fidzu : javascript

#​780 - April 7, 2026

Read on the Web

JavaScript Weekly

JSIR: A High-Level IR for JavaScript from Google - Google has open sourced a new tool (JSIR) and proposed an industry-standard IR (Intermediate Representation - if an AST tells you what the code looks like, an IR tells you what it does) for JavaScript. Already used at Google for analysis and code transformation, the underlying idea could form a foundation for a new generation of tooling.

Zhixun Tan (Google)

💡 Most devs won't feel the impact for a while, but this is the kind of groundwork that can lead to better linters, smarter bundlers, better refactoring tools, and so forth.

Free Workshop: Claude Code Deep Dive - April 21 - Lydia Hallie from Anthropic teaches a full-day Claude Code workshop at Frontend Masters on April 21. Free to attend. No subscription required.

Frontend Masters sponsor

What to Know in JavaScript (2026 Edition) - An up-to-date overview of the JS landscape, including the latest ECMAScript additions, frameworks to keep tabs on, runtimes, build tools, and more. A good way to catch up.

Chris Coyier

IN BRIEF:

• 🔓 The Axios team has published a postmortem of last week's npm supply chain compromise. There's also a look into how the social engineering part worked.

• 📊 WebKit, Google and Mozilla have unveiled JetStream 3, the latest version of a suite of popular browser-oriented JS and WASM performance benchmarks.

• Cloudflare has released EmDash, a JavaScript-flavored 'spiritual successor to WordPress'.

• The Svelte team has published its latest monthly roundup.

RELEASES:

• ESLint v10.2.0 - Adds support for language-aware rules through a new meta.languages property. Temporal is now also supported.

• Node.js 25.9.0 (Current) - Adds --max-heap-size to set a max heap size for a process, and includes stream/iter, a new experimental iterable streams API.

📖 Articles and Videos

Minimum Release Age is an Underrated Supply Chain Defense - An increasingly common package manager feature is being able to specify a minimum 'package age'. The idea is that if you wait, then maintainers, security tools, etc. will tackle the most nefarious supply chain attacks. It's no silver bullet, but may suit your use case, and here's how to set it up.

Dani Akash

▶ TanStack Start: A Client-First Web Framework - A 30-minute talk from TanStack's founder showcasing TanStack Start's value proposition for both React and Solid developers looking for a complete SSR framework.

Tanner Linsley

One Extension Replaces Your Entire Analytics Pipeline - TimescaleDB adds hypertables, 95% compression, and continuous aggregates to Postgres. Analytics on live data. Try for free.

Tiger Data (creators of TimescaleDB) sponsor

Burnout is Real for Open Source Maintainers - A 40-minute audio interview (along with a nice write up) with John-David Dalton, the creator of Lodash, one of JavaScript's most popular projects.

The OpenJS Foundation

The Great CSS Expansion - A thorough review of Web-based tasks that were once JavaScript's natural domain (e.g. tooltips, dialogs, scroll animations) but for which modern CSS now excels.

Pavel Laptev

📄 Building a Dual-Scene Fluid 'X-Ray Reveal' Effect in Three.js Cullen Webber

📄 Quick Tip: Intl Can Localize Units, Too Stefan Judis

📄 Things Learned Migrating to Solid 2.0 Brenley Dueck

🛠 Code & Tools

Fuse.js 7.3: Lightweight Fuzzy-Search - Want a search feature tolerant to ambiguous input without a dedicated backend? v7.3 adds per-term fuzzy matching and a static method for single string matching, while v7.4 beta adds worker-based distributed search for tackling huge datasets. A demo shows off the basics.

Kiro Risk

Your CI doesn't have to be this slow - Depot CI: 2-3s job starts, parallel steps, SSH debugging. Run depot ci migrate to move your GitHub Actions in minutes.

Depot sponsor

Announcing Babylon.js 9.0 - Microsoft's popular rendering engine for building interactive, 3D web experiences now has a node-based particle editor, volumetric lighting, advanced Gaussian splatting, and more.

Carter & Lucchini (Microsoft)

Marked.js 18.0: A Fast Markdown Parser and Compiler - A low-level Markdown compiler built for speed. The demo shows off the basics. v18 is largely a bug fix release that also bumps it up to TypeScript 6. GitHub repo.

Christopher Jeffrey

TinyBase v8.1: A Reactive Data Store for Local-First Apps - A reactive data store and sync engine that can be used as the entire backend for many types of app, now with native Svelte 5 support.

James Pearce

xdk-typescript: The Official 'XDK' for the X API - The social media platform's new official SDK for its API (good luck).

X Dev Platform

• npm-check-updates v20.0.0 - Upgrade package.json dependencies to latest versions while preserving semantic versioning policies. Now supporting cooldowns.

• Neutralinojs 6.7 - The cross-platform desktop app framework adds an API for input device simulation and handling.

• 🖼️ SVGInject 2.0 - Inlines SVG files into the DOM at runtime (no build step) so you can style them with CSS.

• vue-clamp 1.0 - Primitives for clamping multiline text, inline strings, and wrapped items in Vue 3. (Demo.)

• vue-virtual-scroller 2.0 - Fast virtual-scrolling for lists in Vue 3.

• Verdaccio 6.4 - Run your own local private npm registry.

• React Native Skia 2.6 - Fast 2D graphics library for RN.

• SunEditor 3.0 - Extensible, vanilla JS WYSIWYG editor.

• hucre 0.3 - Zero-dependency spreadsheet engine.

• bwip-js 4.9 - Pure JavaScript barcode writer.

📢 Elsewhere in the ecosystem

• In CSS is DOOMed, Niels Leenheer shows off how he implemented a version of 1993's Doom using purely CSS rendering (with the game logic in JavaScript). Play it for yourself or check out the code.

• QuickBEAM is a JavaScript runtime for Erlang's BEAM VM, as also used by Elixir. It offers compatibility with core Node.js APIs.

• In CSS or BS? find out how good you are at telling real-life CSS properties from made up ones.

• ✉️ Spencer Mortensen put twenty-five email address obfuscation techniques to the test to see which actually work in 2026.

#​779 - March 31, 2026

Read on the Web

JavaScript Weekly

axios Package Compromised; Malicious Versions Added a Trojan Dependency - Axios is an HTTP library that gets 100M+ downloads a week, largely due to its legacy popularity. An attacker took advantage of that to roll out a version with a malicious dependency including a remote access trojan (though Axios' codebase itself was fine). This is big, as even if you don't use Axios, your dependencies might. Here's how to see if you're affected.

Ashish Kurmi

💡 More: Socket offers a more accessible breakdown. There's also a GitHub issue discussing the matter. It's worth considering pinning your dependencies, preventing post-install scripts from running (can be configured with npm but is the default in pnpm and Bun) and/or using cooldowns for dependency updates (using minimumReleaseAge in npm or pnpm's approach).

Still Writing Tests Manually? Meticulous AI Is Here - Notion, Dropbox, Wiz and LaunchDarkly now use a testing paradigm they can't work without. Built by former Palantir engineers, Meticulous automatically creates an evolving suite of E2E UI tests, delivering exhaustive coverage with no developer effort.

Meticulous sponsor

Transformers.js v4: Run AI Models in the Browser - Brings Hugging Face-hosted transformer models into JavaScript, so you can run NLP, vision, and audio models in-browser. v4 switches to a WebGPU runtime and is installable with npm. There are many live demos covering real-time speech transcription, using Qwen 3.5, and real-time video captioning.

Hugging Face

RELEASES:

• Inertia.js 3.0 - Glue between React, Vue and Svelte SPAs and non-JS server-side frameworks like Laravel, Rails and Django. More on v3 here.

• Node.js March 24, 2026 Security Releases - Including Node.js v25.8.2 (Current), v24.14.1 (LTS), v22.22.2 (LTS), and v20.20.2 (LTS).

• TanStack DB 0.6 - Now with persistence, offline support, and hierarchical data.

• Astro 6.1, Mantine 9.0, Ky 2.0 Prerelease, CKEditor 48.0, pnpm 10.33

📖 Articles and Videos

Signals: The Push-Pull Based Algorithm - A well-diagrammed ground-up explanation of how signals work internally, focusing on the push-pull algorithm at the core of reactivity in frameworks like Solid, Vue, and Angular.

Willy Brauner

🖼️ Your Options for Preloading Images with JavaScript - "There are a number of ways to preload an image on demand with JavaScript, each with their own strengths and drawbacks. Let's explore them."

Alex MacArthur

▶ Stop Guessing Where Your Next.js App Broke - 7 videos on error monitoring, replays, tracing, and alerts to debug across your Next.js stack. Watch now.

Sentry sponsor

A Gentle Intro to npm Workspaces (With Visuals) - Workspaces let you manage multiple packages in one repo and link local packages so they can import each other by name. npm may then hoist and deduplicate compatible dependencies during install.

Carlos Precioso

📄 'I Decompiled the White House's New App' - Among the surprises in the React Native app are a cookie/paywall bypass injector and dynamic loading of JavaScript from a random user's GitHub Pages... Thereallo

📄 Building a Scroll-Reactive 3D Gallery with Three.js, Velocity, and Mood-Based Backgrounds Houmahani Kane

📄 Why We Replaced Node.js with Bun for 5x Throughput Nick at Trigger

🛠 Code & Tools

Pretext: A Multiline Text Measurement and Layout Library - Cheng Lou, formerly a React core team member, caused a stir with this X post three days ago, racking up 22M impressions and getting 25k stars on this repo since. Why? People are very excited about the potential for real time web layouts! There are demos here if you want to see what the excitement is about, although the library itself is reasonably straightforward.

Cheng Lou

GitHub Actions 🤝Expo CI/CD Workflows - Keep GitHub Actions. Add Expo Workflows for mobile: M4 Pro builds, E2E tests, OTA. Let each tool handle what it's best at.

Expo sponsor

Knip v6: The Tool to Declutter Your JS/TS Projects - Knip is a go-to tool for finding and removing unused files, exports, and dependencies in projects. v6 integrates oxc for 2-4x performance gains (it tears through Astro in two seconds) and is largely a drop-in upgrade.

Lars Kappert

📺 ArtPlayer: A Modern, Full-Featured HTML5 Video Player - A straightforward way to get your own heavily-customizable YouTube-style player experience. There's a full, live demo/playground showing it off.

Harvey Zhao

Semiotic 3.0: React + D3 Data Visualization Framework - Does the basics well, but has some more unique offerings like choropleth maps, Sankey diagrams, flow maps, and violin plots, plus streaming data support.

nteract

• Heat.js 5.1 (above) - Generate heat maps, charts, and statistics to visualize date-based activity. Now with point/line chart support.

• numpy-ts 1.2 - NumPy implementation for TypeScript and JavaScript. Now at ~50% native performance and with Float16 support. (Homepage)

• ts-blank-space 0.8 - Pure JavaScript type-stripper using the TypeScript 6 parser.

• RxDB 17.0 - Reactive NoSQL database for JS apps with local-first capabilities.

• filesize.js 11.0.15 - Converts byte counts into human-readable file size strings.

• 💳 React Stripe.js 6.0 - Components for Stripe.js and Stripe Elements.

• css-select 7.0 - CSS selector compiler and engine. Now ESM.

• ESLint Markdown Plugin 8.0 - Lint Markdown with ESLint.

📢 Elsewhere in the ecosystem

• JetBrains' Java/Kotlin IDE IntelliJ IDEA now includes core JavaScript and TypeScript features for free (no Ultimate subscription needed).

• Vercel explains the work going on to make Next.js work better across cloud platforms. The Adapter API provides a way for platforms to adjust apps to suit their environment. OpenNext, Netlify, Cloudflare, AWS Amplify, and Google Cloud are all on board.

• 🤖 GitHub has announced, starting late April, data (including inputs and snippets) from Free/Pro/Pro+ Copilot users will be used, by default, to help train future AI models. You can opt out.

• 🤖 A developer noticed Copilot edited an 'ad' into one of his PRs! GitHub's Martin Woodward explained (on X) why it happened and said the 'feature' has been disabled.

• 🔠 Looking for a new IDE font option? CodingFont lets you find your ideal choice visually using a bracket-style faceoff. Noto Sans Mono won for me - not one I'd considered before!

#​778 - March 24, 2026

Read on the Web

JavaScript Weekly

Announcing TypeScript 6.0 - Over six months in the making, TypeScript 6.0 is designed to bridge the gap between its self-hosted compiler and the (almost ready) Go-powered native compiler of TypeScript 7.0 . There are new features (Temporal improvements, RegExp.escape, and more), but most important are the changes to help you prepare for 7.0:

• Numerous default changes: strict is now true, module is esnext, rootDir defaults to ., and more.
• A change that will affect many apps is types defaulting to [] rather than pulling in everything from node_modules/@types.
• Numerous deprecations: the es5 target, emitting AMD, UMD, and SystemJS modules, --baseUrl, and others.
• --stableTypeOrdering makes 6.0's type ordering behavior match 7.0's to help diagnose inference differences as you update.

Daniel Rosenwasser (Microsoft)

Add Excel-like Spreadsheet Functionality to Your JavaScript Apps - SpreadJS is the industry-leading JavaScript spreadsheet for adding advanced spreadsheet features to your enterprise apps. Build finance, analysis, budget, and other apps. Excel I/O, 500+ calc functions, tables, charts, and more. View demos now.

SpreadJS from MESCIUS inc sponsor

IN BRIEF:

• 🤖 The Node.js community is wrestling with the role that LLM-produced code should play in its implementation, with the once creator of the io.js fork starting a petition to say 'no' to contributions built with AI assistance.

• A large number of Deno employees announced (e.g.) they were departing the company last week. Deno employee Josh Collinsworth, not speaking for the company, noted "Deno is not going away. These are just hard times."

• 📗 Chibivue is a code project and associated online book that provides, and explains how to build for yourself, a minimal Vue.js implementation.

RELEASES:

• Next.js 16.2 - The React framework gets much faster next dev startup and ~50% faster rendering.

• Storybook 10.3.0 - The component workshop adds Vite 8, Next.js 16.2, and ESLint 10 support, plus a preview of an MCP server for React dev.

• ⚠️ All maintained Node.js versions are due security releases later today to address nine vulnerabilities.

• Deno 2.7.6 - deno eval auto-detects CJS vs ESM, and --cpu-prof-flamegraph generates interactive SVG flamegraphs.

• Bun 1.3.11, Valibot 1.3, ESLint 10.1

📖 Articles and Videos

The Three Pillars of JavaScript Bloat - Three reasons your node_modules is huge: needless ES3-era compat packages, micro-libraries with a single consumer, and ponyfills for APIs that shipped years ago! James, known for the e18e ecosystem performance project, offers some ways to calm the chaos.

James Garbutt

How Rewriting a Rust and WASM-Powered Parser in TypeScript Made it Faster - A counterintuitive result on the surface, but the WASM-JS boundary can introduce a serious performance penalty for many use cases, such that it can be 2-4x quicker to stay in the JS world.

Thesys Engineering Team

Clerk Auth for Chrome Extensions - Now in Vanilla JS - The Chrome Extension SDK now supports vanilla JS via createClerkClient(). Build popups and side panels without React. New quickstart included.

Clerk sponsor

📊 A React SSR Framework Performance Showdown - A large benchmark of TanStack Start, React Router, and Next.js under heavy load. The results led to patches benefitting both TanStack and React generally.

Matteo Collina (Platformatic)

Two React Design Choices Developers Don't Like, But Can't Avoid - Deferred state commits and dependency arrays on effects cause a lot of issues, but Ryan points out that signal-based alternatives (like Solid) only avoid them by staying synchronous.

Ryan Carniato

📄 JavaScript Thinks Everything's a Date - This is why we celebrate the progress of the Temporal API! Robert Gambee

📄 An Introductory Guide to Bookmarklets - Tiny bits of JavaScript saved in, and triggered by, bookmarks. Declan Chidlow

📺 How to Burn $30M on a JavaScript Framework - A five-minute retrospective of 2012's famo.us project. Fireship

📄 Node.js Worker Threads are Problematic, But They Work Great for Us Aaron Harper (Inngest)

🛠 Code & Tools

pnpm 11 Beta 0: A Sneak Peek - The efficiency-focused npm alternative continues its outsized impact on JS package management. It's moving to a SQLite-powered store, gets a configuration overhaul, and has stricter build security by default. Four new commands, too, including pnpm sbom for generating Software Bill of Materials JSON documents.

pnpm contributors

Edge.js: Running Node Apps Inside a WebAssembly Sandbox - A new, in-alpha runtime that maintains full Node compatibility while offering isolation via WebAssembly. Existing apps/modules run unmodified with system calls sandboxed, and the JS engine used is pluggable (between V8, JavaScriptCore and QuickJS). More info on the homepage.

Syrus Akbary (Wasmer)

Breakpoints and console.log Is the Past, Time Travel Is the Future - 15x faster JavaScript debugging than with breakpoints and console.log, supports Vitest, Jest, Karma, Jasmine, and more.

Wallaby Team sponsor

ArrowJS 1.0: Fast, Reactive UI Runtime Built on Platform Primitives - Built around ES modules, template literals and the DOM, it can also isolate component logic inside WASM sandboxes while rendering full inline DOM directly. First unveiled in 2022 by the creator of FormKit, it's now clearly finding its feet.

Justin Schroeder

Sugar High 1.0: A Lightweight JSX Syntax Highlighter - Doesn't need React present, so you can use it for syntax highlighting JSX snippets anywhere. You can also theme it with CSS. GitHub repo.

Jiachi Liu

• htmlparser2 12.0 - Fast, forgiving HTML and XML parser focused on performance. Works both server-side and in the browser.

• 🔊 vue-audio-visual 3.1 - Vue 3 HTML5 audio visualization components using the Web Audio API. Check out the demos.

• Svelte SEO 2.1 - Optimize Svelte apps for search engines/social media with meta tags, Open Graph, and JSON-LD.

• pnpm/action-setup 5.0 - GitHub Action to install and configure pnpm. Now uses Node.js v24.

• ☎︎ vue-tel-input v9.8.0 - Vue component for global phone number input. (Demo.)

• Mediabunny 1.40.0 - Powerful toolkit for reading/writing/converting media files.

• 🗓️ EventCalendar 5.5 - Full-sized drag and drop event calendar.

• Maz UI 4.9 - Lightweight UI components for Vue 3 and Nuxt 3.

• React Joyride 3.0 - Create guided tours in React apps.

📢 Elsewhere in the ecosystem

• The Microsoft Visual Studio Code team shares how they use AI to work on VS Code, from organizing their work and handling issues, to pushing out new releases. If you've noticed VS Code is getting a release every week now, this is why!

• 🔒 Perhaps more than ever, it's essential to ensure no secrets have sneaked into your repos. Secretlint is a linter dedicated to that task.

• Back in 1989, Rob Pike, famous for his work on both the Go programming language and co-creating UTF-8, wrote Rob Pike's 5 Rules of Programming which has gone viral this week and still apply in 2026!

• 🤖 Addy Osmani introduces us to comprehension debt. In a world of agent-produced code, the question is now not "how do we generate more code?" but "how do we actually understand more of what we're shipping?"

•  Dislike all the menu icons that macOS 26 (Tahoe) has introduced? There's a solution: defaults write -g NSMenuEnableActionImages -bool NO