Deno 2.4 Notes; SQLite Turns 25; Ligolo-ng v0.8

It’s great when tools we use receive major improvements, and that’s the case for three items in my toolkit, all of which had some fairly yuge improvements in 2025Q2.

---

TL;DR

(This is an LLM/GPT-generated summary of today’s Drop using Ollama + Qwen 3 and a custom prompt.)

• Deno 2.4 introduces significant improvements, including a powerful deno bundle subcommand powered by esbuild, support for raw imports, stable OpenTelemetry integration, and enhanced compatibility with Node.js and npm projects (https://deno.land/blog/v2.4)
• SQLite 25th anniversary brings performance improvements with the new sqlite3_rsync feature, including faster syncs through group-page hashing and reduced network traffic, making it more efficient for high-latency environments (https://www.sqlite.org/releaselog/3_50_0.html)
• Ligolo-ng v0.8 adds a web interface and API for collaborative tunneling and pivoting, enabling multiple users to manage agents and tunnels, with improved throughput and support for running without administrative privileges (https://docs.ligolo.ng/)

---

Deno 2.4 Notes

Deno 2.4 introduces a broad set of enhancements, new features, and stability improvements, particularly focused on developer ergonomics, compatibility, and tooling. Since they did a great job showing off the features, these are a slightly more narrative form of my notes in Joplin.

The most notable change is the return of the deno bundle subcommand, now powered by esbuild. This means you can create single-file JavaScript or TypeScript bundles for both server and browser targets, with automatic tree shaking and minification. It supports npm and JSR dependencies, and you can generate external sourcemaps. The bundler is now robust enough that Deno plans to keep it as a core feature, with future plans for plugins and a programmatic API.

Importing text and bytes is now possible using the --unstable-raw-imports flag. You can directly import non-code assets like text files or images into your module graph, and these imports are compatible with both bundling and compilation. This approach is more spec-aligned than the ad-hoc solutions seen in some frameworks, and it works for embedding assets into compiled binaries as well.

OpenTelemetry support is now stable. You can instrument logs, metrics, and traces in your Deno projects with zero configuration (just set OTEL_DENO=1). This makes distributed tracing and observability much simpler, and works seamlessly in Deno Deploy and Node environments.

A new --preload flag lets you execute code before your main script, which is useful for customizing the runtime environment, modifying globals, or setting up dependencies. This is available for deno run, deno test, and deno bench.

Dependency management is easier with the new deno update command, which updates npm and JSR dependencies in your project to the latest semver-compatible versions. There are options to ignore semver constraints and filter-specific packages.

Script coverage collection is improved: you can now use deno run --coverage to collect coverage even when spawning subprocesses, addressing previous gaps in coverage reporting. The HTML coverage report now supports dark mode and is Markdown table compatible.

Compatibility improvements include the new DENO_COMPAT=1 environment variable, which enables several flags aimed at making Deno work seamlessly in package.json-first projects. The --sloppy-imports flag (formerly unstable) allows extensionless imports, aiding migration from Node.js projects.

Permissions are more flexible:

• --allow-net now supports subdomain wildcards and CIDR ranges.
• --deny-import complements --allow-import for finer-grained control over remote code execution.
• The Deno.permissions API now supports the "import" type.
• Deno.execPath() no longer requires read permissions, simplifying subprocess spawning.

Conditional package.json exports are now supported, enabling npm packages to provide different exports for different environments (e.g., React Server Components).
Bare specifiers can now be used as entry points in deno run, leveraging mappings in deno.json.

Formatting (deno fmt) now supports XML and SVG files, and .mustache templates with an unstable flag.
Better tsconfig.json support means Deno now respects more options, improving compatibility with frameworks like Vue, Svelte, and Qwik.

Node.js compatibility is significantly improved:

• Node globals like Buffer, global, setImmediate, and clearImmediate are always available.
• Over 95% compatibility for modules such as node:buffer, node:events, node:querystring, node:quic, and node:wasm.
• Many new Node APIs and bug fixes, including support for fs.glob, improved crypto, and better event handling.

Local npm package support has been refined: the patch option is now called links, aligning with npm link semantics.

Other enhancements:

• fetch works over Unix and Vsock sockets.
• deno serve supports onListen() callbacks.
• Jupyter kernel management is improved.
• Lint plugins can access comments.
• Markdown-compatible output for coverage and benchmark tables.
• Improved signal handling on Windows.

If this is what we get in an x.y release, I cannot wait to see what’s in Deno 3.

---

SQLite Turns 25

SQLite recently turned 25 and, unlike most humans, it’s getting more performant with age. Well, at least one highly useful feature has — sqlite3_rsync. I sling SQLite 3 databases all across my Tailnet, so anything that will help keep replicas in sync faster is super welcome.

What magicks is this? Well, we’ll forego the full Joplin notes narrative makeover to channel this feature’s new speed boost…

WAL Mode Liberation:

• Previously: Both databases had to be in WAL mode. Period.
• Now: Rollback journal mode works fine too
• Why this matters: Compatibility just expanded dramatically. No more forcing architectural decisions just to use rsync.

SQLite has also moved from single-page to group-page hashing. Instead of computing and comparing hashes for every individual page, the protocol now batches them into groups. When a group hash matches, the entire group gets skipped.

This is pretty elegant problem-solving. The engineers clearly looked at real-world usage patterns and said, “Most of these databases are going to be nearly identical most of the time.”

The bandwidth improvement stats are fairly impressive:

• Old protocol: ~0.5% of database size minimum (even for identical databases)
• New protocol: <0.01% of database size
• Practical example: 500 MB database sync drops from ~2.5 MB to ~20 KB of network traffic

These speed improvements come from most three vectors:

1. Reduced hash computation overhead — Fewer individual operations
2. Minimized network round-trips — Group operations batch the work
3. Intelligent skipping — Large chunks of unchanged data get bypassed entirely

This will/should help folks in high-latency or bandwidth-constrained environments. The old protocol was pretty chatty; the new one is decisively efficient.

Both sides need 3.50.0+ for the new protocol. If there’s a version mismatch, it falls back gracefully to the older method.

If you’re using sqlite3_rsync, I’d consider an upgrade to 3.50.0 (well, 3.50.2, now) to be a mandatory one as I’ve 100% noticed the rsync speedups.

---

Ligolo-ng v0.8

I generally avoid posting about “offensive security” tools, since they can be dangerous — both to you and others — in the hands of folks who are not steeped in cyber. Back in April Ligolo-ng (GH) got some sweet new features that are worth including in this update-focused Drop.

Ligolo-ng is an advanced tunneling and pivoting tool designed (mostly) for cyber folks, particularly those involved in penetration testing and red teaming. Its core innovation is the use of a TUN interface to create a userland network stack, allowing traffic to be tunneled as if over a VPN, but without relying on traditional SOCKS proxies or proxychains. This approach enables more seamless and high-performance tunneling of TCP, UDP, and ICMP traffic, making it possible to run tools like nmap directly through the tunnel without extra configuration.

A major update in version 0.8 introduced an API and a web interface, all built with the help of L’ami du Raisin, which enables “multiplayer” capabilities. This means multiple users can interact with the same Ligolo-ng relay/proxy server through a graphical interface, managing agents, tunnels, and routes collaboratively. The web UI provides features such as agent selection and network information display, making it more accessible for teams working together on complex assessments.

Key features highlighted in this release include:

• Multiple users can manage tunnels and agents simultaneously via a browser-based interface.
• Ligolo-ng can run as a background service, improving reliability and persistence.
• Tunnels can be automatically configured when specific agents connect.
• Route and interface management works automatically on Windows, Linux, macOS, and BSD.
• Agents can be remotely terminated from the UI or API.
• The tool can achieve over 100 Mbits/sec in throughput, making it suitable even for demanding scenarios.
• Ligolo-ng’s agent can run without administrative privileges, though the relay/proxy server does require the ability to create a TUN interface.

These improvements make it especially useful for collaborative offensive security operations.

If you do decide to play with this and aren’t a cybersecurity professional, just be kind to whomever you test it out on (and, perhaps, inform them first so it’s not a crime).

---

FIN

Remember, you can follow and interact with the full text of The Daily Drop’s free posts on:

• 🐘 Mastodon via @dailydrop.hrbrmstr.dev@dailydrop.hrbrmstr.dev
• 🦋 Bluesky via https://bsky.app/profile/dailydrop.hrbrmstr.dev.web.brid.gy

☮️