#​420 — January 13, 2022

Read on the Web

Node Weekly

JavaScript Developer Breaks Two Popular npm Packages — The creator of Faker.js and colors.js, two packages we’ve mentioned quite often, made some unorthodox commits to his projects recently that caused them to either disappear or break in interesting ways which resulted in GitHub suspending his access at one point. To be blunt, you want to be finding alternatives. The Register’s writeup is, perhaps, one of the more colorful. Dependencies continue to be risky and this story will surely trundle on.

Thomas Claburn (The Register)

The January 10, 2022 Node.js Security Releases — Updates have arrived for all major release lines to resolve a handful of vulnerabilities. There’s Node 17.3.1, plus joint LTS releases 16.13.2, 14.18.3, and 12.22.9.

Bryan English and the Node.js Team

AppSignal Speaks Louder Than Words — AppSignal helps you inspect and improve the performance of your Node.js applications. Enhance your customer's experience, and make sure your apps stay performant. We’ll tell you which piece of code to look at.

AppSignal sponsor

What npm Should Do Today to Stop a New Colors Attack Tomorrow“A misfeature in NPM’s design means that as soon as the sabotaged version of colors was published, fresh installs of command-line tools depending on colors immediately started using it, with no testing that it was in any way compatible with each tool. (Spoiler alert: it wasn’t!)” — Russ explains how Go’s approach could avert such an issue.

Russ Cox

NAPI-RS 2.0: A Minimal Library for Building Node Addons in Rust — A nifty way to ‘Rustify’ Node and build pre-compiled Node.js addons in the popular systems language. v2 introduces a new macro API for defining JS values in Rust and makes the Rust code far easier to write. Async functions are now also supported, which is dope. Neon explores similar ideas in this space.


0x 5.0: Single-Command Flamegraph Profiling for Node — A tool that can profile and generate an interactive flamegraph (example) for a Node process in a single command.

David Mark Clements

💻 Jobs

Backend Developer Excited About Internet of Things? — Great opportunity to join a remote-friendly company positioned for exponential growth, working with emerging technologies and tools. Apply now.
Dimension Four

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It's free for job-seekers.

Using Node.js ES Modules and Top-Level await in AWS Lambda — Serverless AWS Lambda functions now support ES modules by way of the Node.js 14.x runtime.

Dan Fox

A Red Hat Flavored Review of Node.js in 2021 — Red Hat has its own Node.js team and this is what they achieved in 2021, including working on Node 17, shipping a variety of useful cheat sheets, and work on using Node serverlessly on Red Hat OpenShift.

Red Hat Developers

Think Less, Do More: Reducing Cognitive Overhead with ThePrimeagen

Sourcegraph sponsor

Ask HN: Where Are the Resources for Complex Architectures for Node.js?
Hacker News

🛠 Code & Tools

Robots Parser 3.0: A robots.txt Parser — If you’re scraping or otherwise making automated requests to other people’s sites, abiding by their robots.txt rules is a good practice, and this could help you figure it out.

Sam Clarke et al.

Instauto: An Instagram Bot / Automation Library — Uses Puppeteer to do the hard work. The focus here is on ease of use.

Mikael Finstad

fast-json-stringify 3.0: 2x Faster than JSON.stringify()? — It seems apt that Fastify made this library.


Build Internal Tools in Minutes with Retool, Where Visual Programming Meets the Power of Real Code

Retool sponsor

Jasmine 4.0: The Testing Framework for Browsers and Node — Yes, there are breaking changes (no IE support, no old Node versions support, behavior changes and more) but there’s a migration guide to make it simpler if you’re a Jasmine user.

Jasmine Team

active-win 7.7.0: Get Metadata About the Active Window — You can use this to get the title, width, height, x and y of the currently active window. Maybe useful for building your own productivity tracker or something? Now supports Apple Silicon natively.

Sindre Sorhus

public-ip 5.0: Quickly Get Your Public IP Address — Queries the DNS records of OpenDNS, Google DNS, and HTTPS services to determine your IP address. Now a pure ES module.

Sindre Sorhus

The Official MongoDB Node.js Driver v4.3.0 — Adds SOCKS5 support and key auto-completion support and type hinting on nested documents if you use TypeScript (all explained in these release notes).

MongoDB, Inc.

TypeScript Express Starter App 7.0 — A boilerplate app generator for getting a RESTful API up and running quickly on top of things like PM2, SWC, and Docker. You can choose from sub-templates covering the basics, using Sequelize, Mongoose, TypeORM, Prisma, or Knex too.


SuperTest 6.2: Super-Agent Driven Library for Testing Node HTTP Servers — Make assertions about HTTP servers using a fluent API.