Contents
TL;DR
JavaScript Weekly #778 (March 24, 2026): TypeScript 6.0 as a bridge to native TS 7.0, Next.js 16.2 release, Node.js security updates, plus community debate on LLM-generated contributions.
What happened
TypeScript 6.0 (Daniel Rosenwasser, Microsoft)—six+ months of work. New: Temporal improvements, RegExp.escape, --stableTypeOrdering to align type ordering with 7.0.
Major default changes (prep for Go-based TS 7 compiler):
| Option | Shift |
|---|---|
strict |
false → true |
module |
→ esnext |
types |
all @types → [] (explicit installs) |
rootDir |
→ . |
Many deprecations: es5 target, AMD/UMD/SystemJS emit, --baseUrl.
Next.js 16.2—faster next dev and ~50% rendering speedup. Storybook 10.3—Vite 8, Next 16.2, ESLint 10, React MCP preview.
Node.js: security release for nine CVEs across maintained lines. Meanwhile a petition (from the io.js fork author) argues against AI-assisted core contributions.
Also: Deno 2.7.6 (deno eval CJS/ESM auto-detect, SVG flamegraphs), Bun 1.3.11, pnpm 11 beta (SQLite store, pnpm sbom).
Why it matters
TS 6.0 is not “just another minor”—it is a migration contract: types: [] breaks projects that implicitly relied on @types/node and friends. Plan upgrades with tsc and inference diffs under --stableTypeOrdering.
Node’s LLM debate reflects comprehension debt (Addy Osmani): the question is not “how to generate more code” but “how to understand what we ship.”
In practice
- Try
typescript@6on CI in a branch; audit implicit@types. - Enable
--stableTypeOrderingbefore 7.0 to catch inference drift early. - Upgrade Next.js 16.2 on staging; measure dev cold start and SSR TTFB.
- Schedule Node security patching (nine CVEs).
- For supply chain—look at Secretlint and
pnpm sbomfrom pnpm 11 beta.
Bottom line
#778 is a dense ecosystem snapshot: TS lays groundwork for 7.0 breaks, Next speeds DX, Node juggles security and contribution culture. For full-stack teams this is an upgrade planning week—not a single npm update.

