an npm package (either local or remote) – it’s easy to use, but npx has a couple of other features and options to keep in mind.


Liran Tal




📄 Why Next.js Falls Short on Software Engineering Harshal Patil


📄 @ts-ignore is Almost Always the Worst Option – Prefer any and @ts-expect-error, says the author. Evan Hahn


📄 I Want to Intercept Boolean Coercion for Objects in JavaScript Zach Leatherman



🛠 Code & Tools





qjs: Run JavaScript in Go using QuickJS and Wazero — A new Cgo-free JavaScript runtime option for integrating JavaScript into apps written in Go. It uses a fork of QuickJS that’s compiled to WebAssembly and then run using Wazero.


Nguyen Ngoc Phuong and Contributors




💡 If you happen to be a Go developer, we have a sister newsletter for that!





Diagramming Library for the Enterprise? Use JointJS — Cut dev time 12x with JointJS, the most feature-rich diagramming library trusted by Fortune 100 companies.


JointJS sponsor






SpaceTime 7.11: A Lightweight Timezone Library — Use this to calculate times in other timezones. Has a Moment-like API but is immutable. No dependencies. GitHub repo.


Spencer Kelly






Jeasx: A Lightweight SSR Framework That Uses JSX — A server side rendering framework built on top of JSX and Fastify. It doesn’t use React, but if you want to keep using JSX while keeping your server side lightweight, it’s an option. The JSX functionality is provided by the author’s jsx-async-runtime package. v1.9 was just released.


Maik Jablonski






📊 Vue ECharts 8.0: Vue.js Component for Apache EChartsApache ECharts is a popular, powerful JavaScript charting library we’ve linked many times and this project makes it easier to use in Vue.js apps. v8.0 upgrades to ECharts 6.0. GitHub repo.


GU Yiling and ECOMFE






modern-tar: Zero-Dependency Streaming tar Parser and Writer — As in the classic tar archive format.


Ayuhito










📰 Classifieds




🚀 FastCI: How to double the speed of your Continuous Integration with a 2-minute setup.



At Holepunch we maintain 2000+ OSS npm packages, make the JS runtime Bare to build the P2P Internet. Real tech, Real impact. Join us!







🕰  ICYMI (Some older stuff that may catch your eye...)



🛣️ Sean C Davis runs through strategies for managing routes in JavaScript projects — good, practical advice for establishing a consistent workflow and improve overall maintainability.


🦆 Remember Duck Hunt for the NES? Well, ▶️ here's a lengthy video looking at how to recreate it in TypeScript.


🛠️ Chizaram Ken runs through a handful of reasons why your Next.js app may be slow, along with some possible fixes.





😗  And a weird note to end on..



Have you ever wanted to program by whistling? Now you can. Velato is a JavaScript-inspired esoteric language designed to be written entirely by whistling and you can give it a go in your browser right now. I struggled with it, but you might have more luck (it doesn't seem to like Safari, for starters).


Velato was built by Daniel Temkin, the author of Forty-Four Esolangs, a new book, published by MIT Press, about an artist's take on creating esoteric programming languages.










09/25/2025





















#​754 — September 26, 2025

Read on the Web





JavaScript Weekly








Give Your AI Eyes: Introducing Chrome DevTools MCP — The Chrome team has released an MCP server for Chrome DevTools, enabling agents like Claude Code or OpenAI Codex to use the DevTools to debug and analyze the performance and behavior of your webapps (or even just to automate the use of Chrome generally). Addy does a great job of explaining the potential here.


Addy Osmani






AI Code Reviews Meet CLI Coding Agents — CodeRabbit CLI brings instant code reviews directly to your terminal, integrating with Claude Code, Cursor CLI, and other AI agents. While they generate code, CodeRabbit ensures it's production-ready - catching bugs, security issues, and hallucinations before they hit your codebase.


CodeRabbit sponsor






GitHub's Plan for a More Secure npm Supply Chain — In direct response to the recent npm ecosystem supply chain attacks of recent weeks, GitHub’s senior director of security research has outlined steps GitHub is taking, including blocking the upload of packages featuring the patterns of the recent malware, hardening package publication, and promoting the use of trusted publishing.


Xavier René-Corail (GitHub)




IN BRIEF:



RELEASES:




📖  Articles and Videos





From Steam to Floppy: Porting Modern TypeScript to Run on DOS — The creator of a DOS-inspired programming game (available on Steam) wanted to try and get the game running on real DOS. Thanks to jSH, a JavaScript engine for DOS, it was kinda do-able.


Jimbly / Dashing Strike






NPM Security Best Practices — An extensive list of best practices, techniques, and ideas to consider for making your use of the npm packaging ecosystem and its tooling more secure.


Boda






Implementing Authentication and Session Management in Next.js — Learn how to integrate user sign-up, sign-in, and protected routes into your Next.js app with modern auth practices.


Clerk sponsor






JSON is Not JSON Across Languages — If you use JSON to communicate between systems built in different languages, beware. Different libraries with varying opinions can cause “some of the most soul-crushing debugging experiences in software development.”


Dochia CLI




📄 Stop Using .reverse().find(): Meet findLast() Matt Smith


📄 Storing Unwise Amounts of Data in JavaScript BigInts Jonathan Frere


🎤 Making Desktop Frameworks More Accessible with Electron – A 20 minute chat with a long-time Electron maintainer. The GitHub Podcast


📄 Create 'Sick' Web Animations in Three.js with GSAP – A very simple example. Michael Li


📄 How to Test the New ARIA Notify API with Cypress Mark Noonan



🛠 Code & Tools








🤖 GitHub Copilot CLI Now in Public Preview — Not content to let Claude Code and OpenAI Codex dominate the CLI-based dev agent scene, GitHub has released a CLI-based version of Copilot, built using Node.


GitHub






TanStack Start v1 Release Candidate — TanStack’s attempt at a full-stack TanStack Router-powered framework has reached a v1.0 release candidate that’s expected to be largely the same as its eventual 1.0 release. “It’s the next chapter in building type-safe, high-performance React apps without the heavy abstractions.”


Tanner Linsley






Roles Get Messy Fast. WorkOS RBAC Keeps Access in Check — Define roles, group permissions, and sync with SSO and SCIM. Manage access with clean APIs and a powerful dashboard.


WorkOS sponsor






Cap'n Web: A New RPC System for Browsers and Web Servers — A ‘spiritual sibling’ to Cap’n Proto, an RPC protocol created by one of the same authors. However, Cap’n Web’s underlying serialization is human-readable, focused on integrating well with JS runtimes, and works over HTTP, WebSocket, and postMessage() out-of-the-box.


Varda and Faulkner (Cloudflare)






eslint-plugin-react-you-might-not-need-an-effect — What a project name! It’s an ESLint plugin to help React developers catch unnecessary useEffects which are quite commonly overused.


Nick van Dyke










  • 📊 Billboard.js 3.17.0 (above) – The popular charting library adds image label support for charts, label border styling, and dynamic control of label colors.




  • PythonMonkey 1.3 – Embed the SpiderMonkey JS engine into Python's VM. Now with Python 3.14 support.




  • pretty-bytes 7.1 – Convert a size in bytes into a human readable equivalent (e.g. 1337 becomes '1.34 kB').




  • Docusaurus 3.9 – The popular React + MDX-powered content/docs site generator.




  • Neo.mjs 10.9 – Multi-threaded framework for fast, desktop-like webapps.




  • eslint-plugin-vue 10.5 – Official ESLint plugin for Vue.js. (Homepage.)




  • VanJS 1.6 – The small but sweet reactive UI framework. (Homepage.)




  • Milkdown 7.16 – Plugin-driven WYSIWYG Markdown editor framework.









📰 Classifieds




Meticulous automatically creates and maintains an E2E UI test suite with zero developer effort. Relied on by Dropbox, Wiz, Lattice, Bilt Rewards, etc.



🚀 Next week: JetBrains JavaScript Day 2025! A free online event full of talks & live Q&A with experts from the JS community. Don’t miss it!






🧐 Learning web development with Dr. Axel




Over the past couple of months the esteemed Dr. Axel Rauschmayer has been working on a valuable series of beginner-friendly posts on a range of web development topics, with a heavy focus on JavaScript. He pitches the series as a way to teach people "who have never programmed how to create web apps with JavaScript".


These are all excellent primers/refreshers, and ideal for sharing with those early in their web development journey. Here are some of the highlights so far:






P.S. Don't go JSON waterfalls..










09/18/2025





















#​753 — September 19, 2025

Read on the Web





JavaScript Weekly








The 'Shai-Hulud' npm Supply Chain Attack Rumbles On — Now named after a term for the sandworms of the Dune universe, the ongoing malicious supply chain attack affecting the npm ecosystem has grown in scale with hundreds of packages affected in an attempt to exfiltrate tokens and secrets from developers’ machines.


Pandya, van der Zee, and Brown (Socket)




The story above has triggered a wave of responses and mitigations:







FlexGrid by Wijmo: The Industry-Leading JavaScript Datagrid — A fast and flexible DataGrid for building modern web apps. Key features and virtualized rendering are included in the core grid module. Pick & choose special features to keep your app small. Built for JavaScript, extended to Angular, React, and Vue.


Wijmo From MESCIUS sponsor






⚖️ Deno Asks: 'Help Us Raise $200k to Free JavaScript from Oracle' — The term JavaScript(™) is actually an Oracle trademark, but Ryan Dahl and Deno are attempting to fight that and are raising funds to get through the all-important discovery phase of the cancellation petition.


Ryan Dahl (Deno)




IN BRIEF:



RELEASES:




  • Safari 26.0 has been released alongside macOS 26.0, iOS 26.0, etc. Along with numerous CSS enhancements and a new <model> element for embedding 3D models onto web pages, every site can now "be a web app" on iOS and iPadOS if a user adds it to their home screen.




  • Bun v1.2.22 – Stack traces now include asynchronous call frames, there's Bun.YAML.stringify to turn objects into YAML, bundler & minifier improvements, and more.




  • As of React Router 7.9.0, the long-awaited middleware feature is now stable.





📖  Articles








Fetch Streams are Great, But Not for Measuring Upload/Download Progress — Fetch upload streams seem well-suited for tracking the progress of uploads, but as Jake notes “just because stuff is taken from the stream doesn’t mean it’s yet been sent over the network”. He also touches on an issue relating to measuring download progress using response streams.


Jake Archibald






Moving Off of TypeScript (We Love You, TypeScript) — An interesting tale from an engineering team that has decided to throw in the towel on its 2.5 million lines of TypeScript, instead migrating to .NET and C#. React will remain on their frontend, however.


Chander Ramesh






Secure Your Agentic Apps with Auth for GenAI — Secure your agentic apps with features like User Authentication for AI agents, Token Vault, and more with Auth0’s Auth for GenAI (exclusively in Developer Preview).


Auth0 sponsor






'React Won by Default – And It's Killing Frontend Innovation' — An opinionated React thought-piece that’s provoked much discussion this week by poking at the downsides and inertia caused by ‘the React-by-default mindset.’


Loren Stewart




📄 Beyond The Horizon: How Angular is Embracing AI for Next-Gen Apps – An update direct from the Angular team. Simona Cotin (Angular)


📄 Solid.js vs. React: A Developer's Perspective“Solid has been a breath of fresh air and it has opened my eyes to what React could be, but probably never will be.” Alem Tuzlak


📄 Creating an Immersive 3D Weather Visualization with React Three Fiber Carter Rink



🛠 Code & Tools








npm-check-updates 18.2: Update package.json Dependencies to Latest Versions — That is, as opposed to the specified versions. Includes a handy -i interactive mode so you can look at potential upgrades and then opt in to them one by one. v18.2 adds a ‘cooldown’ feature to help protect against supply chain attacks by requiring package versions to be published at least the given number of days before considering them for upgrade.


Raine Revere






Expo SDK 54 Released: A Big One for React Native Developers — The Expo framework continues its rapid ascent in the world of React Native with precompiled React Native iOS builds (for much shorter build times), iOS 26 and Liquid Glass support, and the use of React Native 0.81 and React 19.1. The new Expo File System has also become stable.


Hughes and Vatne (Expo)






Ready to Increase Your Conversions? Get Started with Free Trials — Free Trials are now available through Clerk Billing. Stop building trial logic, cancellation flows, and upgrade paths.


Clerk sponsor






🦋 BlueSky Likes: Flexible Components for Displaying Bluesky Likes — Includes two custom element components: bluesky-likes and bluesky-likers to display the number of likes and a group of avatars of those who liked a post respectively. Live demo.


Lea Verou






Svedit: A Tiny Library for Building Rich Content Editors with Svelte — Enables you to model your content in JSON, render it with custom Svelte components, and edit directly in the layout. GitHub repo.


Michael Aufreiter






  • TypeBox 1.0 – A runtime type system that creates in-memory JSON Schema objects that infer as TypeScript types.




  • 🙂 Vue Frimousse v0.1.3 – Unstyled, composable emoji picker for Vue.




  • wait-on 9.0 – CLI utility and Node API to wait for files, ports, sockets, and http(s) resources to become available.




  • 🗓️ DayPicker 9.10 – React component for creating date pickers, calendars, and date inputs.




  • Wasp 0.18Wasp is a Rails-like framework using Node, React & Prisma.




  • pretty-ms 9.3 – Convert milliseconds to a human readable string.




  • npm-publish 4.0 – GitHub Action to publish packages to npm.




  • Hexo 8.0 – Popular blog framework/ generator.




  • Fresh 2.1 – Deno-powered Web framework.









📰 Classifieds




Meticulous automatically creates and maintains an E2E UI test suite with zero developer effort. Relied on by Dropbox, Wiz, Lattice, Bilt Rewards, etc.



Go beyond caching. Redis 8.2 handles 5x more data with 150 new commands and 8 new data structures vs 7.2. Get started today.



JetBrains JavaScript Day 2025 brings insights from experts like Ryan Carniato, Kent C. Dodds, and more. Free & online – tune in on Oct 2!






🎁 Some Bonus Items















09/11/2025





















#​752 — September 12, 2025

Read on the Web



If you have any interest in music and being able to render music or generate music with JavaScript, be sure to check out the very end of this issue where we've dedicated an entire section to the topic :-)
__
Your editor, Peter Cooper





JavaScript Weekly








How to Keep package.json Under Control — Staring at a 863 megabyte node_modules folder for Val Town’s React app, Tom got to thinking about ‘dependency hygiene’ and some good ways to keep things under control. Good tips and tool recommendations here.


Tom MacWright






Behind the Scenes of bun install — Talk about an epic post. This is no mere explanation of how Bun quickly and efficiently installs packages — but a tour of package installation more generally, the underlying technicalities that make package installation tricky universally, and how Bun has tackled the problem.


Lydia Hallie (Bun)






Stop Reinventing Forms. Use SurveyJS Instead — SurveyJS UI components let you build JSON-driven forms, render them in React, Angular, Vue 3, or plain JS, and store results in your own DB. Open-source, extensible, no vendor lock-in — save months of development and stay in control of your data.


SurveyJS sponsor






A Major Supply Chain Attack Hit the npm Ecosystem — Socket warned us about a phishing campaign targeting npm package publishers which, sadly, bore fruit earlier this week when a variety of popular packages became compromised (like Chalk, DuckDB's distribution for Node.js, debug, and many others).


Gooding, Brown, et al. (Socket)




RELEASES:




📖  Articles and Videos





The Missing Link in JavaScript Tools? — Marvin ponders whether today’s fractured toolchain for templates, CSS imports, JSX, and numerous other non-standard enhancements to JavaScript could be unified into a single pipeline.


Marvin Hagemeister






Finally, Safe Array Methods in JavaScriptarr.sort() will sort your array in place, whereas ES2023’s arr.toSorted() will return a new, sorted copy of arr. There are several such methods you might prefer to use.


Matt Smith






Secure Your Agentic Apps with Auth for GenAI — Secure your agentic apps with features like User Authentication for AI agents, Token Vault, and more with Auth0’s Auth for GenAI (exclusively in Developer Preview).


Auth0 sponsor






An Interactive Guide to TanStack DBTanStack DB offers an embedded client‑side database that uses differential dataflow to power live, relational queries, sub‑ms incremental updates, and optimistic writes. This tutorial leans on using it with React, but TanStack DB works alongside Vue, Solid, and Svelte as well.


Maxi Ferreira




📺 Handling 500 Million Clicks with a $4 VPS – Behind the scenes of a Node-backed site that went viral. Andrew Schmelyun


📄 How To Set Up Express.js 5 For Production in 2025 Jan Hesters


📄 Building Microfrontends with Module Federation and Vue Alex Opalic


📄 How Shopify Migrated to React Native's New Architecture
Thiago Magalhaes (Shopify)



🛠 Code & Tools








Andromeda: The Newest JavaScript Runtime on the Block — A new JavaScript and TypeScript runtime built around the Rust-powered Nova engine. It’s still early days but they’re promising a lot: native single file compilation, a GPU-accelerated 2D Canvas API, low runtime overhead, interop with Rust, memory safety, WinterTC compatibility, and cross-platform support.


Andromeda Team






BlazeDiff: 'Blazing-Fast' Pixel-by-Pixel Image Comparisons — The creator was happy with the established pixelmatch library for doing image comparisons, until it got too slow for the scale he wanted. Here’s the story of how he came up with a faster alternative.


Teimur Gasanov






Unlock the Power of MCP Servers — Clerk shows how MCP servers let AI apps access data securely with OAuth — complete with a Next.js demo.


Clerk sponsor






Feedsmith 2.0: Feed Parser and Generation Library — As well as parsing feeds, you can also create RSS, Atom, JSON Feed, and OPML files with many common namespaces (iTunes, Podcast, Media RSS, Dublin Core, etc.) There’s a quick start tutorial for using it both in browsers or Node.js. GitHub repo.


Maciej Lamberski






React Bits: 100+ Creative, Animated React Components — If you want a bit of visual pizzazz in your project, this is for you. The components span from a variety of text effects to general animations, a ‘chroma grid’, bouncing cards, distortions, and more. GitHub repo.


David Has










📰 Classifieds




Meticulous automatically creates and maintains an E2E UI test suite with zero developer effort. Relied on by Dropbox, Wiz, Lattice, Bilt Rewards, etc.



🔈 JetBrains JavaScript Day 2025 registration is now open! Get up to speed with modern JavaScript development in just one day – for free.



$100 off yearly Frontend Masters membership! 250+ courses, personalized learning path, workshops with devs from GitHub & Netflix. Sale ends soon →



🗓️ Free virtual DevSecCon on Oct 22, 2025. Learn to secure AI-native apps with keynotes, demos, and a developer challenge. Register now!






🎵 Let's Get Musical









SpessaSynth: SoundFont2-Based MIDI Player and Synthesizer — If you think typical browser-played MIDI files sound terrible, you’re right – but try this! It uses a SoundFont sample driven approach to play MIDI files in a predictable fashion, and also includes an editor/visualizer if you need it. The live demo is quite striking.


Spessasus




While we're on the topic, here are some other neat music related JavaScript projects we've enjoyed over the years:









  • alphaTab – A full on music notation and guitar tab rendering library for building complete musical apps (above).




  • chiptune3.js – A bit like SpressaSynth (also above) but for playing module file music. Live demo.




  • Tone.js – An easy way to use the Web Audio API to create music in the browser. Someone used it to recreate the famous THX 'deep note' sound.




  • 🎸 SVGuitar – A library to render SVG guitar chord charts.




  • JZZ.js – A JavaScript MIDI library that hides a lot of complexity behind its chained syntax when you need to work directly with MIDI. (The keyboard logo at the top left of its homepage is a neat easter egg.)




  • Strudel – A live-coding environment in the browser for generating pieces of music with simple, chained JavaScript expressions.