fidzu : JavaScript

#​782 - April 21, 2026

Read on the Web

JavaScript Weekly

HyperFrames: Write HTML and JavaScript to Create Videos - An open-source framework for creating and rendering videos with HTML and JavaScript. Essentially a simpler non-React alternative to Remotion. It includes a variety of built-in blocks/components for common video effects and elements, and can also composite existing video and audio clips. GitHub repo.

HeyGen

Still Writing Tests Manually? Meticulous AI Is Here - Notion, Dropbox, Wiz and LaunchDarkly now use a testing paradigm they can't work without. Built by former Palantir engineers, Meticulous automatically creates an evolving suite of E2E UI tests, delivering exhaustive coverage with no developer effort.

Meticulous sponsor

The Vercel Breach That Started with a Roblox Cheat - An employee of an AI tool provider used by a Vercel employee was compromised by malware (bundled with a Roblox cheat!) and the attacker used that foothold, by way of Google Workspace, to reach a subset of Vercel customers' environment variables.

Vercel

💡 Vercel users should follow these steps, but even if you're not one, the weak link was an OAuth grant to a third-party tool, and that pattern is nearly universal.

IN BRIEF:

• Node.js is moving to support the Temporal API by default, most likely in Node v26 which is expected next week.

• Salesforce ecosystem devs are used to using specific frameworks within its walled garden; now you can build native React apps on Salesforce.

• Rust's official package/crate registry, crates.io, is migrating from Ember.js to Svelte 5.

RELEASES:

• Node.js 24.15.0 (LTS) - require(esm) and the module compile cache are marked as stable, and --max-heap-size has been added.

• Fable 5.0 - A mature F# transpiler that targets JavaScript (plus other languages). v5.0 adds .NET 10 and F# 10 support.

• uuid 14.0 - Create RFC9562-compliant UUIDs (v1 through v7).

📖 Articles and Videos

▶ Evan You's State of Vue 2026 Talk - A month ago, Evan You (of Vue.js and VoidZero fame) gave his annual address. Less Vue-focused than usual (though Vapor Mode is "almost ready"), the talk focuses on Vite-ecosystem updates covering Vite 8, Vite+, and Void.

Evan You / Vue.js Amsterdam

How I Resolved 15K Circular Dependencies - A senior Microsoft engineer's retrospective of clearing ~15,000 project-level circular dependencies from a 7 million line(!) TypeScript monorepo, with reusable ideas for anyone wrangling a large TS workspace.

Stefan Haas

Your Agent Ships 10 Ideas a Day. You Get 2 Databases? - Your agent builds faster than a 2-project free tier allows. ghost gives it unlimited Postgres. 1TB storage. Try free.

ghost sponsor

The Vertical Codebase - Structuring an app with folders like components/, hooks/, and utils/ feels tidy at first, but gets harder to live with over time. Dominik makes the case for a vertical, domain-first approach.

Dominik Dorfmeister

🔒 The OWASP NPM Security Best Practices Cheat Sheet - A useful, long-standing checklist that continues to be updated with recent updates tackling disabling lifecycle scripts, typosquatting, trusted publishing, and dependency confusion.

OWASP Cheat Sheet Series

How We Made the Angular Compiler Faster Using AI - Two of VoidZero's developers wanted to see how fast an Angular compiler they could make. Very fast, it turns out.

Brooklyn and Michael Dong (VoidZero)

📄 Why I Don't Chain Everything in JavaScript Anymore - Long chains of methods vs. an easier-to-read sequence. Matt Smith

📄 The Scope of Type Guards and Assertion Functions Stefan Judis

🛠 Code & Tools

Bun v1.3.13: Smarter Testing, Streaming Installs, and Less Memory - The Bun runtime has had a great run of releases, including last week's v1.3.12 with built-in browser automation. Now, bun test gets numerous enhancements with --isolate, --parallel, --shard and --changed options for test env isolation, parallelization, and to run only test files affected by recent changes. The runtime now uses 5% less memory, bun install gets faster, and more.

Jarred Sumner

Introducing B2B Authentication - Clerk combines Organizations, SCIM, SSO, RBAC, invites, and billing to build enterprise-ready apps.

Clerk sponsor

Animata: Over 100 Animated React Components - A suite of novel animation-focused React components you don't often see elsewhere, including animated beams, spreading cards, and a Slack-style intro screen.

Codse

📄 officeParser: A Library to Parse Common Office-Related Formats - Work with formats like docx, pptx, xlsx, odt and others used by office suites, both in the browser and server-side. GitHub repo.

Harsh Ankur

🎵 tiks: Procedural UI Sounds for the Web - Clicks, pops and pings synthesized with the Web Audio API (so it's tiny).

Rexa

• TypeGPU 0.11 - TypeScript WebGPU toolkit with advanced type inference and the ability to write shaders in TypeScript.

• 📺 Shaka Player 5.1 - JavaScript library for adaptive media playback supporting DASH and HLS. (Demos.)

• TiddlyWiki 5.4 - Self-contained JavaScript wiki for personal use. (Repo.)

• ✂️ Knip 6.6 - Popular tool for finding and removing unused files, dependencies and exports.

• wasm-xlsxwriter 0.13 - Generate Excel files in the browser or Node.

• React Three Fiber 9.6 - The React renderer for Three.js.

• np 11.2 - A better npm publish.

📢 Elsewhere in the ecosystem

• Git 2.54 has been released with a couple of headline features:

  • git history offers a new, easy way to edit commit messages or interactively split a commit into two.

  • You can now define hooks in config files (whether in a repo, at user level, or even system level) rather than just in .git/hooks. You can also run multiple hooks for the same event in this way.

• If you ever work with Ruby on Rails, you might find rails_vite interesting. It's a new tool that seamlessly brings the power of Vite into Rails' pipeline.

• 💥 Anyone who's analyzed GitHub projects for a while knows this already, but there's a huge 'fake star' economy where people pay to make their projects look more popular than they are.

• Isa Yeter explains how he migrated from DigitalOcean to Hetzner slashing his hosting bill by 84% in the process.

• Cloudflare has released a preview of its new cf CLI tool for working with its various services.

#​781 - April 14, 2026

Read on the Web

JavaScript Weekly

Under the Hood of MDN's New Frontend - The hugely useful MDN has rebuilt its frontend stack from the ground up, ditching React for web components and a homegrown server component system. A great read on building a modern, content-heavy site without shipping unnecessary JavaScript on every page.

Leo McArdle (MDN)

Ship Mobile Apps The Way You Ship Websites - Expo gives JavaScript developers a web-like workflow for native mobile. Hot reload on device. OTA updates that skip app store review. Cloud builds that work like Vercel. Start with npx create-expo-app.

Expo sponsor

🕹️ Phaser 4.0: The 2D WebGL and Canvas-Based Game Framework - The widely used game framework celebrates its 13th birthday with a major release focused on perf/efficiency improvements, and includes skills files so AI agents can build Phaser 4.0 apps well. There are lots of demos, including these games, and existing users get a v3 to v4 migration guide.

Phaser Studio Inc.

IN BRIEF:

• Google will penalize sites that 'hijack' the back button in its search results from June. "Ensure you are not doing anything to interfere with a user's ability to navigate their browser history," says Chris Nelson.

• TanStack Start now has (experimental) React Server Components support.

• 🇫🇷 dotJS returns to Paris, France this September 18 - its CFP is open for two more weeks if you'd like to speak.

• 🇷🇴 The JSHeroes conference is back this May 14-15 in Romania.

RELEASES:

• Bun v1.3.12 - The JS runtime now ships with native, headless browser automation built in, and Bun.cron provides an in-process task scheduler.

• ⚠️ React 19.2.5, 19.1.6 and 19.0.5 have been released to deploy a fix for a React Server Components vulnerability.

• React Native 0.85 - New animation backend and devtools improvements.

• pnpm v11.0 RC 0, React Three Fiber 9.6, Electron 41.2, DOMPurify 3.4

📖 Articles and Videos

Installing Every Firefox Extension - One person's entertaining and heroic tale of wielding JavaScript to explore the Firefox extension ecosystem. And what oddities there are within! I enjoyed this a lot, it's like Alice in Wonderland for developers. More spelunking like this please.

Jack Cab

Uses for Nested Promises - James revisits 2013's Promises/A+ monads debate and has changed his mind, thanks to a real concurrency problem he ran into. Demanding but rewarding.

James Coglan

44 Postgres Talks To Choose From All in One Free, Virtual Event - Join POSETTE: An Event for Postgres 2026, a free & virtual Postgres developer event, 16-18 Jun. Check out the schedule.

Microsoft | AMD sponsor

You Can't Cancel a Promise (Except Sometimes You Can) - You can't cancel a promise, but you can halt an async function by making it await a promise that never resolves. The function silently stops, and GC cleans up after it.

Aaron Harper (Inngest)

Parse, Don't Validate (In a Language That Doesn't Want You To) - Tired of writing the same defensive if check in multiple files because you can't trust that validation already happened? Branded types and discriminated unions can let TypeScript carry that proof for you.

Christian Ekrem

🌐 The Intl API: The Best Browser API You're Not Using - A neat code-heavy primer to what you can do with Intl.

Kilian Valkhof

📄 Making Our Frontend Unit Tests Much Faster with @swc/jest - From 15 seconds with Jest to 4 seconds with the compatible @swc/jest. Sebastian Herrmann

📄 Creating Custom Page Transitions in Astro with Barba.js and GSAP Iqbal Muthahhary (Codrops)

📄 The Uphill Climb of Making Diff Lines Performant on GitHub Ghenco and Shwert (GitHub)

📄 Building a JavaScript Runtime with QuickJS Andrew Healey

🛠 Code & Tools

Boneyard: Auto-Generated Skeleton Screens for Your UI - Snapshots your real UI and captures a flat list of skeleton 'bones' which are positioned, sized rectangles that mirror the page exactly. Supports React, Preact, React Native, Vue, Svelte, and Angular.

0xGF

📈 Micro-ML: A Toolkit of Forecasting and Clustering Algorithms - A ~56KB WASM-powered library with algorithms for regression and smoothing. Cluster points, classify data, or predict the next value in a series without dragging in TensorFlow.js.

Adam Perliński

AI Writes Code. Wallaby MCP Makes Sure It Actually Works - Give your AI agent live execution data, coverage, and real-time insights to generate tests and code with confidence.

Wallaby Team sponsor

Ink 7.0: Use React to Build TUIs and Command Line Apps - Powering many popular terminal apps, v7.0 now leans on React 19.2, uses useEffectEvent internally for added efficiency, and brings new hooks and settings.

Vadim Demedes

🔊 web-audio-api: Use the Web Audio API from Node and Bun - Full Web Audio API support to either play audio on your machine/server or render it to file (and, yes, Tone.js works too). There are many examples to enjoy.

Sébastien Piquemal

Syncpack: Consistent Dependency Versions in Large JS Monorepos - A CLI tool (used by Electron, Cloudflare, Vercel and others) that finds version mismatches across your entire monorepo, fixes them, and can enforce version policies in CI to avoid future drift.

Jamie Mason

• Mantine 9.0 - The wildly popular React component suite now includes a complete set of calendar scheduling components.

• wa-sqlite 1.1 - WebAssembly build of SQLite enabling JavaScript-based virtual filesystems and browser storage extensions. (Demo.)

• gridstack.js 12.6 - Build responsive drag-and-drop multi-column dashboards.

• Formula.js 4.6 - Excel's formula functions, but for JavaScript.

• Lexical 0.43 - Facebook's extensible text editor framework.

📢 Elsewhere in the ecosystem

Windows 95 as an Electron App - A full Windows 95 experience as an app on macOS, Linux, and Windows, built upon the v86 JavaScript + WASM emulator. v5.0 is a big release as you can mount a folder from your machine into it as a Z: drive, mount ISOs as CD-ROMs, there's a shared clipboard, and Internet access has been improved. I'm so trying to get Microsoft Encarta's Mindmaze running on this…

Felix Rieseberg

• 🎨 Sticking to the retro theme, a new release of JSPaint has landed too, so you can relive the joy of using MS Paint. Try it here.

• It's ten years since Domenic Denicola posted about adding JavaScript modules to the web platform - how far we've come since!

• GitHub has a private preview of 'stacked PRs', a feature to break large changes into smaller, dependent parts.

• TanStack Router, Start, and Query have gained beta support for Solid 2.0.

• 🎤 A 50-minute chat (with transcript) from two of the developers behind the npmx project - an increasingly popular way to browse the npm registry.

• JSON Alexander is a new JSON viewer extension for Chrome and Firefox from Wes Bos, complete with a snazzy George Costanza logo.

#​780 - April 7, 2026

Read on the Web

JavaScript Weekly

JSIR: A High-Level IR for JavaScript from Google - Google has open sourced a new tool (JSIR) and proposed an industry-standard IR (Intermediate Representation - if an AST tells you what the code looks like, an IR tells you what it does) for JavaScript. Already used at Google for analysis and code transformation, the underlying idea could form a foundation for a new generation of tooling.

Zhixun Tan (Google)

💡 Most devs won't feel the impact for a while, but this is the kind of groundwork that can lead to better linters, smarter bundlers, better refactoring tools, and so forth.

Free Workshop: Claude Code Deep Dive - April 21 - Lydia Hallie from Anthropic teaches a full-day Claude Code workshop at Frontend Masters on April 21. Free to attend. No subscription required.

Frontend Masters sponsor

What to Know in JavaScript (2026 Edition) - An up-to-date overview of the JS landscape, including the latest ECMAScript additions, frameworks to keep tabs on, runtimes, build tools, and more. A good way to catch up.

Chris Coyier

IN BRIEF:

• 🔓 The Axios team has published a postmortem of last week's npm supply chain compromise. There's also a look into how the social engineering part worked.

• 📊 WebKit, Google and Mozilla have unveiled JetStream 3, the latest version of a suite of popular browser-oriented JS and WASM performance benchmarks.

• Cloudflare has released EmDash, a JavaScript-flavored 'spiritual successor to WordPress'.

• The Svelte team has published its latest monthly roundup.

RELEASES:

• ESLint v10.2.0 - Adds support for language-aware rules through a new meta.languages property. Temporal is now also supported.

• Node.js 25.9.0 (Current) - Adds --max-heap-size to set a max heap size for a process, and includes stream/iter, a new experimental iterable streams API.

📖 Articles and Videos

Minimum Release Age is an Underrated Supply Chain Defense - An increasingly common package manager feature is being able to specify a minimum 'package age'. The idea is that if you wait, then maintainers, security tools, etc. will tackle the most nefarious supply chain attacks. It's no silver bullet, but may suit your use case, and here's how to set it up.

Dani Akash

▶ TanStack Start: A Client-First Web Framework - A 30-minute talk from TanStack's founder showcasing TanStack Start's value proposition for both React and Solid developers looking for a complete SSR framework.

Tanner Linsley

One Extension Replaces Your Entire Analytics Pipeline - TimescaleDB adds hypertables, 95% compression, and continuous aggregates to Postgres. Analytics on live data. Try for free.

Tiger Data (creators of TimescaleDB) sponsor

Burnout is Real for Open Source Maintainers - A 40-minute audio interview (along with a nice write up) with John-David Dalton, the creator of Lodash, one of JavaScript's most popular projects.

The OpenJS Foundation

The Great CSS Expansion - A thorough review of Web-based tasks that were once JavaScript's natural domain (e.g. tooltips, dialogs, scroll animations) but for which modern CSS now excels.

Pavel Laptev

📄 Building a Dual-Scene Fluid 'X-Ray Reveal' Effect in Three.js Cullen Webber

📄 Quick Tip: Intl Can Localize Units, Too Stefan Judis

📄 Things Learned Migrating to Solid 2.0 Brenley Dueck

🛠 Code & Tools

Fuse.js 7.3: Lightweight Fuzzy-Search - Want a search feature tolerant to ambiguous input without a dedicated backend? v7.3 adds per-term fuzzy matching and a static method for single string matching, while v7.4 beta adds worker-based distributed search for tackling huge datasets. A demo shows off the basics.

Kiro Risk

Your CI doesn't have to be this slow - Depot CI: 2-3s job starts, parallel steps, SSH debugging. Run depot ci migrate to move your GitHub Actions in minutes.

Depot sponsor

Announcing Babylon.js 9.0 - Microsoft's popular rendering engine for building interactive, 3D web experiences now has a node-based particle editor, volumetric lighting, advanced Gaussian splatting, and more.

Carter & Lucchini (Microsoft)

Marked.js 18.0: A Fast Markdown Parser and Compiler - A low-level Markdown compiler built for speed. The demo shows off the basics. v18 is largely a bug fix release that also bumps it up to TypeScript 6. GitHub repo.

Christopher Jeffrey

TinyBase v8.1: A Reactive Data Store for Local-First Apps - A reactive data store and sync engine that can be used as the entire backend for many types of app, now with native Svelte 5 support.

James Pearce

xdk-typescript: The Official 'XDK' for the X API - The social media platform's new official SDK for its API (good luck).

X Dev Platform

• npm-check-updates v20.0.0 - Upgrade package.json dependencies to latest versions while preserving semantic versioning policies. Now supporting cooldowns.

• Neutralinojs 6.7 - The cross-platform desktop app framework adds an API for input device simulation and handling.

• 🖼️ SVGInject 2.0 - Inlines SVG files into the DOM at runtime (no build step) so you can style them with CSS.

• vue-clamp 1.0 - Primitives for clamping multiline text, inline strings, and wrapped items in Vue 3. (Demo.)

• vue-virtual-scroller 2.0 - Fast virtual-scrolling for lists in Vue 3.

• Verdaccio 6.4 - Run your own local private npm registry.

• React Native Skia 2.6 - Fast 2D graphics library for RN.

• SunEditor 3.0 - Extensible, vanilla JS WYSIWYG editor.

• hucre 0.3 - Zero-dependency spreadsheet engine.

• bwip-js 4.9 - Pure JavaScript barcode writer.

📢 Elsewhere in the ecosystem

• In CSS is DOOMed, Niels Leenheer shows off how he implemented a version of 1993's Doom using purely CSS rendering (with the game logic in JavaScript). Play it for yourself or check out the code.

• QuickBEAM is a JavaScript runtime for Erlang's BEAM VM, as also used by Elixir. It offers compatibility with core Node.js APIs.

• In CSS or BS? find out how good you are at telling real-life CSS properties from made up ones.

• ✉️ Spencer Mortensen put twenty-five email address obfuscation techniques to the test to see which actually work in 2026.

#​779 - March 31, 2026

Read on the Web

JavaScript Weekly

axios Package Compromised; Malicious Versions Added a Trojan Dependency - Axios is an HTTP library that gets 100M+ downloads a week, largely due to its legacy popularity. An attacker took advantage of that to roll out a version with a malicious dependency including a remote access trojan (though Axios' codebase itself was fine). This is big, as even if you don't use Axios, your dependencies might. Here's how to see if you're affected.

Ashish Kurmi

💡 More: Socket offers a more accessible breakdown. There's also a GitHub issue discussing the matter. It's worth considering pinning your dependencies, preventing post-install scripts from running (can be configured with npm but is the default in pnpm and Bun) and/or using cooldowns for dependency updates (using minimumReleaseAge in npm or pnpm's approach).

Still Writing Tests Manually? Meticulous AI Is Here - Notion, Dropbox, Wiz and LaunchDarkly now use a testing paradigm they can't work without. Built by former Palantir engineers, Meticulous automatically creates an evolving suite of E2E UI tests, delivering exhaustive coverage with no developer effort.

Meticulous sponsor

Transformers.js v4: Run AI Models in the Browser - Brings Hugging Face-hosted transformer models into JavaScript, so you can run NLP, vision, and audio models in-browser. v4 switches to a WebGPU runtime and is installable with npm. There are many live demos covering real-time speech transcription, using Qwen 3.5, and real-time video captioning.

Hugging Face

RELEASES:

• Inertia.js 3.0 - Glue between React, Vue and Svelte SPAs and non-JS server-side frameworks like Laravel, Rails and Django. More on v3 here.

• Node.js March 24, 2026 Security Releases - Including Node.js v25.8.2 (Current), v24.14.1 (LTS), v22.22.2 (LTS), and v20.20.2 (LTS).

• TanStack DB 0.6 - Now with persistence, offline support, and hierarchical data.

• Astro 6.1, Mantine 9.0, Ky 2.0 Prerelease, CKEditor 48.0, pnpm 10.33

📖 Articles and Videos

Signals: The Push-Pull Based Algorithm - A well-diagrammed ground-up explanation of how signals work internally, focusing on the push-pull algorithm at the core of reactivity in frameworks like Solid, Vue, and Angular.

Willy Brauner

🖼️ Your Options for Preloading Images with JavaScript - "There are a number of ways to preload an image on demand with JavaScript, each with their own strengths and drawbacks. Let's explore them."

Alex MacArthur

▶ Stop Guessing Where Your Next.js App Broke - 7 videos on error monitoring, replays, tracing, and alerts to debug across your Next.js stack. Watch now.

Sentry sponsor

A Gentle Intro to npm Workspaces (With Visuals) - Workspaces let you manage multiple packages in one repo and link local packages so they can import each other by name. npm may then hoist and deduplicate compatible dependencies during install.

Carlos Precioso

📄 'I Decompiled the White House's New App' - Among the surprises in the React Native app are a cookie/paywall bypass injector and dynamic loading of JavaScript from a random user's GitHub Pages... Thereallo

📄 Building a Scroll-Reactive 3D Gallery with Three.js, Velocity, and Mood-Based Backgrounds Houmahani Kane

📄 Why We Replaced Node.js with Bun for 5x Throughput Nick at Trigger

🛠 Code & Tools

Pretext: A Multiline Text Measurement and Layout Library - Cheng Lou, formerly a React core team member, caused a stir with this X post three days ago, racking up 22M impressions and getting 25k stars on this repo since. Why? People are very excited about the potential for real time web layouts! There are demos here if you want to see what the excitement is about, although the library itself is reasonably straightforward.

Cheng Lou

GitHub Actions 🤝Expo CI/CD Workflows - Keep GitHub Actions. Add Expo Workflows for mobile: M4 Pro builds, E2E tests, OTA. Let each tool handle what it's best at.

Expo sponsor

Knip v6: The Tool to Declutter Your JS/TS Projects - Knip is a go-to tool for finding and removing unused files, exports, and dependencies in projects. v6 integrates oxc for 2-4x performance gains (it tears through Astro in two seconds) and is largely a drop-in upgrade.

Lars Kappert

📺 ArtPlayer: A Modern, Full-Featured HTML5 Video Player - A straightforward way to get your own heavily-customizable YouTube-style player experience. There's a full, live demo/playground showing it off.

Harvey Zhao

Semiotic 3.0: React + D3 Data Visualization Framework - Does the basics well, but has some more unique offerings like choropleth maps, Sankey diagrams, flow maps, and violin plots, plus streaming data support.

nteract

• Heat.js 5.1 (above) - Generate heat maps, charts, and statistics to visualize date-based activity. Now with point/line chart support.

• numpy-ts 1.2 - NumPy implementation for TypeScript and JavaScript. Now at ~50% native performance and with Float16 support. (Homepage)

• ts-blank-space 0.8 - Pure JavaScript type-stripper using the TypeScript 6 parser.

• RxDB 17.0 - Reactive NoSQL database for JS apps with local-first capabilities.

• filesize.js 11.0.15 - Converts byte counts into human-readable file size strings.

• 💳 React Stripe.js 6.0 - Components for Stripe.js and Stripe Elements.

• css-select 7.0 - CSS selector compiler and engine. Now ESM.

• ESLint Markdown Plugin 8.0 - Lint Markdown with ESLint.

📢 Elsewhere in the ecosystem

• JetBrains' Java/Kotlin IDE IntelliJ IDEA now includes core JavaScript and TypeScript features for free (no Ultimate subscription needed).

• Vercel explains the work going on to make Next.js work better across cloud platforms. The Adapter API provides a way for platforms to adjust apps to suit their environment. OpenNext, Netlify, Cloudflare, AWS Amplify, and Google Cloud are all on board.

• 🤖 GitHub has announced, starting late April, data (including inputs and snippets) from Free/Pro/Pro+ Copilot users will be used, by default, to help train future AI models. You can opt out.

• 🤖 A developer noticed Copilot edited an 'ad' into one of his PRs! GitHub's Martin Woodward explained (on X) why it happened and said the 'feature' has been disabled.

• 🔠 Looking for a new IDE font option? CodingFont lets you find your ideal choice visually using a bracket-style faceoff. Noto Sans Mono won for me - not one I'd considered before!