#308 — October 3, 2019

Read on the Web

Node Weekly

How npm Lockfiles Can Be a Security Blindspot for Injecting Malicious Modules“Let me show you how easy it is to introduce back doors that are easily missed by project owners… leaving your code insecure.” This is a subtle issue, but we’ve seen how such issues can turn into big problems down the line recently.

Liran Tal

Node-RED 1.0 Released — Node RED is a flow-based, visual programming tool (aimed primarily at hardware automation) that’s built on top of Node.js. Despite only reaching 1.0 now, it’s a mature project.

Nick O'Leary

Monitor and Analyze Node App Performance in Real-Time — Search and analyze distributed traces to resolve bottlenecks and latency in your Node apps. Try Datadog free.

Datadog APM sponsor

npm Turns 10 Years Old — It took a couple of years to really explode in use, but npm came out not too long after Node itself. npm Inc. celebrates with a brief 54 second video skimming through npm’s growth and releases.

The npm Blog

A Look at V8 v7.8 — Every six weeks we’re treated to a look at the newest release of the V8 JavaScript engine (which Node tends to adopt about a month later). v7.8 continues to improve performance (such as with faster object destructuring) and has some improvements for WebAssembly users too (there’s now a way to use V8 solely as a WebAssembly execution engine from C/C++). Roll on November.

Ingvar Stepanyan

Node.js 8 is Not Supported from 2020 (So Update Now) — Did you know that Node 8 won’t get any more maintenance updates after December 31 this year? Here’s how to think about migrating.

Tamas Kadlecsik and Ferenc Hámori

Node v12.11.1 (Current) Released — A very minor release that fixed a regression that prevented being able to build Node 12.11.0 from the official tarball.

Node.js Foundation

💻 Jobs

Your Princess (or Prince!) IS in this Castle: Node Developer (London) — This role is for a senior JS/Node/React dev who can’t wait to tackle more architectural responsibility at a large, well-known company with a passion for saving folks money.


Find A Job Through Vettery — Vettery specializes in tech roles and is completely free for job seekers. Create a profile to get started.


📚 Articles and Tutorials

How to Build Cross-Platform, Native Desktop Apps with NodeGUI — A beginner’s guide to NodeGUI, a tool for building native desktop applications with JavaScript and CSS styling in a more lightweight way than using Electron.

James Hibbard

▶  Let's Build a 16-Bit Virtual Machine in JavaScript — This is a ‘rabbithole which goes really deep’ warns Francis, but you’ll learn a lot of interesting things along the way.

Low Level JavaScript

Top 10 GitHub Best Practices - Lessons from Thousands of Repositories — Implementing these best practices could save you time, improve code maintainability, and prevent security risks.

Datree.io sponsor

Crafting Build Pipelines with Docker — An exploration of using a multi-stage build for a Node.js application.

Ashley Davis

Working with Node.js on Hyper-V and WSL2

Brian De Sousa

Starting Your Own Community Lunch Group — Not Node specific but something worth doing if you have the right people nearby.

Keith R. Bennett

How to Generate a PDF Using Node, React, and Headless Chrome

Logan Bittner

🛠 Code and Tools

nvm 0.35.0: A Script to Manage Multiple Node Versions — Perhaps the most popular way to manage multiple Node installs on the same machine. It doesn’t get a new release very often, so enjoy. nave is a similar tool with a different approach if you’re surveying this area.


OIDC Provider: OpenID Certified OAuth 2.0 Authorization Server Implementation — An OAuth 2.0 Authorization Server with OpenID Connect and additional features and standards implemented.

Filip Skokan

Typegoose: Define Mongoose Models using TypeScript Classes — If you’re a Node developer and using Mongoose and want to be using TypeScript, this is for you.


Try Studio 3T: The Best Way to Get Started with MongoDB

Studio 3T sponsor

Taiko: A Library and REPL to Automate Chrome — Includes a REPL mode and is more designed to work with a visible, rather than headless, browser instance.


timequeue.js: A Queue with Custom Concurrency and Time Limits


node-rate-limiter-flexible: Limit Number of Actions by Key and Protect Apps from Brute Force Attacks

Roman Animir