Node Weekly Issue 499: August 29, 2023

#499 — August 29, 2023

👋 We're back! Well, sort of.. If you didn't get an issue of Node Weekly in the past few weeks, don't worry, I was on vacation. I'm technically on vacation for a couple more days but didn't want too many issues to pass by, so here we are 😁
__
Peter Cooper and the Cooperpress team

Together with

The Complexity of Building an Efficient Node Docker Image — It’s possible to get huge reductions in image size and build time, but Samuel feels most of the optimizations are things that should be optimized out of the box. Nonetheless, you may find the details and approach shared here useful.

Samuel Bodin

Effortless Postgres Management with Crunchy Bridge — We make Postgres management easier than ever. Run a production check to ensure you're ready for launch day. Get more insight and control over your database without having to become an expert.

Crunchy Bridge sponsor

Red Hat and IBM's Node.js 'Reference Architecture' — Big companies like to have well defined playbooks from which to work, and Red Hat and IBM are no exception. It’s an opinionated guide to how their engineering teams work with Node, what tools they prefer, and their development and operational practices.

Red Hat and IBM

The folks at Red Hat (including Michael Dawson) blogged about each part of the architecture a couple of years ago, but it continues to be honed and refined.

ASIDES:

🐦 Node 20.6 will include built-in support for .env files. There's more detail in this pull request but initial support is basic with more advanced features like directory traversal, incremental env support, and variable expansion to follow later.
The ever-useful Node Toolbox directory has gained a new category for image processing packages. Unsurprisingly, Sharp is way in the lead in terms of both score and downloads, but there are other options.
In related news, the Node Toolbox also has new QR code generation and benchmaking tools categories.
The August 9 Node.js security releases landed as expected, but were too late for our previous issue. Node v20.5.1, v18.17.1 and v16.20.2 were released.
The latest version of the popular cross-platform desktop app framework Electron has been released in the shape of Electron 26.0. It kicks things up to Node v18.16.1, V8 11.2, and Chromium 116 standards.
A look at how highly targeted attacks continue to plague npm and the techniques being used.

How to Create an npx tool — How to create a tool that can be used via npm’s npx execution mechanism.

Nathan Taras

Node.js's 'Config Hell' Problem? — Andy ponders why a Next.js project has over 30 configuration files and what we can do to avoid it (unsurprisingly, it involves using Deno, but I enjoy the boldness).

Andy Jiang (Deno)

14 Linting Rules To Help You Write Asynchronous JS Code — Walks through a variety of rules shipped by default with ESLint – an interesting way to learn some best practices.

Maxim Orlov

What is Adaptive Authorization? — "After Identity" explores how Adaptive Authorization keeps permissions precise & access temporal – not permanent.

Sym sponsor

📄 Using the TypeScript Compiler to Fix Erroneous Node.js Snippets — An academic paper.
Reid, Treude, and Wagner

Pitfalls to Avoid in Playwright
Antonello Zanini

The Importance of Verifying Webhook Signatures
Marcelo Oliveira (Snyk)

🛠 Code & Tools

Chalk.ist: Create Attractive Images of Source Code — Turn your source code into beautiful images using a variety of themes and customizations. (Be sure to note accessibility requirements or issues around using such images.)

Kasper Mikiewicz

openai-node 4.x: A Rewrite of the Official OpenAI API Client — A complete rewrite of the SDK for OpenAI’s popular suite of LLM-oriented services that introduces streaming support for completions, improved TypeScript support, support for ESM and numerous edge compute systems, and more.

OpenAI

📰 Classifieds

💻 Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.

Horrify a designer! Use authkit.dev to make the wackiest login flow possible, then share your creation with @stytchauth on Twitter by 9/1. Our favorite will win a free year of Stytch's Standard plan.

🎙️ Join us at SurrealDB World as we unveil SurrealDB 1.0.0 - An open-source, developer-friendly, fully ACID transactional, realtime document-graph web database for serverless apps.

📢 If you have a community related event, project, podcast, or similar, that would be of interest to Node Weekly readers, let us know by replying to this email and we may be able to run a classified listing as above for free. We want to have a good mix of community and commercial listings.

Chartbrew 2.8: Create Live Reporting Dashboards from Multiple Sources — Open source, built with Node, and lets you connect to numerous data sources and pull together data to turn into charts and dashboards.

Chartbrew

Metascraper: A Library to Scrape Metadata from Web Content — Uses things like Open Graph annotations, JSON+LD, and HTML metadata to get you things like author, title, description, and even an image related to the URLs of your choice.

Microlink

Neboa: Type-Safe NoSQL with Node and SQLite — NoSQL with SQLite? It’s all in the API. You get to use SQLite as if it were a NoSQL database via Neboa and it does the heavy lifting using JSON under the hood. GitHub repo.

Samuel Bazaga

QUICK RELEASES:

Archiver 6.0
↳ Streaming interface for .zip/.tar generation.
fdir 6.1
↳ Fast directory crawler and globbing library.
js-BSON 6.0
↳ MongoDB BSON Parser for Node & browser.
find-cache-dir 5.0
↳ Finds the common standard cache directory.
x-crawl 8.0
↳ Flexible multifunctional crawler library.
Prisma 5.2 – Next-gen ORM for Node + TypeScript ORM.
Axios 1.5 – Isomorphic promise-based HTTP client.
Middy 4.6 – Node AWS Lambda middleware engine.
pnpm 8.7 – Efficient alternative package manager.
Slonik 34.1 – Type-safe Postgres client library.
Fastify 4.22 – Low overhead web framework.
Derby 2.3 – Full-stack MVC framework.