#276 — February 21, 2019

Read on the Web

Node Weekly

Ten npm Security Best Practices — Concerned about npm vulnerabilities? This post covers a lot of ground from avoiding leaving secrets in published npm packages to disclosing vulnerabilities and using 2FA.

Liran Tal and Juan Picado

Node v11.10.0 (Current) Released — Upgrades for both libuv and npm (to 6.7) and a few (very) minor new features like a histogram based API for perf monitoring and repl.setupHistory.

Node.js Foundation

Design for Developers ✨ New Course by Sarah Drasner — Become more self-sufficient for the entire process for execution, from concept to design to implementation. Understand the rules for designing and learn to create complex and beautiful front-end experiences.

Frontend Masters sponsor

The Security Risks of Changing Package Owners“We’ve had a few situations recently which illustrate that people are a layer beneath the code and the actions of maintainers have a direct impact on the security of the ecosystem. Specifically event-stream and koa-router.”

The npm Blog

Node.js Core Team Considering Dropping ARMv6 Support for Node 12+ — This won’t affect many of you, but if it does (such as if you’re a Pi Zero or Raspberry Pi 1 user), it’s time to have your say.

Node.js Foundation

NodeSource Announces New Pricing for Smaller TeamsN|Solid is a mature platform for building and monitoring solid and secure Node apps, but it’s long been available only under enterprise-level pricing. No more.


💻 Jobs

Sr. Fullstack Engineer (Remote) — Sticker Mule is looking for passionate developers to join our remote team. Come help us become the Internet’s best place to shop and work.

Sticker Mule

UK Tech Jobs? Check Out hackajob — We look at your skills to match you with great companies. They apply to you, salary upfront.


📘 Tutorials and Opinions

for vs forEach() vs for/in vs for/of in JavaScript — An overview of the differences between looping constructs using several different edge cases.

The Code Barbarian

Divide and Conquer: Scale Your Node App using Distributed Queues

Alberto Gimeno

Share Your Whole Stack with Your Team, on Any Cloud, with One Workflow 🧑‍🤝‍🧑

Manifold sponsor

nodejs.dev: A Solid Introduction to Node.js — This week, Google began to offer .dev domain names to the public, but gave the Node.js project a gift in the form of the nodejs.dev domain which now hosts Flavio Copes’ awesome Introduction to Node.js guide.

Flavio Copes

Using Node 11.7 Worker Threads with RxJS Observable

Brian de Sousa

How to Run Your Node App on a Headless Raspberry Pi

Bogdan Covrig

🔧 Code and Tools

Bull: A Redis-Based Queue for Node — Prides itself on both performance and ‘rock solid stability’. Check the examples for an idea of the API. Looks nice.

Manuel Astudillo

Leon: A Node-Powered Open-Source Personal Assistant — There’s a demo video if you want to get the idea quickly.

Louis Grenard

Route Your Data to Any Analytics Service from Your Node Code

Segment sponsor

dbus-next: A New DBus Library for NodeDBus is a message bus system currently primarily used as a mechanism for Linux desktop apps to talk to each other.

Tony Crisci

fast-cli: Test Your Download and Upload Speed using Fast.com — A good example of how a simple Node-powered command line tool can be written and packaged.

Sindre Sorhus

capture-website: Capture Screenshots of Websites — A high-level Puppeteer wrapper to make it easy to capture screenshots of websites from Node or the command-line.

Sindre Sorhus