jQuery 4.0.0 Released — ES modules, Trusted Types, and legacy APIs removed
What happened
- The jQuery project published jQuery 4.0.0 on January 17, 2026 — the first major release in nearly a decade. It modernizes the library by migrating source to ES modules, adding Trusted Types / CSP-friendly behavior, removing long‑deprecated APIs and legacy browser workarounds, and shipping a smaller "slim" build that omits Deferreds/Callbacks. (blog.jquery.com)
Why this matters for full‑stack teams (practical impact)
- Security: jQuery 4 adds Trusted Types compatibility and reduces CSP friction for apps that enforce require-trusted-types-for. If your site uses strict CSP, jQuery 4 will reduce the need for risky inline script allowances — but you must still review any code paths that generate HTML strings. (blog.jquery.com)
- Tooling & bundlers: the library’s source is now published as ES modules. That means you can import jQuery directly with modern bundlers and browsers (import jquery from "jquery"), improving tree‑shaking and integration with ESM-first build pipelines (Vite, Rspack, Rollup, Turbopack). Expect slightly different bundle shapes and a simpler migration for module-based tooling. (blog.jquery.com)
- Compatibility & footprint: jQuery 4 drops support for very old browsers (IE ≤10, Edge Legacy, older iOS/Android builds). The slim build removes Deferreds/Callbacks in favor of native Promises, trimming bytes and encouraging modern async patterns — important for performance budgets and progressive enhancement. (blog.jquery.com)
- Breaking changes: several deprecated APIs were removed (examples: jQuery.isArray, jQuery.trim, jQuery.parseJSON and a set of internal prototype array methods). These removals are deliberate: native browser APIs now cover most use cases. Projects relying on those old helpers must be updated or run the jQuery Migrate helper. (blog.jquery.com)
Immediate, high‑impact checklist (what to do this week)
- Pin and test
- Pin your dependency to the current major ([email protected]) in a feature branch and run your full test suite (E2E + unit). Use browser coverage that matches your customers’ matrix. (blog.jquery.com)
- Run jQuery Migrate in dev
- Use the official jQuery Migrate helper to surface removed APIs and behavioral regressions before shipping. Fix-or-flag each call site; don’t silently leave migrate enabled in production. (blog.jquery.com)
- Audit CSP and Trusted Types
- If your app enforces strict CSP (no‑inline) or Trusted Types, validate that your dynamic HTML paths are using TrustedHTML or otherwise safe constructors. jQuery 4 reduces friction but does not eliminate the need for secure HTML handling. (blog.jquery.com)
- Review async patterns
- Replace reliance on jQuery Deferreds/Callbacks with native Promises/async-await where feasible — especially in code paths used by server‑rendered pages or hydration flows. The slim build removes Deferreds to favor native APIs. (blog.jquery.com)
- Update bundler configs & CI
- Ensure your bundler resolves the ESM entry (some projects may still reference legacy builds). Validate tree‑shaking and HMR behavior in dev. Add an integration test that imports jQuery as an ESM module to catch packaging regressions early. (blog.jquery.com)
- Plan progressive migration for legacy apps
- For large legacy codebases, adopt a phased approach:
- Stage 1: run migrate helper + automated tests
- Stage 2: replace removed helpers with native equivalents
- Stage 3: consider removing jQuery entirely from new UI code in favor of framework-native solutions (React/Vue/Svelte) where appropriate.
- For large legacy codebases, adopt a phased approach:
Why this is still relevant for React/Node.js teams
- Even React-first apps can have legacy widgets, third‑party plugins, or server‑rendered pages that include jQuery. Upgrading removes old browser workarounds, improves CSP safety, and simplifies bundling. For Node.js‑based build pipelines, the ESM sources remove some friction in SSR build tooling and make dependency graphs more predictable at bundle time. (blog.jquery.com)
Bottom line jQuery 4.0.0 is a forward‑looking release: smaller, module‑native, and more secure. It doesn’t force large rewrites, but it does require an audit and a short migration plan for projects with long‑running jQuery usage. Treat this as a low‑risk, high‑value maintenance window — upgrade in a branch, run the migrate tool, and roll changes through CI with focused tests.
Source
- Official jQuery announcement: jQuery 4.0.0 (January 17, 2026). (blog.jquery.com)
Source
Read Next
Svelte 5.52.0 adds TrustedHTML support for {@html}, enabling safer Trusted Types integration
February 21, 2026Svelte 5.52.0 (Feb 18, 2026) adds TrustedHTML support to {@html} expressions so apps can interoperate with browser Trusted Types without string coercion—important for XSS-hardening in SSR and client-rendered apps.
Next.js 16 makes Turbopack stable and the default for dev and build
February 20, 2026Next.js 16 moves Turbopack to stable/default, raises the Node.js minimum, and ships production-facing caching primitives — what full‑stack teams must change now.
Vite 8.0.0‑beta.14 adds server‑side .wasm?init (WASM SSR) and updates Rolldown to 1.0.0‑rc.4
February 19, 2026Vite's Feb 12, 2026 beta introduces SSR support for pre-initialized WebAssembly modules and upgrades its bundler integration to Rolldown 1.0.0‑rc.4 — a practical change that reduces client hydration work and improves tooling stability for Wasm-heavy server renders.