State of TypeScript 2026 | The Dev Newsletter

By July 31, Node.js 22.18.0 enabled type stripping by default, Node removed warnings in v24.3.0/22.18.0, and later stabilized the feature in v25.2.0. Yet, this maturation occurred against a backdrop of severe security instability. The ecosystem faced sophisticated, automated threats across npm compromises in 2025, alongside critical serialization vulnerabilities in frameworks like Next.js, such as the "React2Shell" RCE (CVE-2025-55182), a CVSS 10.0 vulnerability forcing a reevaluation of security models governing full-stack JavaScript. **Actions for 2026:** Audit npm dependencies affected by 2025 compromises and require publish-time 2FA plus granular tokens for maintainers where possible; enable `--erasableSyntaxOnly` to prepare codebases for Node.js native TypeScript execution; migrate enums to `as const` objects and namespaces to ES modules before adopting `erasableSyntaxOnly` / Node type stripping workflows; … ... TypeScript 5.8 reached general availability, featuring granular checks for conditional return expressions and improved `require()` support for ESM under `--module nodenext`. The `--erasableSyntaxOnly` compiler option generates errors for features requiring runtime transpilation (specifically enums, namespaces, and parameter properties), marking them as incompatible with erasable-only execution. The team pulled back conditional return type checking to iterate further for version 5.9. … ## Security and Supply Chain Pressure The npm ecosystem saw a chain of incidents (s1ngularity, debug/chalk, Shai‑Hulud) that exposed systemic weaknesses in maintainer auth and CI workflows. Security responses now emphasize granular tokens, publish-time 2FA, and stricter release policies. On the app side, React2Shell (CVE-2025-55182) and follow-on issues underscored the risks in RSC serialization, while Angular’s XSS and other runtime CVEs kept security upgrades at the top of 2025’s backlog. ## Standards and Language Trajectory TC39 withdrew Records & Tuples after the proposal failed to reach consensus, while Temporal began shipping in engines even as TypeScript’s standard libs still lack `Temporal` typings (track TypeScript issue #60164). The type-annotations proposal remains early-stage, but it frames the longer-term path: a JS runtime that can ignore type syntax while TS evolves as a superset. Combined with TypeScript 7's upcoming breaking changes and API shifts, the direction for standards is clear: consolidation, stricter defaults, and fewer "magic" features at runtime.