QR Code
OWT Web Services       http://owtweb.com
[Skip to Content]

Industry News

09/11/2025
Package efficiency and dependency hygiene





















#​752 — September 12, 2025

Read on the Web


If you have any interest in music and being able to render music or generate music with JavaScript, be sure to check out the very end of this issue where we've dedicated an entire section to the topic :-)
__
Your editor, Peter Cooper





JavaScript Weekly








How to Keep package.json Under Control — Staring at a 863 megabyte node_modules folder for Val Town’s React app, Tom got to thinking about ‘dependency hygiene’ and some good ways to keep things under control. Good tips and tool recommendations here.


Tom MacWright






Behind the Scenes of bun install — Talk about an epic post. This is no mere explanation of how Bun quickly and efficiently installs packages — but a tour of package installation more generally, the underlying technicalities that make package installation tricky universally, and how Bun has tackled the problem.


Lydia Hallie (Bun)






Stop Reinventing Forms. Use SurveyJS Instead — SurveyJS UI components let you build JSON-driven forms, render them in React, Angular, Vue 3, or plain JS, and store results in your own DB. Open-source, extensible, no vendor lock-in — save months of development and stay in control of your data.


SurveyJS sponsor






A Major Supply Chain Attack Hit the npm Ecosystem — Socket warned us about a phishing campaign targeting npm package publishers which, sadly, bore fruit earlier this week when a variety of popular packages became compromised (like Chalk, DuckDB's distribution for Node.js, debug, and many others).


Gooding, Brown, et al. (Socket)




RELEASES:




📖  Articles and Videos





The Missing Link in JavaScript Tools? — Marvin ponders whether today’s fractured toolchain for templates, CSS imports, JSX, and numerous other non-standard enhancements to JavaScript could be unified into a single pipeline.


Marvin Hagemeister






Finally, Safe Array Methods in JavaScriptarr.sort() will sort your array in place, whereas ES2023’s arr.toSorted() will return a new, sorted copy of arr. There are several such methods you might prefer to use.


Matt Smith






Secure Your Agentic Apps with Auth for GenAI — Secure your agentic apps with features like User Authentication for AI agents, Token Vault, and more with Auth0’s Auth for GenAI (exclusively in Developer Preview).


Auth0 sponsor






An Interactive Guide to TanStack DBTanStack DB offers an embedded client‑side database that uses differential dataflow to power live, relational queries, sub‑ms incremental updates, and optimistic writes. This tutorial leans on using it with React, but TanStack DB works alongside Vue, Solid, and Svelte as well.


Maxi Ferreira




📺 Handling 500 Million Clicks with a $4 VPS – Behind the scenes of a Node-backed site that went viral. Andrew Schmelyun


📄 How To Set Up Express.js 5 For Production in 2025 Jan Hesters


📄 Building Microfrontends with Module Federation and Vue Alex Opalic


📄 How Shopify Migrated to React Native's New Architecture
Thiago Magalhaes (Shopify)



🛠 Code & Tools








Andromeda: The Newest JavaScript Runtime on the Block — A new JavaScript and TypeScript runtime built around the Rust-powered Nova engine. It’s still early days but they’re promising a lot: native single file compilation, a GPU-accelerated 2D Canvas API, low runtime overhead, interop with Rust, memory safety, WinterTC compatibility, and cross-platform support.


Andromeda Team






BlazeDiff: 'Blazing-Fast' Pixel-by-Pixel Image Comparisons — The creator was happy with the established pixelmatch library for doing image comparisons, until it got too slow for the scale he wanted. Here’s the story of how he came up with a faster alternative.


Teimur Gasanov






Unlock the Power of MCP Servers — Clerk shows how MCP servers let AI apps access data securely with OAuth — complete with a Next.js demo.


Clerk sponsor






Feedsmith 2.0: Feed Parser and Generation Library — As well as parsing feeds, you can also create RSS, Atom, JSON Feed, and OPML files with many common namespaces (iTunes, Podcast, Media RSS, Dublin Core, etc.) There’s a quick start tutorial for using it both in browsers or Node.js. GitHub repo.


Maciej Lamberski






React Bits: 100+ Creative, Animated React Components — If you want a bit of visual pizzazz in your project, this is for you. The components span from a variety of text effects to general animations, a ‘chroma grid’, bouncing cards, distortions, and more. GitHub repo.


David Has










📰 Classifieds




Meticulous automatically creates and maintains an E2E UI test suite with zero developer effort. Relied on by Dropbox, Wiz, Lattice, Bilt Rewards, etc.



🔈 JetBrains JavaScript Day 2025 registration is now open! Get up to speed with modern JavaScript development in just one day – for free.



$100 off yearly Frontend Masters membership! 250+ courses, personalized learning path, workshops with devs from GitHub & Netflix. Sale ends soon →



🗓️ Free virtual DevSecCon on Oct 22, 2025. Learn to secure AI-native apps with keynotes, demos, and a developer challenge. Register now!






🎵 Let's Get Musical









SpessaSynth: SoundFont2-Based MIDI Player and Synthesizer — If you think typical browser-played MIDI files sound terrible, you’re right – but try this! It uses a SoundFont sample driven approach to play MIDI files in a predictable fashion, and also includes an editor/visualizer if you need it. The live demo is quite striking.


Spessasus




While we're on the topic, here are some other neat music related JavaScript projects we've enjoyed over the years:









  • alphaTab – A full on music notation and guitar tab rendering library for building complete musical apps (above).




  • chiptune3.js – A bit like SpressaSynth (also above) but for playing module file music. Live demo.




  • Tone.js – An easy way to use the Web Audio API to create music in the browser. Someone used it to recreate the famous THX 'deep note' sound.




  • 🎸 SVGuitar – A library to render SVG guitar chord charts.




  • JZZ.js – A JavaScript MIDI library that hides a lot of complexity behind its chained syntax when you need to work directly with MIDI. (The keyboard logo at the top left of its homepage is a neat easter egg.)




  • Strudel – A live-coding environment in the browser for generating pieces of music with simple, chained JavaScript expressions.












09/04/2025
Why browsers throttle JavaScript timers (and what to do about it)





















#​751 — September 5, 2025

Read on the Web




JavaScript Weekly








Mediabunny: A Complete Media Toolkit for JavaScript — Supporting both browsers and Node.js, this library lets you read, write and convert popular media file formats (e.g. MP4, MP3, and more) without needing to lean on dependencies like FFmpeg. You can make thumbnails, extract metadata, write code that gets converted into a video, and more. GitHub repo.


Vanilagy






Why Do Browsers Throttle JavaScript Timers? — Did you know the zero in setTimeout(0) doesn’t really mean zero? Browsers clamp timers to at least a few milliseconds or more, slowing down code that relies on them. Luckily, there are alternative options, which Nolan demonstrates and benchmarks.


Nolan Lawson






Boost Coding Productivity with AI-Assisted Tools & Agents — Join Steve Kinney for this course looking at how best to harness AI for faster, higher-quality code. Learn how Cursor and Claude Code can be used to handle project plans, carry out inline edits, and perform larger background tasks — all adhering to the guidelines you set.


Frontend Masters sponsor






Ripple: A New, In-Development TypeScript UI Framework — A new framework aiming to take the best parts of React, Solid and Svelte, and combine them into a single package. Notably, it comes from someone who worked on React and Svelte, as well as author of Lexical and Inferno, so it’s worth a look. There’s more info on the GitHub repo.


Dominic Gannaway




IN BRIEF:







Product for Engineers Newsletter — Build better products, not just better code. Learn how to build features users love. Subscribe for free


PostHog sponsor





RELEASES:




📖  Articles and Videos








Google Chrome Turns 17: A History — A fantastic walkthrough of Chrome’s origins and its evolution over the years. Addy looks at key milestones (multi-process architecture for example), security, its steps into the world of AI, and more.


Addy Osmani




💡 On the topic of Chrome, Top Chrome APIs Every Developer Should Try covers a variety of Chrome-only JavaScript APIs, most of which I wasn't aware of.





Lean for JavaScript Developers — A comprehensive introduction to Lean, a theorem prover and language for creating formally verified code that Dan Abramov has really been getting into recently. “I’ve never written code alongside proofs like this before. Have you?”


Dan Abramov






AI Writes Code. Wallaby MCP Makes Sure It Actually Works — Give your AI agent live execution data, coverage, and real-time insights to generate tests and code with confidence.


Wallaby Team sponsor






Getting Accurate Text Lengths with Intl.Segmenter — A useful tip for when .length just isn’t returning what you’d quite expect..


Sangeeth Sudheer






Making XML Human-Readable Without XSLT — Jake gets niche, but sets JavaScript to good use here.


Jake Archibald




📄 Stress-Testing Biome's noFloatingPromises Lint Rule Dimitri Mitropoulos (Vercel)


📄 How to Optimize Third Party Scripts with Web Workers and Partytown Jakub Andrzejewski


📄 Redux without React: State Management in Vanilla JS Moritz Kröger


📄 Functional Custom Elements the Easy Way Ginger (Piccalilli)



🛠 Code & Tools








Peaks.js 4.0: UI Component for Interacting with Audio Waveforms — A project originally spawned from the BBC’s R&D department, Peaks renders audio waveforms to a canvas element and allows scrolling, zooming, and the sort of things you might otherwise see in an audio editor. LGPL licensed.


Chris Needham et al.




💡 There are other options in this space too, including the newly released Waveform Renderer 1.0 (complete with interactive demo) which is entirely focused on waveform rendering, as well as Wavesurfer.js.





Redux Toolkit 2.9: The 'Batteries-Included' Toolset for Redux — The long-standing toolset for working with Redux for state management gets a performance update with a rewrite of RTK Query’s subscription and polling systems, automatic aborting of in-flight requests when a cache entry is removed, and more.


Mark Erikson






react-window 2.0: Render Large Lists of Data Quickly — A component library for rendering large lists of data quickly and without the performance problems that often go along with that. There are several examples to check out, and React 18 is now required. (Tanstack Virtual is another option to consider in this space.)


Brian Vaughn






  • serverless-http 4.0 – Use your existing middleware framework (e.g. Express, Koa) on AWS Lambda.




  • 🖋️ Signature Pad 5.1 – Canvas-based smooth signature drawing control.




  • Tinypool 2.0 – Minimal Node.js worker thread pool implementation.




  • gRPC Web 2.0 – JS implementation of gRPC for browser clients.




  • Jasmine 5.10 – Testing framework for browsers & Node.




  • NodeBB 4.5 – Node.js-powered forum system.




  • Watt 3 – Node.js application server.









📰 Classifieds




🎟️ JetBrains JavaScript Day is back for its fifth edition! We’ve lined up a full day of great speakers and insights. All that’s missing is you.



Meticulous automatically creates and maintains an E2E UI test suite with zero developer effort. Relied on by Dropbox, Wiz, Lattice, Bilt Rewards, etc.





✉️  From the Inbox



For a variety of reasons – not least taking a vacation in August (oops!) – I have a backlog of fantastic submissions from people that I want to share separately:
















08/28/2025
The latest on Oracle's hold on JavaScript





















#​750 — August 29, 2025

Read on the Web




JavaScript Weekly








An Illustrated Guide to Big O and Time Complexity — A fantastic JavaScript-oriented, interactive, visual essay about Big O notation and its role in describing algorithmic complexity. This is a beautiful bit of work, even if you’re already wise to O(log n) and O(n^2).


Sam Rose




💡 Sam is making a name for himself with his interactive essays – check out the load balancing, memory allocation, hashing, and bloom filter ones too.





JavaScript’s Trademark Problem — Dr. Axel discusses Oracle's hold over the ‘JavaScript’ trademark, including the history and present-day legal attempts to challenge Oracle. Fireship has also just published ▶️ a video about the battle and there’s now a GoFundMe to raise funds to continue the fight.


Dr. Axel Rauschmayer et al.






Tests Are Dead. Meticulous AI Is Here — Meticulous creates and maintains a continuously evolving E2E UI test suite with zero developer effort. Built on Chromium with a deterministic engine, it’s the only testing tool that eliminates flakes. Relied on by Dropbox, Notion, and Wiz.


Meticulous AI sponsor






New in ESLint v9.34.0: Multithread Linting — A common feature of tools like Rslint, Biome, and Oxlint, is being 'Nx times faster' than ESLint, but the latest ESLint has a trick up its sleeve and can now process multiple files at the same time, dramatically reducing lint times for large projects.


Francesco Trotta




IN BRIEF:



RELEASES:




📖  Articles and Videos





Speeding Up the JavaScript Ecosystem: Semver — The latest in Marvin’s multi-year series of posts on optimizing heavily used parts of the JavaScript ecosystem: “During the installation process, package managers run a bunch of semver comparisons. The semver library used in npm, yarn and pnpm can be made around 33x faster.”


Marvin Hagemeister






Say Bye with JavaScript Beacon — The Beacon API has been supported in all mainstream browsers for years now and provides a way to send a guaranteed (even if a page is being unloaded) non-blocking request to a web server when no response is needed.


HemathKumar R






Secure Your AI Agents So That You Can Protect Your Users — Whether you have a B2B or B2C use case, Auth0 is a full IdP that provides robust security like MFA and continuous threat monitoring.


Auth0 sponsor






How We Migrated Our Monorepo to Node Type Stripping — Since v23.6 (and in LTS since v22.18.0), Node has supported running (most) TypeScript code by stripping the types out first. One team shares the challenges encountered and what the end benefits were.


Stuart Dotson (Calm)






You No Longer Need JavaScript (For Many Frontend Things) — A neat look at some of what plain HTML and CSS can achieve in terms of effects and techniques for which you might have once relied upon JavaScript.


Lyra




📄 Understanding Promise.any(): When One Success is Enough – Given multiple promises, resolve as soon as just one fulfills. Matt Smith


📄 The Struggle of Wrapping a JavaScript Game for Desktop – The author explains why they finally settled on NW.js. JSLegendDev


📄 Speeding Up Firefox Local AI Runtime – How Firefox accelerated inference by replacing the WASM-based ONNX runtime that powers Transformers.js with a native C++ counterpart. Ziadé, Adenot, and Guelton


📄 Unit Formatting with Intl in JavaScript Raymond Camden


📄 Exporting a Cloth Simulation from Blender to an Interactive Three.js Scene Joshua Guo


📺 Coming in Angular 21: HttpClient Built In by Default Igor Sedov



🛠 Code & Tools








Cornerstone3D 4.0: Build Web-Based Medical Imaging Apps — A set of JavaScript libraries to build things like this 3D CT scan viewer, PET-CT scan viewer, and much more besides. There’s a lot to this project, along with numerous tutorials.


Open Health Imaging Foundation






ImageJS 1.0: Image Processing and Manipulation Library — A library for resizing, cropping, filtering, color adjustments, and numerous other image transformations which works in Node.js and the browser (supporting JPEG, PNG, BMP and TIFF – thanks to pure JS dependencies like fast-jpeg and fast-png). v1.0 brings TypeScript support and a more intuitive API. GitHub repo.


ImageJS Team






The Best Way for Web Developers To Track Key User Flows — Check out User Journeys, a new approach to connecting technical performance to user engagement in your web apps.


Embrace sponsor






Obs.js: Context-Aware Web Performance for Everyone — Uses the Navigator and Battery APIs to get contextual information about your users’ connection strength and battery status so you can adapt your site/app to the environment or collect the data for analysis.


Harry Roberts






📊 SveltePlot: A Visualization Framework for Svelte — It’s still in alpha but its API is inspired by a similar plotting library by Observable and built on top of D3. There are plenty of examples in the docs.


Gregor Aisch






  • Repomix 1.4 – Pack an entire repository into a single, LLM-friendly file. v1.4 adds the ability to integrate commit history.




  • MikroORM 6.5 – TypeScript ORM for Node based on Data Mapper, Unit of Work and Identity Map patterns.




  • 📄 jsPDF 3.0.2 – Client-side JavaScript PDF generation for everyone.




  • Faker 10.0 – Generate fabricated data to your heart's content.




  • Tiptap 3.3 – Headless, framework-agnostic rich text editor.




  • RxDB 16.18 – Offline-first, reactive database for JS apps.




  • Denops.vim 8.0 – Write Vim/Neovim plugins with Deno.





🎁 Some Bonus Items















08/21/2025
We still love jQuery





















#​749 — August 22, 2025

Read on the Web


☀️ We're back after a week off, though I'm starting to think we should have taken two weeks off as it's been quite quiet in JavaScript-land this August! Nevertheless, we still have a full issue for you today, so let's get on to it.. ;-)
__
Peter Cooper, your editor





JavaScript Weekly








Eliminating JavaScript Cold Starts on AWS LambdaPorffor is a rapidly developing ahead-of-time JavaScript compiler with a major benefit being extremely quick process launch times (think sub-millisecond). This is certainly more a taste of the future, and something to experiment with, rather than something you want to imminently deploy into production.


Oliver Medhurst






Rspack Introduces Rslint, a Fast Linter Written in Go — A high-performance JavaScript and TypeScript linter written in Go, and the newest member of the Rspack/Rstack family of tools.


Sarah Gooding (Socket)




💡 In related news, the Rust-powered Oxlint linter has unveiled a preview of type-aware linting support. Oxlint and Rslint (or Biome) are worth investigating if you're having performance issues with ESLint.





Front-End System Design: Build Scalable UIs — Learn browser rendering, DOM performance, state, and UI optimization with real-world exercises.


Frontend Masters sponsor







jQuery 4.0.0 Release Candidate 1 — Version 4.0 of jQuery has reached the “we think this is ready; now poke it with many sticks” stage. While jQuery is still heavily used, we know it’s old-fashioned, but it was so important in the early days of JavaScript Weekly that we have a major soft spot for it!


Timmy Willison






Reflections on the React Community — Lee, formerly of Vercel and widely recognized for his influence on Next.js and React, shares candid reflections on the React community, digging into the rise of React Server Components, the tension between commercial and non-commercial priorities, the toll of burnout, and a reminder that, above all, this is still a community of people.


Lee Robinson




IN BRIEF:



RELEASES:




📖  Articles and Videos








Using the Custom Highlight API — The CSS Custom Highlight API offers a way to style text ranges on a document using JavaScript to create the ranges, and CSS to style them. And, as of Firefox 140, all major browsers now support it. This could be great for in-page search or even dynamic syntax highlighting.


Chris Coyier






The Power of the Intl API: A Definitive Guide to Browser-Native Internationalization — Instead of relying on heavy third-party libraries, modern browsers provide JavaScript with the Intl API — a powerful, native way to handle internationalization.


Fuqiao Xue






The Best Way for Web Developers to Track Key User Flows — Check out User Journeys, a new approach to connecting technical performance to user engagement in your web apps.


Embrace sponsor






Designing Chrome's Built-in AI Web APIs — Domenic, a member of the Chrome team at Google, shares some insights into how the APIs around Chrome’s newest AI features were designed.


Domenic Denicola






▶  React Mock Interview: Three Devs Take on a Challenge — Three top developers take on the same React challenge to build a form complete with validation. If you’ve got the time for a 50 minute video, this is fun and educational.


Shruti Kapoor




📄 How Incorrect Shopify Webhook Parsing Led to Database Deletion – A sneaky problem with an unexpected undefined value being fed to Prisma. One of Prisma’s validation errors did pick it up, however. Ingressr


📄 The Problems with Modals, and How to Solve Them in Vue.js Noel De Martin


📄 How Bun Made postMessage 500x Faster Jarred Sumner


📄 The Future of JavaScript: What Awaits Us JSDev



🛠 Code & Tools








Uppy 5.0: A Powerful, Modular JavaScript File Uploader — Upload not just from local sources (whether files or a webcam) but also remote services like Dropbox or Google Drive. Integrates with frameworks like React, Vue, Svelte, and Angular, and supports resumable uploads too. GitHub repo.


Transloadit






😄 Faceclick: A Lightweight Emoji Picker with Keyword Search — Includes some interesting details on how it was made more efficient.


Dave Gauer






Secure Your AI Agents So That You Can Protect Your Users — Whether you have a B2B or B2C use case, Auth0 is a full IdP that provides robust security like MFA and continuous threat monitoring.


Auth0 sponsor






Sidequest.js: A New Scalable Job Execution Option for Node.js — A scalable background job processor for Node apps that includes a Web-based dashboard, the ability to support multiple backends, and TS-first ergonomics. GitHub repo.


Merencia and Guizzo










Minecraft MCP Server: Let an LLM Take Control of Minecraft — A fun way to play around with MCP servers and LLMs. It uses Mineflayer, a JavaScript API for creating Minecraft bots, behind the scenes. The video in the README is cool, showing how Claude and this server can turn a photo of the White House into an in-world creation.


Yuniko Software






  • Waku 0.25 – The minimal React framework introduces the concept of 'slice components' – a new approach to fine-grained component rendering.




  • Retire.js 5.3 – A security scanning tool to detect the use of JavaScript libraries with known vulnerabilities in your project.




  • Ky 1.9 – Simple HTTP client based upon Fetch for browsers, Node & Deno.




  • Repomix 1.3 – Pack an entire repository into a single, LLM-friendly file.




  • 🗓️ React Date Picker 8.6 – Simple date picker component. (Demo.)




  • Flatbush 4.5 – Fast static spatial index for 2D points and rectangles.




  • plotly.js 3.1 – Standalone data visualization library.




  • Chai 6.0 – BDD / TDD assertion framework.









📰 Classifieds




Meticulous automatically creates and maintains an E2E UI test suite with zero developer effort. Relied on by Dropbox, Wiz, Lattice, Bilt Rewards, etc.



🤖 Faster AI data = smarter agents. Redis 8.2 brings vector sets and search with sub-ms speed. Try it for free.






🎁 Some Bonus Items