#376 — February 18, 2021

Read on the Web

Node Weekly

Avoiding npm Substitution Attacks — Recently there have been some high profile examples of supply chain attacks on popular source code repositories, such as where fake or eponymous packages are published, but you can reduce your attack surface by taking precautions and managing dependencies. Here's some tips when using npm.

Isaac Z. Schlueter

An Interview with Ryan Dahl, the Creator of Node.js and Deno — Ryan created Node.js 11 years ago and in recent years has moved on to Deno where he’s attempting a new take at the same idea. This interview touches on Deno’s challenges and Ryan’s love of Rust and Vim.

Evrone

Seamlessly Integrate Video into Your Node App — Mux Video is an API-first platform that makes it easy to build beautiful video that streams everywhere.

Mux sponsor

WebdriverIO v7 Released — WebdriverIO is a popular browser and mobile automation testing framework for Node. v7 brings it over to TypeScript, improves its Google Lighthouse integration, and improves compiler tool integration. There’s even a brief video about the release.

Christian Bromann

Node v15.9.0 (Current) Released — libuv gets an upgrade, fsPromises.watch() (think a promisified version of fs.watch), perf_hooks.createHistogram(), and more similarly small bits and pieces.

Danielle Adams (Node.js Project)

Quick Bits

💻 Jobs

Backend Developer - Remote or in Beautiful Norway — Do you have a passion for GraphQL, NodeJS, and message drive distributed architectures? Join our remote-first engineering team.

Crystallize

Find Your Next Job Through Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It's free for job-seekers.

Hired

📗 Tutorials and Stories

Serverless TypeScript: A Complete Setup for AWS SAM Lambdas — A workflow for creating TypeScript-based AWS Lambda functions with AWS SAM that support testing, debugging, etc. and using shared layers to package dependencies.

Andrey Novikov and Sergey Alexandrovich

“Computer! Tea, Earl Grey, Hot”: Offline Voice Recognition with Node — Leans on Porcupine, a private and offline ‘wake word’ engine that can tell when someone says certain things.

David Bartle

Fast and Reliable Feature Management for the Modern Enterprise — Built for Engineering Teams. Easy Implementation. Designed for Enterprise Scale. Try LaunchDarkly for free today.

LaunchDarkly sponsor

V8's Route to Faster JavaScript Method Calls — This gets very technical and fast, but it’s fantastic to see how the V8 team continues to address important performance issues in the world’s most widely used JavaScript engine. This work improves the performance of your Node and browser-facing code alike.

Victor Gomes

How to Install an npm Module from a GitHub Branch — Just a quick tip.
David Walsh

How to Create a Hybrid NPM Module for ESM and CommonJS
Michael O'Brien

🛠 Code and Tools

Metascraper: A Library to Scrape Metadata from Web Content — It uses things like Open Graph annotations, JSON+LD, and HTML metadata to get you things like author, title, description, and even an image related to the URLs of your choice. GitHub repo.

Microlink

JSON Schema to TS: Infer TypeScript Types From JSON Schemas — JSON schemas are widely used and reusable and can be used with this to define schemas in TypeScript too.

Thomas Aribart

How to Use WebSockets With Your Vue.js Projects — Not a tutorial but two blobs of code to show you how a basic Vue.js frontend and a Node backend can communicate with WebSockets.

Mastering JS

Fast, Cheerful, Collaborative Project Management

Clubhouse.io sponsor

A Node.js Driver for youtube-dl — Want to download videos from YouTube? Want to do it from Node? Here’s an option.

Przemyslaw Pluta

Commander 7.1: Node Command-Line Interfaces Made Easy — Commander is a long standard ‘batteries included’ system for building apps that interface with the command line in Node.

TJ Holowaychuk

SVGO 2.0: A Node-Based SVG Optimizer — If you’ve worked with SVG (Scalable Vector Graphics) at all, you’ve probably seen they can be filled with all sorts of junk code.. SVGO to the rescue. 2.0.0 just came out and drastically reduces the package size while making API changes.

Kir Belevich