Things people get wrong about Electron

#​564 — January 28, 2025

Read on the Web

A Failed Attempt to Shrink All npm Packages by 5% — What if you could shrink all npm package sizes by 5%.. wouldn’t that benefit all of us? Here’s how one developer did just that using Zopfli compression and then made a proposal to the npm maintainers to implement it. While promising, the proposal was ultimately rejected due to a variety of challenges and trade-offs, such as slower publishing speeds. Nonetheless, it’s a good story packed with things to learn from.

Evan Hahn

Things People Get Wrong About Electron — A proud maintainer of the wildly successful Electron cross-platform app framework stands by the technical choices made over the years and defends it against some of the more common criticisms here. If an hour of Netflix is 7 gigabytes, what’s 100MB for an app?

Felix Rieseberg

Reduce Your Apache Kafka Costs + Ops Burden with WarpStream — WarpStream reduces Kafka costs by 80+% by eliminating disks and interzone networking fees and features zero ops auto-scaling. It runs in your private cloud and data is stored in your object storage buckets, so raw data never leaves your environment.

WarpStream sponsor

The January 21, 2025 Security Releases Arrived — Security updates for versions 18.x, 20.x, 22.x, and 23.x, addressing vulnerabilities including a high-severity worker permission bypass. Patches also cover path traversal issues on Windows & HTTP/2 memory leaks.

The Node.js Project

IN BRIEF:

• We mentioned NestJS 11’s release last week, but now there’s a full release post explaining what’s new with the popular Node backend app framework.

• Some security experts have dubbed a recent Node-related CVE warning people against using end-of-life versions of Node.js as the ‘worst CVE’ of 2024 due to being a ‘hypothetic CVE’ when there are already plenty of real ones to tackle.

Troubles with Multipart Form Data and

in Node — One developer’s pain in debugging somethng that ‘should have just worked’ could be your relief if you run into issues where using

for

requests simply isn’t working (due to a missing trailing CRLF).

Phil Nash

How I Open-Sourced My Secret Access Tokens from GitHub, Slack, and NPM (and Who Cared) — A developer accidentally published API tokens to npm via a misconfigured CI pipeline. npm and Slack detected and revoked said tokens, though GitHub did not. The author shares his tale and some advice.

Ivan Borshcho

Is Heroku Still Worth It in 2025? 💸 — You might want to give this guide a read — we took a tour through PaaS alley and found some worthy (💵) alternatives.

Judoscale sponsor

📄 A Deeper Look into Node.js Docker Images – Which Docker image should you choose? And just what do they contain anyway? Ivan Velichko

📄 A WebAssembly Compiler That Fits in a Tweet – A look into a fantastic little bit of hacking. And, yes, it runs in Node. Mariano Guerra and Patrick Dubroy

🛠 Code & Tools

DBOS Transact v2: Lightweight Durable Execution in TypeScript — An open source library for lightweight durable execution built on Postgres. Durable execution means persisting the execution state of your program while it runs, so if it’s interrupted or crashes, it resumes from where it left off – ideal for long-running or business-critical workflows. Docs.

DBOS, Inc.

Bun 1.2: A Big Step Forward for the Fast JS/TS Runtime — I know it’s not Node, but JavaScriptCore based Bun continues to up the server-side runtime game with major strides forward in Node.js compatibility in particular with this release. I often try Node scripts with

and it Just Works™ – this is a good thing.

Ashcon Partovi and the Bun Team

🎨 node-canvas 3.1: A Cairo-Backed Canvas Implementation — We recently linked to Skia Canvas, a Skia and GPU-powered canvas drawing API for Node, but node-canvas is the longer standing library and is particularly easy to deploy and use, especially as it no longer has libuv or V8 dependencies.

Automattic

Emittery: A Simple, Modern Async Event Emitter — A small, async event emitter for Node and the browser, and now with support for

.

Sindre Sorhus

• Nock 14.0 – HTTP server mocking and expectations library.

• pnpm 10.1 – The alternative, efficient package manager.

• Poku 3.0 – Cross-platform JavaScript test runner.

• np 10.2 – A better

  1	npm publish

  . Adds support for Bun’s new lock file.

• Node File Router 0.7 – File-based routing for API services.

• JSPyBridge 1.2.2 – Run Python from Node or vice versa.

• OpenAI Node 4.80, Undici 7.3, ESLint 9.19.0

📢  Elsewhere in JavaScript

A quick roundup of some of other interesting stories in the broader JavaScript landscape, in case you’ve missed them:

• 🗓️ Implementations of the Temporal object are beginning to appear in experimental browser releases. Brian Smith takes a look at how Temporal will modernize the way we deal with dates in JavaScript.

• 🕒 On the topic of time, Iago Lastra ponders: how long is a second in JavaScript? Luckily most of the time you won’t need to worry about the complexities explained here.

• Node competitor Deno (they share a dad!) did a 2024 roundup of what happened with Deno with a large focus on Node and npm compatibility.

• Nicholas C. Zakas took a look back at the year 2024 and what happened with ESLint during the year.

• SRCL is a neat new suite of React components for creating webapps with a monospaced, terminal-style aesthetic.