A new guide to configuring Node packages

Mitigating a DoS Vulnerability Related to async_hooks - A deep dive into one of the five vulnerabilities tackled by the releases above where apps using async_hooks or AsyncLocalStorage (e.g. React, Next.js, and those using APM tooling) can be forced to exit without throwing a catchable error when recursions in user code exhaust the stack space. Node has mitigated some of the problem, but library and framework creators also have work to do around this issue. Matteo Collina and Joyee Cheung 💡 Sarah Gooding has a higher level write-up of the issue on the Socket blog. Clerk Launches API Keys Public Beta - Let your users create API keys that delegate access on their behalf. Verify keys server-side with the auth() helper, control access with scopes, and revoke instantly. Free during beta. Clerk The Official Node.js Package Configuration Guide - It’s still under development, but the Node team has begun to share an official guide to putting together and configuring your own packages for Node, whether for the first time or if you’re migrating an existing package to ESM and modern best practices. The Node.js Project IN BRIEF: Node.js Becomes a First-Class Citizen in Microsoft Aspire - Aspire is a Microsoft framework for orchestrating the development and deployment of distributed applications. Originally just targeting .NET, the new Aspire 13 makes JavaScript a first-class citizen, so you can now run Vite, Node.js, and full-stack JS apps with service discovery, built-in telemetry, and production-ready containers. Microsoft 📄 tinypdf: Minimal PDF Creation Library - And they really do mean minimal: under 400 lines of code, with no dependencies. It doesn’t support images, custom fonts, encryption, etc. but if you want to get basic shapes and text into a PDF (to generate invoices, say), this is a tidy option. Lulzx pnpm 10.28 - Adds a beforePacking hook to customize package.json 's contents at publish time. A neat way to modify the package manifest included in the published package without affecting your local package.json . actions/setup-node 6.2 - Set up a GitHub Actions workflow with a specific version of Node.js. LogTape 2.0 - Simple logging library for all major JS runtimes. Changelog. 🤖 OpenAI Node 6.16 - The official Node library for OpenAI's APIs. exiftool-vendored.js v35 - Process metadata from photos. NodeBB 4.8 - Node.js-powered forum system. 🚀 Auth0 for AI Agents is the complete auth solution for building AI agents more securely. Start building today . 📢 Elsewhere in the ecosystem A roundup of some other interesting stories in the broader landscape:

Preview: ~417 words