What's in a Node.js Bug – A Case Study

This ad is not shown to multipass and full ticket holders
React Summit
React Summit 2025
June 13 - 17, 2025
Amsterdam & Online
The biggest React conference worldwide
Learn More
In partnership with Focus Reactive
Upcoming event
React Summit 2025
React Summit 2025
June 13 - 17, 2025. Amsterdam & Online
Learn more
Bookmark
Rate this content

Anna performs a deep dive into the anatomy of a regression that affected Node.js users in development and production in the past year, and analyzes how it gives us insight into how JS engines work under the hood and how Node.js itself is currently being developed.

This talk has been presented at Node Congress 2025, check out the latest edition of this JavaScript Conference.

FAQ

The talk is about a Node.js bug related to character encoding and performance issues.

Anna is very passionate about character encoding and has given talks on the topic.

The speaker is Anna, a staff engineer at MongoDB and a former Node.js core contributor.

Character encoding is the conversion of characters into byte sequences to communicate with the operating system. It is important for representing different languages and characters in software applications.

Common character encodings mentioned include ASCII, ISO 8859-1 (Latin-1), UTF-8, and UTF-16.

The bug was discovered through bug reports in the Node.js core GitHub repo, indicating issues with UTF-8 and character encodings.

UTF-8 is popular because it is backward compatible with ASCII and can represent a wide range of characters.

It is advised to be careful with using the latest Node.js versions in production and to test against them if possible.

The bug involves a non-deterministic issue with UTF-8 and character encodings, triggered after many iterations in a Node.js application.

Anna is a staff engineer at MongoDB working on the developer tool suites.

Anna Henningsen
Anna Henningsen
23 min
17 Apr, 2025

Comments

Sign in or register to post your comment.
Video Summary and Transcription
I'm going to talk about character encodings, specifically a Node.js bug related to UTF-8. Two popular encodings are UTF8 and UTF16. The bug was discovered in August 2024 and was traced to a specific pull request in the Node.js core repository. The bug is caused by an incorrect implementation of the fast write string method. Lessons learned include the importance of naming conventions and thorough testing beyond coverage analysis.

1. Introduction to Character Encodings

Short description:

I'm going to talk about a Node.js bug. I'm Anna, a staff engineer at MongoDB and a former Node.js core contributor. I'm passionate about character encoding. Let's discuss what character encodings are. Character encodings are conversions that everyone agrees on to talk to the outside world. Early standardized character encodings include ASCII and ISA88591. Unicode came along to represent more characters by assigning a number to each character and then assigning a sequence of bytes to that number.

Yeah, hi, everyone, and thanks for joining this talk. So, I'm going to be talking about a Node.js bug.

Some quick intro for myself. Hey, I'm Anna. I am currently a staff engineer at MongoDB working on the developer tool suites. If you have ever used MongoDB, I'm sure a lot of you have at some point. I am working on a couple more things. I am also a former Node.js core contributor, have been quite active in the past, and a technical steering committee member on that side. I am very, very passionate about character encoding. I have given talks on that topic before. I know it may seem a little boring sometimes, or not like it's, you know, it isn't like bleeding edge technology, but it's still something that I think always makes for interesting conversations. This is how you can reach me. I also uploaded the slides at this link here, if you want to look for them at some point later.

Before we actually talk about the Node.js bug that I was referring to, let's do a quick refresher about what character encodings actually are specifically. So, like in a general, like typical application, you have your code that you run. That's a separate program. And that somehow talks to an operating system or kernel, which, you know, takes care of talking to the outside world for your application. And the way we've built software that happens to be the case that this operating system or kernel mostly, you know, receives and sends out information in the form of byte sequences. But your application typically works with the logic of like character sequences, which are typically called strings. And so, in order to like be able to work with strings inside your application, you need to have some kind of conversion that everybody agrees on in order to talk to the outside world. And those conversions are called character encodings.

Some of the early standardized character encodings, everybody knows ASCII, I'm sure that was like a way to encode most English language characters, still is. But that means that there are characters that you cannot represent. And then over time, obviously, you know, people recognize the need to be able to represent other characters. So, one of the more popular ones that is also like special for historical reasons is this ISA88591, which at least covers a lot of like Central European characters. But obviously, that's, you know, that also reaches its limits. You want to be able to represent Chinese characters, you're going to have to come up with something new where you cannot represent every character by a single byte. And so, Unicode came along and this was like starting to be really popular in the late 90s, early 2000s. And that essentially converted this process into a two-step process where through each character that you want to be able to represent, you assign a number. And then to that number, you assign a sequence of bytes.

2. Character Encodings in JavaScript

Short description:

Two popular character encodings relevant today are UTF8, which is backwards compatible with ASCII and does something special for byte sequences outside the ASCII range, and UTF16, which is not compatible with ASCII. JavaScript engines have different representations for strings, with some being concatenated and internally represented as multiple strings. JavaScript engines are smart about representing strings internally.

And so, two of the more popular ones and the ones that are particularly relevant for this conversation today are 1UTF8, which is like, you know, backwards compatible with ASCII for as far as the byte sequences are concerned. It just like it starts to do something special for byte sequences that are outside the ASCII range. And UTF16, which is a way that's like not compatible with ASCII at all. But if you look at these in more detail, you can see that there are still like some shared representations of characters and some, you know, shared history when it comes to how strings exactly are being represented.

And so, I think most of you as JavaScript developers will have heard the, you know, claim that JavaScript uses UTF16, right? That's how strings work in JavaScript. And that's like, that's not entirely wrong, but it's also not true. And so, if we look into the source code of the JavaScript engine that Node.js uses and that Google Chrome uses, and a lot of JavaScript applications use these days, we can look at the source code of the we can look for all the strings that this implementation defines, and we can see there's actually a lot of very different representations for strings. And there are two that are particularly worth highlighting, which I'll show you in a second.

So, if you want to inspect, for example, how V8 internally represents this string here that I'm building together, it's like a concatenation and then a repetition and a substring of that. There actually is a way to do that. You need to expose V8 internals for that. So, this is not something you could do in a production application. But there is this debug print helper that V8 provides and you need to pass a special flag in order to enable it. And you can actually look at, like, you know, hey, what does this string contain? And so, for example, for this one, it's going to say it's a const string type, which means it's concatenated. It is actually internally represented as the concatenation of two strings, not a single sequence in memory. And so, if we break this apart, we can see that, like, yes, it's a concatenation of a single byte string or one byte string is what V8 calls it. And a slide string, which is represented by two byte strings. And we'll get into a bit why that's terrible naming. But the point that I'm trying to make here is JavaScript engines are going to be smart about how they internally represent strings.

Check out more articles and videos

We constantly think of articles and videos that might spark Git people interest / skill us up or help building a stellar career

It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Node Congress 2022Node Congress 2022
26 min
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Top Content
The talk discusses the importance of supply chain security in the open source ecosystem, highlighting the risks of relying on open source code without proper code review. It explores the trend of supply chain attacks and the need for a new approach to detect and block malicious dependencies. The talk also introduces Socket, a tool that assesses the security of packages and provides automation and analysis to protect against malware and supply chain attacks. It emphasizes the need to prioritize security in software development and offers insights into potential solutions such as realms and Deno's command line flags.
ESM Loaders: Enhancing Module Loading in Node.js
JSNation 2023JSNation 2023
22 min
ESM Loaders: Enhancing Module Loading in Node.js
Top Content
ESM Loaders enhance module loading in Node.js by resolving URLs and reading files from the disk. Module loaders can override modules and change how they are found. Enhancing the loading phase involves loading directly from HTTP and loading TypeScript code without building it. The loader in the module URL handles URL resolution and uses fetch to fetch the source code. Loaders can be chained together to load from different sources, transform source code, and resolve URLs differently. The future of module loading enhancements is promising and simple to use.
Towards a Standard Library for JavaScript Runtimes
Node Congress 2022Node Congress 2022
34 min
Towards a Standard Library for JavaScript Runtimes
Top Content
There is a need for a standard library of APIs for JavaScript runtimes, as there are currently multiple ways to perform fundamental tasks like base64 encoding. JavaScript runtimes have historically lacked a standard library, causing friction and difficulty for developers. The idea of a small core has both benefits and drawbacks, with some runtimes abusing it to limit innovation. There is a misalignment between Node and web browsers in terms of functionality and API standards. The proposal is to involve browser developers in conversations about API standardization and to create a common standard library for JavaScript runtimes.
Out of the Box Node.js Diagnostics
Node Congress 2022Node Congress 2022
34 min
Out of the Box Node.js Diagnostics
This talk covers various techniques for getting diagnostics information out of Node.js, including debugging with environment variables, handling warnings and deprecations, tracing uncaught exceptions and process exit, using the v8 inspector and dev tools, and generating diagnostic reports. The speaker also mentions areas for improvement in Node.js diagnostics and provides resources for learning and contributing. Additionally, the responsibilities of the Technical Steering Committee in the TS community are discussed.
Node.js Compatibility in Deno
Node Congress 2022Node Congress 2022
34 min
Node.js Compatibility in Deno
Deno aims to provide Node.js compatibility to make migration smoother and easier. While Deno can run apps and libraries offered for Node.js, not all are supported yet. There are trade-offs to consider, such as incompatible APIs and a less ideal developer experience. Deno is working on improving compatibility and the transition process. Efforts include porting Node.js modules, exploring a superset approach, and transparent package installation from npm.
Multithreaded Logging with Pino
JSNation Live 2021JSNation Live 2021
19 min
Multithreaded Logging with Pino
Top Content
Today's Talk is about logging with Pino, one of the fastest loggers for Node.js. Pino's speed and performance are achieved by avoiding expensive logging and optimizing event loop processing. It offers advanced features like async mode and distributed logging. The use of Worker Threads and Threadstream allows for efficient data processing. Pino.Transport enables log processing in a worker thread with various options for log destinations. The Talk concludes with a demonstration of logging output and an invitation to reach out for job opportunities.

Workshops on related topic

Node.js Masterclass
Node Congress 2023Node Congress 2023
109 min
Node.js Masterclass
Top Content
Workshop
Matteo Collina
Matteo Collina
Have you ever struggled with designing and structuring your Node.js applications? Building applications that are well organised, testable and extendable is not always easy. It can often turn out to be a lot more complicated than you expect it to be. In this live event Matteo will show you how he builds Node.js applications from scratch. You’ll learn how he approaches application design, and the philosophies that he applies to create modular, maintainable and effective applications.

Level: intermediate
Build and Deploy a Backend With Fastify & Platformatic
JSNation 2023JSNation 2023
104 min
Build and Deploy a Backend With Fastify & Platformatic
Top Content
WorkshopFree
Matteo Collina
Matteo Collina
Platformatic allows you to rapidly develop GraphQL and REST APIs with minimal effort. The best part is that it also allows you to unleash the full potential of Node.js and Fastify whenever you need to. You can fully customise a Platformatic application by writing your own additional features and plugins. In the workshop, we’ll cover both our Open Source modules and our Cloud offering:- Platformatic OSS (open-source software) — Tools and libraries for rapidly building robust applications with Node.js (https://oss.platformatic.dev/).- Platformatic Cloud (currently in beta) — Our hosting platform that includes features such as preview apps, built-in metrics and integration with your Git flow (https://platformatic.dev/). 
In this workshop you'll learn how to develop APIs with Fastify and deploy them to the Platformatic Cloud.
Building a Hyper Fast Web Server with Deno
JSNation Live 2021JSNation Live 2021
156 min
Building a Hyper Fast Web Server with Deno
Workshop
Matt Landers
Will Johnston
2 authors
Deno 1.9 introduced a new web server API that takes advantage of Hyper, a fast and correct HTTP implementation for Rust. Using this API instead of the std/http implementation increases performance and provides support for HTTP2. In this workshop, learn how to create a web server utilizing Hyper under the hood and boost the performance for your web apps.
0 to Auth in an Hour Using NodeJS SDK
Node Congress 2023Node Congress 2023
63 min
0 to Auth in an Hour Using NodeJS SDK
WorkshopFree
Asaf Shen
Asaf Shen
Passwordless authentication may seem complex, but it is simple to add it to any app using the right tool.
We will enhance a full-stack JS application (Node.JS backend + React frontend) to authenticate users with OAuth (social login) and One Time Passwords (email), including:- User authentication - Managing user interactions, returning session / refresh JWTs- Session management and validation - Storing the session for subsequent client requests, validating / refreshing sessions
At the end of the workshop, we will also touch on another approach to code authentication using frontend Descope Flows (drag-and-drop workflows), while keeping only session validation in the backend. With this, we will also show how easy it is to enable biometrics and other passwordless authentication methods.
Table of contents- A quick intro to core authentication concepts- Coding- Why passwordless matters
Prerequisites- IDE for your choice- Node 18 or higher
GraphQL - From Zero to Hero in 3 hours
React Summit 2022React Summit 2022
164 min
GraphQL - From Zero to Hero in 3 hours
Workshop
Pawel Sawicki
Pawel Sawicki
How to build a fullstack GraphQL application (Postgres + NestJs + React) in the shortest time possible.
All beginnings are hard. Even harder than choosing the technology is often developing a suitable architecture. Especially when it comes to GraphQL.
In this workshop, you will get a variety of best practices that you would normally have to work through over a number of projects - all in just three hours.
If you've always wanted to participate in a hackathon to get something up and running in the shortest amount of time - then take an active part in this workshop, and participate in the thought processes of the trainer.
Mastering Node.js Test Runner
TestJS Summit 2023TestJS Summit 2023
78 min
Mastering Node.js Test Runner
Workshop
Marco Ippolito
Marco Ippolito
Node.js test runner is modern, fast, and doesn't require additional libraries, but understanding and using it well can be tricky. You will learn how to use Node.js test runner to its full potential. We'll show you how it compares to other tools, how to set it up, and how to run your tests effectively. During the workshop, we'll do exercises to help you get comfortable with filtering, using native assertions, running tests in parallel, using CLI, and more. We'll also talk about working with TypeScript, making custom reports, and code coverage.