Node.js news and developer summaries

A major supply chain attack in the npm registry recently compromised millions of applications, highlighting systemic vulnerabilities in the JavaScript ecosystem. While developers describe these incidents as inevitable, contrast with ecosystems like Go and Rust shows that smaller dependency chains and stricter security practices can effectively mitigate such catastrophic security breaches.

The yt-dlp project has announced the deprecation and limitation of Bun support due to security concerns and instability. Support is now restricted to Bun versions 1.2.11 through 1.3.14. The maintainers cited potential supply chain vulnerabilities in older versions and concerns regarding the project's transition from Zig to Rust.

Deno 2.8 is a major update featuring improved npm compatibility, performance optimizations, and new subcommands like deno audit fix, deno bump-version, deno ci, deno pack, deno transpile, and deno why. It enhances Node.js API support, upgrades V8, introduces import defer, integrates powerful debugging and profiling tools, and refines workspace management with the catalog protocol.

This macOS utility automates personal data removal from over 500 people-search sites. Built with Node.js and Playwright, it uses CapSolver for CAPTCHAs, persistent state tracking via JSON, and iMessage notifications. It automates opt-out workflows, handles manual-only sites, and secures privacy by keeping all personal information stored locally on the user's machine.

Node.js 26.0.0 is now available as the Current release. Key updates include enabling the Temporal API by default, upgrading the V8 engine to 14.6, and updating Undici to 8.0. The release also includes several major deprecations and removals to modernize the platform. It will transition to Long-Term Support in October.