🇺🇦 #​430 — March 24, 2022

Read on the Web

Node Weekly

Tao of Node: On Design, Architecture and Best Practices — A developer has boiled down all of the hard-earned best practices and gut feelings he’s picked up for developing high-quality Node apps over time. Opinionated, yes, but high level enough to provide value to most.

Alex Kondov

Node v17.8.0 (Current) Released — A relatively minor update: npm upgraded to v8.5.5, an update to the Undici HTTP/1.1 client, and you can now trace requests made by http using perf_hooks to accurately measure round-trip time, etc.

Bryan English

React Authentication, Simplified — In this article, we lay out a new approach to authentication (plus access control & SSO) in React applications.

Userfront sponsor

Malicious npm Packages Targeting Azure Developers — No, this isn’t a repeat of last week’s tale of npm supply chain woes, but a discovery of “hundreds of malicious packages designed to steal PII” targeting developers using packages under the @azure scope.

Polkovnychenko and Menashe (JFrog)

Node.js Security Releases to Fix High Severity OpenSSL Bug — Last week they were imminent, but now they’re here in the form of Node 12.22.11 (LTS), 14.19.1 (LTS), 16.14.2 (LTS) and 17.7.2 (Current) (though ignore the latter if you go for 17.8.0 above). The fix? An OpenSSL bug that could cause an infinite loop when parsing certain invalid certificates.

Joe Sepi (Node.js Project)

💻 Jobs

Senior Backend Developer — Are you looking to level up your skills and work on a wide variety of applications and technologies? Look no further.
Bitovi

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It's free for job-seekers.
Hired

AWS Graviton2 vs Apple M1 for Node.js Performance — A casual and personal benchmark, with all that implies, and while the M1 continues to impress for local development, it’s neat to see other production grade ARM-based systems ready to go too.

Jamie Knight

How to Manage Sessions using Passport, Redis, and MySQL — A practical walkthrough of creating a simple Express app with user credentials stored in MySQL, sessions in Redis, and Passport tying it all together. A commonly used pattern boiled down to the essentials.

Clara Ekekenta

10 Best Practices to Containerize Node.js Web Applications with Docker

Snyk sponsor

▶  What's Really Going on Inside Your node_modules Folder: The Video — Two weeks ago, we featured an extensive written alternative to this half-hour talk that dives into examples of recent supply chain attacks and some concrete steps you can take to protect your team from this emerging threat – but if you prefer talks/videos, this is well worth the time :-)

Feross Aboukhadijeh

Authorization in a Microservices World — Thinking through from a simple approach to full-on attribute-based access control. Not Node specific though the final example is Express-based.

Alexander Lolis

🛠 Code & Tools

Dum: An npm Script Runner Written in Rust — Continuing a trend of building JavaScript tools in, well, not JavaScript, the curiously named ‘Dum’ aims to replace npm run and npx to shave milliseconds off the task startup time. YMMV..

EGOIST

Video to Reels: Automatically Edit Videos to Post on Instagram Reels — Powered by FFmpeg, ImageMagick, and zx. Features include rotate, resize, add a color filter, normalize audio, and more.

Diego Fernandes

Metered Video: Developer First Video Calling API/SDK for Web & Mobile

Metered Video sponsor

Chrome Extension CLI: CLI for Building Chrome Extensions — Want to get building an extension for Chrome as quickly as possible? This Node-powered tool aims to get you on the right path ASAP.

Dutiyesh Salunkhe

Directus: Wrap an SQL Database with a Real-Time GraphQL + REST API — A Node.js-powered open source system that can act as a frontend to Postgres, SQLite, MySQL, Oracle, and other SQL databases, and provide a modern dashboard, client, and both REST and GraphQL APIs. (Note the GPL license.)

Directus

Chinese Random Name: Generate Random Chinese Names — There’s surely an npm package for every want or desire.

Khaidi Chu

graphql-request 4.2: A Minimal GraphQL Client Library
Prisma Labs

HyperExpress: High Performance Node Server Powered by uWebSockets.js
Kartik