#​492 — June 27, 2023

Read on the Web

Together with  Snyk logo
Node.js Weekly

Kysely: A Type-Safe SQL Query Builder — Inspired by Knex and targeting Node, it also works in Deno and the browser. It boasts a good autocomplete experience thanks to its fluent API. GitHub repo.

Sami Koskimäki

The June 20 Node.js Security Releases — As we suggested last week, the Node.js 16.x, 18.x, and 20.x lines all got updates in the form of v20.3.1 (Current), v18.16.1 (LTS), and v16.20.1 (LTS). The vulnerabilities are explained in the post and are primarily related to OpenSSL or the use of the experimental permissions feature behind the --experimental-permission flag. (This is why it's an experimental feature, while initial weaknesses are discovered and fixed.)

Rafael Gonzaga

A Day in the Life of an Ethical Hacker — Ethical hackers proactively identify security weaknesses before they can be exploited by malicious actors. Learn practical steps for getting started with ethical hacking, from reconnaissance and vulnerability exploitation to responsible disclosure.

Snyk sponsor

A Look at TypeScript 5.2's New Keyword: usingusing brings something akin to Python’s with context management into TypeScript with a way to automatically run a function when an object leaves scope. You could use it to shut down a database connection, close file handles, etc.

Matt Pocock

ASIDES:

A Look at the Architecture of an Early Stage SaaSFeelback is a hosted feedback collection app and their team explains their app’s architecture in detail. Their API is built on Node, hosted on Fly, with a React SPA up front.

Feelback Team

An Intro to Command Injection Vulnerabilities — Think SQL injection but with commands. If your app, or even one of its dependencies, constructs commands from user/third party input and runs them locally, there’s potential for trouble.

Liran Tal

How to Create a Multi-Region Node.js Lambda API — …using Serverless Framework and pairing it with a serverless multi-region CockroachDB database.
Paul Scanlon (Cockroach Labs)

Using PlanetScale with Serverless Framework Node Apps on AWS
Matthieu Napoli (PlanetScale)

🛠 Code & Tools

Nightwatch.js 3.0: End-to-End Web Testing Frameworkv3 includes some new selectors, features a revamped experience, lets you test Angular components in isolation, adds test double support for unit tests, and more. GitHub repo.

BrowserStack Limited

☕️ Along similar lines, TestCafé 3.0 has also been released. It takes a more direct approach than Nightwatch's Selenium-derived WebDriver API approach, and v3.0 has added support for directly driving Chromium-based browsers over the Chrome DevTools Protocol.

Shiki: A Syntax Highlighter Using VS Code Themes — Supports over 100 languages and you can specify a VS Code theme in the settings to get the look you want. Works in both Node.js and even on static sites (via a CDN build) and you can see some examples here.

Shiki

Save $1 Off Your Next Domain Name Registration at Porkbun.com — Create your next project on a domain from Porkbun.com. The best prices, services, and support of any domain registrar!

Porkbun.com sponsor

google-spreadsheet 4.0: Interact with Google Sheets — Sheets is Google’s cloud-based spreadsheet app and it has an API so you can work with documents from your own code.

Theo Ephraim

DerbyJS 2.1: Mature MVC Web Framework — It’s never been the most popular option, but at 12 years old, Derby has lived through most of Node’s history and remains an option for building realtime, collaborative apps. GitHub repo.

Nate Smith et al.

Node Dependency Management UI for VS Code — Supports npm, yarn, pnpm and lets you manage dependencies from the VS Code sidebar with a few extra features. Visual Studio Marketplace listing.

Kasper Mikiewicz

💻 Jobs

Find Tech Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.
Hired