JavaScript news and developer summaries

The Mastodon web application requires JavaScript to function properly in a browser. Users are advised to enable JavaScript or utilize one of the available native Mastodon applications for their specific platform to ensure full functionality.

A major supply chain attack in the npm registry recently compromised millions of applications, highlighting systemic vulnerabilities in the JavaScript ecosystem. While developers describe these incidents as inevitable, contrast with ecosystems like Go and Rust shows that smaller dependency chains and stricter security practices can effectively mitigate such catastrophic security breaches.

This message informs users that JavaScript must be enabled in their web browser to ensure the full functionality and interactive features of the website are accessible to them.

This page demonstrates how browser APIs, such as canvas and font fingerprinting, expose sensitive device and user data to websites. It details how trackers use these techniques to identify visitors without cookies, while explaining that the site itself prioritizes transparency by avoiding data retention, tracking, and external beacons, highlighting systemic privacy risks in modern web design.

The Chrome team is introducing 'Declarative Partial Updates' to modernize web performance. New APIs enable out-of-order streaming via <template> and processing instructions, alongside consistent JavaScript methods for dynamic HTML insertion. These tools allow for 'island architecture' and efficient content delivery, empowering developers to optimize page loads and manage complex web applications more effectively.

Mozilla is disabling asm.js optimizations in Firefox 148, with plans to remove the code entirely. Asm.js paved the way for WebAssembly, providing near-native performance for web applications. Developers are encouraged to migrate to WebAssembly for better performance and smaller binaries. OdinMonkey, the asm.js compiler, is being retired in favor of WebAssembly engines.

The ClojureScript team announced a new release enabling native async/await support for JavaScript interoperability. By using the ^:async hint, developers can compile functions into native JavaScript async functions. This update simplifies interaction with modern Browser APIs and popular libraries, directly addressing a top priority requested by the Clojure community.

Users are experiencing issues accessing this website because JavaScript is disabled or blocked. The site requires JavaScript to function correctly, suggesting that visitors should check their browser settings, disable extensions like ad blockers, or test with a different browser to restore functionality.

Lachlan Davidson discovered a critical remote code execution vulnerability, React2Shell, in React's 'Flight' protocol. He manipulated the protocol's thenable-handling behavior to trick the server into executing arbitrary code. Meta patched the issue as CVE-2025-55182, emphasizing the risks of implicit trust in server-side JavaScript frameworks when handling deserialized data.

Many applications suffer from performance issues due to 'death by a thousand cuts.' Key culprits include unnecessary CORS preflight requests from unused custom headers, ineffective code splitting, bloated dependencies, and oversized background images. Even seemingly minor architectural decisions can significantly degrade perceived performance and load times for users on slower devices or mobile networks.

This offline, single-file HTML tool enables file transfer between devices using QR codes. It transmits data by cycling through encoded chunks, allowing retrieval even on older hardware with limited connectivity. The system tracks missing segments via a grid, supports CRC32 verification, and offers configurable chunk sizes, FPS, and ECC levels for reliable, low-bandwidth data exchange.

Node.js 26.0.0 is now available as the Current release. Key updates include enabling the Temporal API by default, upgrading the V8 engine to 14.6, and updating Undici to 8.0. The release also includes several major deprecations and removals to modernize the platform. It will transition to Long-Term Support in October.

MacSurf is a native web browser for Classic Mac OS 9 that enables modern HTTPS and ES5 JavaScript on vintage PowerPC hardware. By implementing TLS 1.3 and a native rendering stack, it allows G3/G4 Macs to access modern websites without proxies, supporting features like CSS Grid, animations, and transparency on hardware from 1999.

Yes We Scan is a web app using v86 emulation to allow modern browsers to interface with legacy USB scanners. By leveraging WebAssembly, WebUSB, and SANE on Alpine Linux, the application acts as a bridge, enabling users to scan documents without needing specific or outdated drivers, significantly simplifying the process for older hardware.

The Mastodon web application requires JavaScript to function properly. Users who prefer not to use a browser-based interface are encouraged to download native Mastodon apps for their specific platform to access the service.

Firefox 151 introduces support for the Web Serial API, enabling websites to communicate directly with hardware like microcontrollers and 3D printers. This feature simplifies tasks like firmware installation and hardware interaction without native software, while maintaining high security through explicit user permissions and site-specific access controls. It enhances browser capabilities for developers and makers.

The author critiques JavaScript for its bloated syntax and massive dependency chains. To address these inefficiencies in the browser, they introduce LispE, a lightweight WASM-based Lisp interpreter. LispE provides over 450 built-in functions, simplifying development by replacing multiple external libraries while maintaining seamless interoperability with JavaScript via a compact, auditable binary.