Are Half of New npm Packages Just Junk? — Sandworm is the creator of the Sandworm Audit package analysis tool and as part of that work, the claim is made that “more than half of all new packages” on the official npm registry are just placeholders with READMEs that contain links to various nefarious sites.

Gabi Dobocan (Sandworm)

Node v16.20.0 (LTS) Released — Not a big release. Mostly updates to dependencies like npm (to 8.19.4) and undici. The version bump is justified by the backporting of support for externally shared JS builtins.

Beth Griggs (Node.js Team)

Smooth Log Management for Node.js Developers — Unlock the power of logs with AppSignal. Find all the key information in a few clicks in our clean and intuitive interface. Monitoring doesn’t need to be a hassle, AppSignal is here to help.

AppSignal sponsor

Speeding Up the JavaScript Ecosystem: npm Scripts — The latest in a fascinating series on finding ‘low hanging fruit’ when it comes to performance. The author explains this one best himself: “‘npm scripts’ are executed by JavaScript developers … all the time. Despite their high usage they are not particularly well optimized and add about 400ms of overhead. In this article we were able to bring that down to ~22ms.”

Marvin Hagemeister

Node.js Compatibility for Cloudflare Workers — Cloudflare Workers is a popular serverless platform that uses V8 isolates rather than a Node runtime. This has meant support for Node functions has been lacking, but things are changing with support for AsyncLocalStorage, EventEmitter, Buffer, assert, and parts of util now available to use with more to follow.

James M Snell

The Landscape of npm Packages for CLI Apps — If you want to create a CLI app, there are a lot of options nowadays for covering areas like pretty output, parsing arguments, and accepting user input. This post rounds up some of the options in these various areas.

Joey Kilpatrick

Navigate the Pitfalls and Returns of Using Node.js Worker Threads — Review the pros and cons of worker threads, and how they differ from other multithreading implementations, in Snyk's recent Node.js article.

Snyk sponsor

A Business Case for SvelteKit — A good post covering the experience of migrating from Meteor to SvelteKit, the process this team undertook, and the outcomes from both a performance and UX point of view.

Chris Ellis

np 7.7.0: A Better npm publish — Makes the process of publishing a package smoother with an interactive UI, checks that you’re publishing the right thing, runs tests, pushes commits and tags, etc.

Sindre Sorhus

Nano JSX: A Lightweight SSR-First JSX Library — Features include no Virtual DOM, no external dependencies, on-demand hydration, and support for Node and Deno-based server-side rendering situations.

Nano JSX

Concurrent.js: Load Modules into Background Threads — Billed as a concurrent computing approach for JavaScript environments including the browser, Node and Deno, this library lets you dynamically import modules into worker threads (in Node) or Web Workers (in the browser).

Bitair

React Authentication, Simplified

Userfront sponsor

pnpm 8.1: Alternative Fast and Space Efficient Package Manager — “A new setting has been added called dedupe-direct-deps, which is disabled by default. When set to true, dependencies that are already symlinked to the root node_modules directory of the workspace will not be symlinked to subproject node_modules directories. This feature was enabled by default in v8.0.0 but caused issues, so it’s best to disable it by default”

pnpm

Sharp 0.32.0: High Performance Image Processing from Node — It’s been a few years since we included this properly, but it’s so good. It uses libvips behind the scenes to provide what it claims is ‘the fastest module to resize JPEG, PNG, WebP and TIFF images’. You can also rotate, do gamma correction, crop, etc. Image resizing API and examples.

Lovell Fuller