Node Weekly
June 24, 2016  #143

Apologies for the lateness of this issue today - we were awaiting the security releases of Node addressed in the first item below :-)

Node.js Foundation
Vulnerabilities have been patched in 5.x, 4.x, 0.12.x and 0.10.x. Node 6 has not been affected, however.

John-David Dalton and Bradley Meck
A well-informed proposal to resolve standing issues over whether JavaScript files are treated as regular scripts or modules.

Karl Düüna
A look at not only some npm caching and installation concerns, but also licences, freshness, and dependencies of modules overall.

Heroku   Sponsor
Learn how to build a full stack JavaScript app & RESTful API server you can customize and scale. Read More.


Guy Podjarny
Guy outlines five different dimensions to thinking about npm dependencies, including development vs production dependencies and versioning issues.

The npm Blog
A look at issues around using certain public packages in a limited-access environment.

Adam Baldwin
Upgrade to the newly released 4.14, if possible. If you're using acceptsLanguages, you could be vulnerable to a simple attack.


In Brief