fidzu : javascript

#​765 - December 12, 2025

Read on the Web

JavaScript Weekly

Useful Patterns for Building HTML Tools - In many situations, you don't need a full-on framework to build useful tools; just HTML, JavaScript and CSS in a single file will do the job fine. Simon's become a bit of an expert by rolling out many such tools using LLMs, and shares his process and practices here. More please!

Simon Willison

Why Are the Top AI Companies Choosing SpreadJS? - Because SpreadJS brings a familiar Excel-like UI to JavaScript web apps. Trusted by leading AI innovators and organizations, it empowers devs to build finance, analytics, and more apps with Excel I/O, 500+ calc functions, charts, & more. View demos!

SpreadJS From MESCIUS sponsor

Deno 2.6 Released - The popular alternative runtime introduces a new npx-like tool called dx to run binaries from npm and JSR packages, adds a deno audit tool for identifying vulnerabilities in dependencies, adds more granular control over runtime permissions, implements source phase imports, and more.

Iwańczuk and Jiang (Deno)

IN BRIEF:

• ⚠️ Two more vulnerabilities relating to React Server Components surfaced yesterday, separate to last week's React2Shell incident.

• 🔒 GitHub shares an update on its npm token policies. All npm classic tokens have been revoked this week, and there's now a new process for getting a two hour session token or a granular access token instead.

• 🕒 Chrome 144 Beta has been released with support for the Temporal API for working with dates and times.

• Microsoft has unveiled a preview of its JavaScript/TypeScript Modernizer for VS Code - it's a tool that analyzes a project and suggests an upgrade plan for both syntax and dependencies.

• Oxlint introduces type-aware linting in alpha form.

RELEASES:

• Node.js v24.12.0 (LTS) - The first LTS release of Node.js with type stripping marked as stable.

• @platformatic/python-node v2.0 - Run Python ASGI apps in Node.js processes. Now supporting HTTP response streaming and bidirectional WebSockets.

• Bun v1.3.4 - Now with support for URLPattern, fake/controllable timers in its test runner, and console.log now supports the %j specifier like Node.

• React v19.2.3, v19.1.4, and v19.0.3

📖 Articles and Videos

How the Seattle Times is Protecting Itself from npm Supply Chain Attacks - Technical details on how the Seattle Times has been adopting pnpm as an alternative to npm for its enhanced client-side security controls.

Ryan Sobol

A Proposal for Making Complex Web Apps Faster - From Microsoft comes an early-stage look at a proposal for a new Delayed Message Timing API to help deal with the slowdowns that multiple parallel contexts (iframes, threads, multiple windows, etc) can introduce. Feedback is being sought.

Joone Hur & Patrick Brosset (Microsoft)

Behind CERN's Data Engine: Faster Writes, Instant Insights - CERN's massive time-series workloads run faster with TimescaleDB, improving ingestion, compression, and real-time analytics.

Tiger Data sponsor

Building a Tiny 2D Physics Engine in JavaScript - A lovely, and rather old-school style post about building a simple physics engine from scratch in JavaScript then golfing it down to just 2KB of source as seen on its homepage (where there's a demo too).

Maxime Euzière

📄 Non-Blocking Cross-Browser Image Rendering on the Canvas - A good way to improve UX responsiveness with more complex use cases. Alexander Myshov

📄 Prelude of the Chambered Reborn: Rewriting a Classic in TypeScript - Porting a Java game that Minecraft's creator worked on during a Ludum Dare contest. Angelo Lima

📄 Angular Tips - A documentation site covering numerous best practices for building large Angular apps. Martin Boué

🛠 Code & Tools

Open Sourcing the Remix Store - The Remix Store is a swag store for the Remix project and its codebase provides a powerful example of how Remix's own core team builds apps with Remix and Hydrogen.

Brooks Lybrand and the Remix Team

💡 You don't need to be a Remix user to benefit from this code, either. For example, here's the code to the store's neat 'glitchy' 404 page which you could adapt to use elsewhere.

🕒 <relative-time> 5.0: Format Timestamps as a Natural Language Relative Time - Supply this web component with a standard formatted date and time and it'll render "2 days ago", say. GitHub uses this itself on all repo and code views.

GitHub

Still Writing Tests Manually? - See why modern engineering teams like Dropbox, Notion and Lattice rely on Meticulous to run E2E UI tests.

Meticulous AI sponsor

ts-exec: Execute TypeScript on Node using SWC - From the creator of Adonis comes another way to run TypeScript on Node. While Node 22.18+ supports type stripping, ts-exec supports JSX and decorators and has some benefits over ts-node and tsx.

Harminder Virk

Toastflow: A Toast Notifications Library for Vue 3 - A really nifty web-based playground for playing around with toast notifications. I wish more projects had things like this. Toastflow is technically framework agnostic, but the only renderer so far is for Vue 3. GitHub repo.

Adrián Janočko

Devalue: Get the Job Done When JSON.stringify Can't - A library from the Svelte project that's like JSON.stringify but that can tackle more things like cyclical and repeated references, regexes, Map and Set, and even custom types. You can try it out here.

Svelte

iceberg-js: A JavaScript Client for Apache Iceberg - A minimal, vendor-agnostic JavaScript client for the Apache Iceberg REST Catalog API that works in most runtimes and environments.

Katerina Skroumpelou (Supabase)

• Inertia 2.3 - Build single-page React, Vue and Svelte apps using classic server-side routing and controllers (ideally for integrating with server-side frameworks like Django, Rails, Laravel, etc.)

• OpenPGP.js 6.3 - OpenPGP implementation for JavaScript.

• 🗓️ React Datepicker 9.0 - Long-standing React date picker component.

• 🎸 SVGuitar 2.5 - Render guitar chord charts in SVG form.

• pnpm 10.25 - Fast, space efficient package manager.

• js-tokens 10.0 - Tiny JavaScript source tokenizer.

📢 Elsewhere in the ecosystem

Some other interesting tidbits in the broader landscape:

• 📺 Earlier this year, Dimitri Mitropoulos wowed us by running Doom inside TypeScript's type system - now he's back ▶️ showing off TypeSlayer, a tool for diagnosing and fixing TypeScript performance problems with some fantastic 3D visualizations. It looks great, but isn't public yet.

• Get up to speed with the latest developments in the world of CSS this year with the Chrome team's CSS Wrapped 2025.

• GitHub shares some updates on work it's done on its GitHub Actions platform and some new features coming in 2026.

• 🗳️ Rick Viscomi of the Google Chrome team has put out a call for you to vote for the web features you want to see in the future. This is a separate effort from the recent Interop 2025 voting process and votes will accumulate over the long term.

• 🤖 OpenAI released its GPT 5.2 model yesterday.

#​764 - December 5, 2025

Read on the Web

JavaScript Weekly

🎉 JavaScript Turns 30 Years Old 🎉

Back in May 1995, a 33 year old Brendan Eich built the first prototype of JavaScript in just ten days, originally codenamed Mocha (and then LiveScript). On December 4, 1995, Netscape and Sun Microsystems officially announced 'JavaScript' in a press release as "an easy-to-use object scripting language designed for creating live online applications that link together objects and resources on both clients and servers."

Over thirty years, JavaScript has cemented its place at the heart of the Web platform, and more broadly in desktop apps, operating systems (e.g. Windows' use of React Native), mobile apps, and even on microcontrollers.

Here's to another thirty years and, hopefully, the resolution of the confusion and litigation around JavaScript's trademark. C'mon, Larry, give us all a Xmas present we won't forget? 😅

P.S. Enjoy finding the 1995 references in our special birthday montage above.

How to Ship Enterprise Auth, Identity, and Security Features - Enterprise customers demand SSO, SCIM, RBAC, and audit logs that meet strict compliance standards. WorkOS offers developers a platform for shipping these features fast with a suite of easy-to-integrate APIs and a portal for streamlined customer onboarding.

WorkOS sponsor

Progress on TypeScript 7 - It's been a quiet few months for the TypeScript project publicly, but behind the scenes they've been working hard on both TypeScript 6.0 and 7.0. v6.0 is going to be the final JavaScript-based release and act as a stepping stone to the native Go port (v7.0) which is already shaping up to be some 10x faster.

Daniel Rosenwasser (Microsoft)

Anthropic Acquires the Bun JavaScript Runtime - It's been an intense few years for Bun, the JavaScriptCore-powered JS/TS runtime. Anthropic, best known for its Claude LLMs, is betting on Bun for powering its Claude Code agentic development tool and more. Jarred tells the full Bun story here and reassures us Bun will remain open and become better than ever as a result.

Jarred Sumner

IN BRIEF:

• ⚠️ The React team has announced a critical security vulnerability in React Server Components which affects apps that support RSCs, including (some) Next.js apps.

• 🎄 The Advent of Code is taking place right now with 12 days of puzzles to solve.

• If you prefer something more JavaScript specific, AdventJS has some JavaScript-specific puzzles you can solve right in your browser.

• Advent of Svelte is sharing 25 different Svelte-related tips over the month.

• WebGPU is now supported across all major browsers.

RELEASES:

• Vite 8 Beta - Now powered by Rolldown and promising significantly faster production builds and a better platform for future development.

• Oxfmt: Oxc Formatter Alpha - A Rust-powered, Prettier-compatible code formatter.

• ESLint v10.0.0 Alpha 1

📖 Articles and Videos

No More Tokens: Locking Down npm Publishing Workflows - Following a recent spate of npm security incidents, Zach, creator of 11ty, carried out an audit of his npm security footprint and shares some tips we can all use.

Zach Leatherman

💡 Liran Tal also shares some npm security best practices to adopt.

The Nuances of JavaScript Typing using JSDoc - If you prefer JavaScript over TypeScript (and I know there are plenty of you!) but still want some of the benefit of types, JSDoc provides an interesting alternative.

Jared White

No Breakpoints, No console.log - Just AI & Time Travel - 15x faster TypeScript and JavaScript debugging than with breakpoints and console.log, upgrading your AI agent into an expert debugger with real-time context.

Wallaby Team sponsor

How Fast Can Browsers Process Base64 Data? - Gigabytes per second on modern hardware in most cases, except for Firefox and Servo.

Daniel Lemire

Making a 'Drone Ambient Noise' Synthesizer in JavaScript - An interesting look at a tool that turns any files into sound using the Web Audio API and granular synthesis. You can try a live demo here.

Stranno

📊 Comparing AWS Lambda Arm vs x86 Performance Across Runtimes - Different versions of Node.js are put through their paces. Arm seems to be a big win vs x86 on Lambda. Chris Ebert

📄 Angular Pipes: Time to Rethink - We don't see many high quality Angular articles these days, so this is a pleasure. Vyacheslav Borodin

📄 TypeScript Strictness is Non-Monotonic: How strictNullChecks and noImplicitAny Interact Huon Wilson

📄 How to Test a Vue Composable with TypeScript John Franey

📄 Category Theory for JavaScript Developers Ibrahim Cesar

🛠 Code & Tools

🤖 TanStack AI: A Unified Interface for LLM/AI Providers - The latest member of the rapidly growing TanStack family of libraries offers a unified, framework agnostic interface to multiple AI APIs, complete with streaming, and Zod schema inference. Currently in alpha. GitHub repo.

TanStack

💡 Another newcomer is TanStack Pacer which offers framework-agnostic debouncing, throttling, rate limiting, queuing, and batching utilities.

Prototype AI-Powered React Apps Instantly with Agentic Postgres Free - A Postgres built for rapid iteration: vector search, forks, PITR-free forever for developers + agents.

Tiger Data sponsor

Remend: Automatic Recovery of Broken Streaming Markdown - Bring intelligent incomplete Markdown handling to your app, particularly useful if working with LLMs, say. It's extracted from Vercel's Streamdown library, a drop-in replacement for react-markdown, designed for AI-powered streaming.

Hayden Bleasel (Vercel)

Tinybench 6.0: A Tiny, Simple Benchmarking Library - Uses whatever precise timing capabilities are available (e.g. process.hrtime or performance.now). You can then benchmark whatever functions you want, specify how long or how many times to benchmark for, and get a variety of stats in return - it runs across multiple runtimes. GitHub repo.

Tinylibs

Ruby2JS: A Ruby to JavaScript Transpiler - A transpiler aimed at keeping the resulting code looking 'hand crafted' rather than merely transpiled. Play with the live demo on the home page to get a feel for it.

Sam Ruby and Jared White

• Chokidar 5.0 - Efficient cross-platform file watching library for Node.js.

• Prisma 7.1 - Popular ORM for Node.js and TypeScript.

• Neutralinojs 6.4 - Lighter alternative to Electron.

• Express v5.2.0 and v5.2.1

📢 Elsewhere in the ecosystem

Some other interesting tidbits in the broader landscape:

• 🤖 Colin Eberhardt looks into using GitHub's Spec Kit for building a modern Svelte app using Spec-Driven Development (SDD) where the human and AI agents work in tandem.

• The team at DebugBear has a review of web performance topics in 2025, including DevTools enhancements, changes to how TTFB, LCP, and INP are measured, and Firefox's support for the Scheduler API.

• Brian 'Beej' Hall, famous for his various guides for things like network programming and Git, has released Beej's Guide to Learning Computer Science. It's high level and more about the mental models and philosophy of problem solving than any actual coding or math.

• DepX's badge generator gives you a graphical badge you can include in your README or on your project site to show how many (or how few!) dependencies your npm package has.

• Want to try and understand how elliptic curve cryptography works? Here's an attempt at boiling it down.

#​763 - November 28, 2025

Read on the Web

JavaScript Weekly

Over 150 Algorithms and Data Structures Demonstrated in JS - Examples of many common algorithms (e.g. bit manipulation, Pascal's triangle, Hamming distance) and data structures (e.g. linked lists, tries, graphs) with explanations. Available in eighteen other written languages too.

Oleksii Trekhleb et al.

TypeScript: From First Steps to Professional - Learn TypeScript step-by-step with Anjana Vakil, and gain confidence writing code you can trust! Add strong types, reuse interfaces, and apply type safety throughout your app with hands-on projects converting JavaScript to TypeScript.

Frontend Masters sponsor

⚠️ The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know - The next generation of a 'worm' we've previously encountered is back infecting more packages, exfiltrating developers' credentials, then republishing yet more packages to spread further. This is a good writeup of how it works.

Tafani-Dereeper and Obregoso (Datadog)

IN BRIEF:

• Tanner Linsley tells the tale of two years running TanStack (well known for TanStack Start, Query, and Form, among others) as an open source organization.

• The Piccalilli team has made the Introduction to Asynchronous JavaScript chapter of their JavaScript for Everyone course free to read online.

• There's a variety of Black Friday deals offered by well-known members of the frontend community on courses and similar resources.

• Node.js 24 is now a supported runtime on AWS Lambda (as nodejs24.x) and won't be deprecated until April 30, 2028.

RELEASES:

• Prettier 3.7 - The popular opinionated code formatter.

• pnpm 10.24 - The fast, efficiency-focused package manager gets even faster with adaptive network concurrency.

• Bun 1.3.3 - The popular JS runtime adds CompressionStream and DecompressionStream, upgrades to SQLite 3.51.0, and other minor enhancements.

• Playwright 1.57 - Microsoft's browser/Web automation library now has a 'speedboard' tab in its HTML reports to show you your tests sorted by slowness. It also switches from Chromium to Chrome for Testing.

• Valibot 1.2, Storybook 10.1, Next.js v16.0.5, Immer 11.0

📖 Articles and Videos

The Performance Inequality Gap in 2026 - Esteemed browser and Web standards expert Alex Russell looks at the state of client-side Web performance, what sort of bandwidth you should be taking into account, what devices people are using, and warns against ever-growing JavaScript bundle sizes. A lot of data here.

Alex Russell

Why Use React? (On the Frontend) - Jeremy asks some big, potentially uncomfortable questions, but notes how React's modern server-side powers are a real boon, while questioning React's role on the frontend, where Preact might well suit you better.

Jeremy Keith

Breakpoints and console.log Is the Past, Time Travel Is the Future - 15x faster JavaScript debugging than with breakpoints and console.log, supports Vitest, Jest, Karma, Jasmine, and more.

Wallaby Team sponsor

▶ What are 'Invokers': Interactivity without JavaScript? - The Invoker Commands API lets you assign behaviors to buttons. You can use JavaScript to create custom commands, however.

Scott Tolinski

How Vercel Built Its First Mobile App with React Native - Vercel has built an iOS app for its v0 AI-powered app development tool using React Native and Expo. This is a detailed look at how they tackled certain issues to make the UX smooth and responsive.

Fernando Rojo (Vercel)

Wrangling My Email with Claude Code - James shows how you can use Claude's 'agent skills' to run a JavaScript app that fetches your email from Gmail for Claude Code to analyze.

James Long

📄 How a Summer in Abruzzo Helped Bring Type Stripping to Node.js - It's neat to get some background to the story. Marco Ippolito

📄 Taking Down Next.js Servers for 0.0001 Cents a Pop - A vulnerability that has been fixed, if you're on Next.js 15.5.5 or 16+. Alex Browne

📄 Tinyglobby: A Success Story in Modernization and Performance Madeline Gurriarán

📄 Managing Side Effects: A JavaScript Effect System in 30 Lines or Fewer Aycan Gulez

📄 How to Build Cinematic 3D Scroll Experiences with GSAP and Three.js Joseph Santamaria

📄 Migrating 6000 React Tests Using AI Agents and ASTs Elio Capella Sánchez

🛠 Code & Tools

FullCalendar: A Full Sized JavaScript Calendar Control - Get a Google Calendar-style experience in your own apps. Has connectors for React, Vue and Angular, but can be used with plain JavaScript too. The base version is MIT licensed, but there's a commercial version too with extra features.

Adam Shaw

Better Auth: A Comprehensive Authentication Framework for TypeScript - A framework agnostic authentication and authorization framework that provides email and password-based auth, OAuth and social sign-in, account and session management, 2FA, and more. v1.4 was just released with stateless/database-free session management support.

Better Auth

Tiger Data Taught AI to Write Real Postgres Code. Try it Today - pg-aiguide brings real DB expertise to Claude Code, or any other MCP-enabled tool.

Tiger Data sponsor

Heat.js 4.5: A Heat Map Visualization Library - Think the GitHub contributions heat map. No dependencies, small, responsive, and theme-able. There's a live demo or its GitHub repo.

William Troup

Ant Design 6.0: The React UI Design Language and UI Library - One of the bigger, more 'corporate' looking React component suites. v6 provides a smooth migration for v5 users and is focused on optimizations and React 19 compatibility.

Ant Design Team

• 🎨 Chroma.js 3.2 - Color mixing, conversion and manipulation library.

• 🔎 Node File Trace (NFT) 1.1 - Vercel's tool for determining which files are necessary for an app to run.

• Cedar 1.0 - Full-stack React framework forked from the former RedwoodJS.

• swc4j 2.0 - JVM-based JavaScript and TypeScript compilation and bundling.

• 📺 React Lite YouTube Embed v3.2 - A faster, cleaner YouTube embedding component. (Demo.)

• cron-schedule 6.0 - Zero-dependency cron parser and scheduler.

• Vuetify 3.11 - Vue component framework.

• Fable 4.28.0 - F# to JavaScript compiler.

TSDiagram: Diagrams as Code with TypeScript - Draft diagrams quickly with TypeScript. Define your data models through top-level type aliases and interfaces and it automatically lays out the nodes in an efficient way. GitHub repo.

Andrei Neculaesei

📢 Elsewhere in the ecosystem

Some other interesting tidbits in the broader landscape:

• If you've not yet played with CSS's "subgrid" feature (now supported in all major browsers), Josh W Comeau has a fantastic introduction to the new possibilities subgrids offer your layouts.

• ⚠️ GitHub reports secrets/tokens leaked in Git repos to the service providers so they can be revoked, but now it's reporting secrets in unlisted GitHub Gist posts too (so be careful when using it as a 'private' pastebin).

• The RetroGameCoders IDE is a JavaScript and WebAssembly-powered online IDE/playground for coding against retro machines, now including the C64, Apple II, MSX, Atari 800, and others.

• 🤖 Addy Osmani has written a neat roundup of what's new in Gemini 3.0, the latest version of Google's leading LLMs. He touches on Nano Banana Pro image generation, Google's new Antigravity dev tool, and how the updates benefit developers. Not keen to be left behind, however, Anthropic released Claude Opus 4.5 earlier this week.

• The team behind the Zig language isn't happy with GitHub and so is migrating from GitHub to Codeberg.