NewsJavaScriptDeveloper Tools

Node.js v26.5.0: Text Imports, Blob Streaming, and Post-Quantum TLS

Node.js v26.5.0 release featuring experimental text file imports, Blob.prototype.textStream() streaming API, and post-quantum TLS group reporting
Node.js v26.5.0 ships with experimental text imports, Blob streaming, and TLS group reporting

Node.js v26.5.0 dropped today with five additions that close gaps between Node’s runtime and the WHATWG/W3C web platform APIs. The headliners: import .txt files directly as ES modules, a new Blob.prototype.textStream() for memory-safe streaming, and TLS group reporting that makes post-quantum key exchange finally auditable. Not a blockbuster release — but every one of these changes fixes something developers have been working around.

Import Text Files as ES Modules

The most immediately useful addition is --experimental-import-text, which lets you import plain text files with the same ES module syntax you already use for JavaScript and JSON.

// node --experimental-import-text app.mjs
import systemPrompt from './prompts/system.txt' with { type: 'text' };
import query from './sql/users.sql' with { type: 'text' };

// Both are plain strings — use directly
const result = await db.query(query);

The with { type: 'text' } import attribute is required. The imported file exposes a single default export as a string — no named exports, no parsing, just the raw content. If you’ve ever written fs.readFileSync('./prompt.txt', 'utf8') at the top of an AI tool, a config loader, or a SQL query runner, this replaces it.

It’s experimental for good reason. Geoffrey Booth argued during the pull request review that browser compatibility and npm package behavior around text imports still need time to stabilize — the same caution that kept JSON imports behind a flag for years. Use it in tooling and internal scripts. Don’t ship it in published packages yet.

Blob.prototype.textStream() Stops Memory Spikes

The existing blob.text() method loads the entire blob into memory before returning a string. For multi-MB file uploads — large CSV files, log archives, AI training datasets — that adds up fast. textStream() fixes this by returning a ReadableStream<string> that decodes UTF-8 content in chunks.

const blob = new Blob([largeFileContent]);
const stream = blob.textStream(); // ReadableStream<string>
const reader = stream.getReader();

while (true) {
  const { done, value } = await reader.read();
  if (done) break;
  await processChunk(value); // value is a decoded string, not Uint8Array
}

This matches the W3C FileAPI specification and is functionally equivalent to piping blob.stream() through a TextDecoderStream — just standardized and simpler. If you’re handling file uploads in an Express or Fastify handler and you care about heap usage, swap out blob.text().

Finally: See What TLS Group Your Server Negotiated

Post-quantum TLS is no longer theoretical. OpenSSL 3.x supports ML-KEM and hybrid ML-KEM key exchange groups, NIST finalized ML-KEM (FIPS 203) in August 2024, and enterprise security teams are actively auditing whether their servers negotiate quantum-resistant algorithms. Until now, Node.js had no clean way to report which group was actually used after a handshake.

v26.5.0 fixes this. getEphemeralKeyInfo() now returns { type: 'TLSGroup', name: '<group>' } for negotiated groups, including quantum-resistant ones:

server.on('secureConnection', (socket) => {
  const info = socket.getEphemeralKeyInfo();
  // { type: 'TLSGroup', name: 'X25519MLKEM768' }
  if (info.type === 'TLSGroup' && info.name.includes('MLKEM')) {
    console.log('Post-quantum key exchange confirmed');
  }
});

If your organization is under pressure to prove post-quantum readiness, this is the audit hook you’ve been waiting for.

Two More: Stream Tee and Event Loop Sampling

ReadableByteStream.tee() is now exposed in Node.js, letting you split a single readable stream into two independent branches — useful for proxy patterns where you need to serve a response to a client and write it to a cache simultaneously. One caution: the slower reader queues all unread data in memory without a limit, so don’t use this for large streams at very different consumption speeds. See the MDN ReadableStream.tee() documentation for the full API.

Performance hooks also get an upgrade. monitorEventLoopDelay({ samplePerIteration: true }) now hooks directly into libuv and records delay on every event loop tick, rather than sampling on a timer interval. Timer-based sampling could miss latency spikes that resolved between samples. If you’re debugging p99 outliers in a production Node.js service, the new option makes your event loop delay histogram actually trustworthy.

How to Upgrade

# nvm
nvm install 26.5.0 && nvm use 26.5.0

# fnm
fnm install 26.5.0 && fnm use 26.5.0

# Verify
node -v  # v26.5.0

Node.js 26 enters Active LTS on October 28, 2026 and will be supported through April 2029. It is also the last release under the biannual model: Node.js 27 launches in April 2027 under a new annual cadence where every release becomes LTS. Check the Node.js release schedule announcement and the official v26.5.0 release notes for full details. If you haven’t standardized your team on Node.js 26 yet, this is the right moment.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *

    More in:News