🔒  npm Granular Access Tokens Now Generally Available — The granular access token feature on the npm registry is now generally available, allowing you to restrict token access to specific packages, set expiration dates, limit access by IP range, and more.

GitHub

Automatic npm Publishing with GitHub Actions and Granular Tokens — As mentioned above, GitHub has announced granular access tokens for the npm registry. Tim explains why this is a big deal, not only from a security point of view for us all, but also for anyone publishing packages.

Tim Perry

React Authentication, Simplified — In this article, we lay out a new approach to authentication (plus access control & SSO) in React applications.

Userfront sponsor

Deno 1.32 Released with Enhanced Node Compatibility — I know this is a Node newsletter, but given Deno’s provenance and continuing insistence for Node.js compatibility, this is Node news in a round about way. 1.32 ships with TypeScript 5 and extends package.json support in particular.

Deno Team

Why We Added package.json Support to Deno — Further to the above item and Deno’s Node and npm compatibility continuing to improve, the Deno team has been facing questions about the runtime’s core priorities. Ryan Dahl explains more about the thinking here.

Ryan Dahl

Migrating from ts-node to Bun — Everyone’s coming after Node.js this week! Now it’s the turn of performance oriented Bun. John runs us through porting a console app from ts-node over to Bun — something he calls “a pretty easy process”.

John Reilly

Tuple, a Lightning-Fast Pairing Tool Built for Remote Developers

Tuple sponsor

Create a CLI Chatbot with the ChatGPT API and Node — If you can’t beat AI, join them..?

Phil Nash

OTPAuth: One Time Password (HOTP/TOTP) Library — When you log in on a site with 2FA and you’re asked for six digits from your authentication app, that’s probably a so-called Time-based One-Time Password (or TOTP). This library for Node, Deno, Bun and the browser lets you work with both TOTPs and HOTPs (HMAC-based OTPs) from JavaScript.

Héctor Molinero Fernández

DOCX 8.0: Generate Word .docx Files from Node or Browser — The code to lay out your documents is verbose but there’s a lot of functionality baked in. Here’s a CodePen-based example and the v8.0 release notes – GitHub repo.

Dolan Miu

🚀 Monitor And Optimize Website Speed To Rank Higher in Google — Monitor Google's Core Web Vitals and optimize performance using in-depth reports built for developers. Improve SEO & UX.

DebugBear sponsor

Malibu: Framework-Agnostic CSRF Middleware — ESM only, zero-dependency, and TypeScript types are included. It’s compatible with Express, Tinyhttp, and most modern frameworks based around the core HTTP package.

Reinaldy Rafli

pg-anonymizer 0.7.0: Anonymized Data Dumping from Postgres — A Node-powered tool for taking anonymized exports of databases. Sensitive data is replaced with faked data of equivalent types.

Raphaël Huchet

eslint-formatter-pretty 5.0: Pretty ESLint Formatter — Nicer output than the default. Sort results by severity. Get stylized inline code blocks, and more.

Sindre Sorhus

Express-Ts-Auth-Service: A Ready-to-Use Authentication Service — A pre-built authentication server built around Express.js, JSON Web Tokens, TypeScript and MySQL (via Prisma).

Louis X

AWS JWT Verify: Verify JWTs Signed by Amazon Cognito — In both Node.js and the browser.

Amazon Web Services