#414 — November 18, 2021 |
Node Weekly |
GitHub on npm Ecosystem Security (and a Major Bug They've Fixed) — GitHub became the custodians of the main npm registry in 2020 when it acquired npm Inc. and in this post they share details on how they’re improving its security. Rather worryingly, they recently identified two issues, one of which meant an attacker could publish new versions of any npm package without proper authorization(!) GitHub assures us, however, it has not been “exploited maliciously” during the timeframe for which they have telemetry (September 2020 onward). Mike Hanley (GitHub) |
Migrating from Puppeteer to Playwright — Puppeteer is a popular Node library to remote control Chrome/Chromium browsers, whereas Playwright is a little broader and newer. This post digs through what you need to consider if you switch between the two. Checkly |
A Complete Intro to Building For Real-Time — Join Brian Holt for this detailed course on building apps that can push client messages up to the server and talk in real-time. You'll learn long polling, how to open web sockets, SocketIO abstraction, HTTP/2 Push, retry strategies, and more. Frontend Masters sponsor |
Announcing TypeScript 4.5 — Just two weeks after the RC comes the final release. What’s new? The formerly promised ES module support for Node is now merely experimental and in nightly releases only, but you also get the Daniel Rosenwasser (Microsoft) |
'I Will Pay You Cash to Delete Your npm Module' — Firstly, it’s a (sort of) joke, but the founder of sourcehut brings up an interesting point. He’s alarmed by huge trees of dependencies and wants to see people thinking about it, even if no money is involved. Drew DeVault |
Bundle Scanner: Identify npm Libraries Used on a Web Page — Enter a URL and this tool will try and show you what npm packages were used in the page’s JavaScript even if they’re all bundled up. There’s an explanation of how it works. Or some example results for Kent C Dodd’s fancy new homepage. Markus Englund |
Electron 16.0.0 Released — Electron, the toolkit for building cross platform desktop apps with JavaScript, is now one of those projects with a fast, regular release cadence, so no huge changes here, but you get Chrome 96, Node 16.9.1 and V8 9.6 support, as well as the WebHID API. OpenJS Foundation |
How NodeSource Builds Better Security Monitoring and Alerts with InfluxDB InfluxData sponsor |
How to Create Memory and Type-Safe Node Modules with Rust — We’ve mentioned Neon a few times before. It provides a way to write code in Rust that you can call from Node, and this tutorial provides a quick intro. Tharaka Romesh |
Using Node.js to Create An HTTP Proxy for IPFS Content — IPFS has some admirable goals, but it’s inaccessible for many users. See how to use Node to create an HTTP proxy to access IPFS content. Alex Merced |
|
🛠 Code & Tools
Clinic.js 10: A Node Performance Diagnosis Suite — A tool to diagnose issues in Node apps with probes that collect metrics to assess the app and create recommendations. v10 adds Node 16 support. GitHub repo. nearform |
htmlparser2 7.2.0: A Forgiving HTML and XML Parser — Consumes documents and calls callbacks, but it can generate a DOM as well. There’s a live demo here. Felix Böhm |
Nodekeeper: A Lightweight Alternative to Nodemon — Like nodemon it monitors your app for changes and automatically restarts things, as you might want in development. There’s also an article on how it works. Pankaj Tanwar |
Automate Domains, DNS, and SSL Certificates with This Special Offer 👀 DNSimple sponsor |
Auto: Generate Releases Based on Semantic Version Labels on Pull Requests — A tool with the goal to make automated releases easy and without big changes to your workflow. GitHub repo. Intuit |
browser-or-node 2.0: Figure Out Where Your Code is Running — Provides a simple way to tell if your code is currently running in a browser, in Node, in a Web Worker, or in Deno. Dinesh Pandiyan |
Execa 6.0: A Better Sindre Sorhus |
The Official MongoDB Node.js Driver v4.2.0 — See what’s new in the release notes. MongoDB, Inc. |