🇺🇦 #​437 — May 12, 2022

Read on the Web

Node Weekly

An Enhanced 2FA Experience for Your npm Account — Over the past six months, GitHub has been keen to tighten up security around the publishing of npm packages with two-factor authentication at the heart of the effort. Now an array of improved 2FA features are in public beta for you to try out, but all maintainers of the top 500 npm packages will be enrolled in a mandatory fashion on May 31.

Myles Borins (GitHub)

A Community Group for Web-Interoperable JavaScript Runtimes — Cloudflare, Vercel, Shopify and core contributors to Node and Deno have got together to form a new group around the interoperability and development of standardized Web APIs for non-browser, JavaScript-based environments. So much as browsers collaborate on features, so too can backend platforms.

James M Snell

Couchbase Capella DBaaS: Store in JSON, access with SQL — Build faster with in-memory performance, automatic replication and scaling. Try it now for free and be live in under 3 minutes.

Couchbase sponsor

Ryan Dahl on JavaScript Containers — Ryan, originally known for Node and now Deno, thinks about JavaScript as being a universal scripting language and how the JS sandbox acts as a sort of high level version of the traditional Linux container and will only become more important in the next few years.

Ryan Dahl

Mystery of Industry-Focused Backdoored npm Packages Solved — Snyk, JFrog and ReversingLabs spent a fair bit of time investigating modules that were built by an intern at a security research company researching dependency confusion.

The Register

Quick bytes:

What's Involved in Running a Ransomware Attack in a Node Module — What began as a learning experiment to see how difficult it would be turned into concern at how easy it was..

Charlie Gerard

Keep Up with the Latest in Startups, Tech, & Programming in Just 5 Min

TLDR Newsletter sponsor

How We Employed The New ES Module Support in TypeScript
Yonatan Kra

How to Use the GitHub Pulls API to Manage Pull Requests
Carlos Schults

Managing OAuth 2.0 User Credentials in Your Node App
Shehzad Akbar

🛠 Code & Tools

GraphQL Yoga 2.0: A Light But Fully-Featured GraphQL Server — Bills itself as the ‘easiest way to run a GraphQL server’. Yoga follows the GraphQL over HTTP spec, supports file uploaded, subscriptions over HTTP Server Sent Events, and more – plus it’ll work on Node, Deno, or even serverlessly. GitHub repo.

Michał Tyszkiewicz

URL State Machine: A Fast Spec-Compliant URL State Machine — Aims to follow the WhatWG spec on the matter.

Yagiz Nizipli

Agenda 4.3: Lightweight Job Scheduling for Node — Uses a MongoDB-backed persistence layer and offers rate limiting, pause/resume, and repeatable jobs.

Ryan Schmukler

Data-Driven Edge Functions with Netlify and Polyscale.ai

PolyScale.ai sponsor

nve 15.0: Run Things With a Specific Node.js Version — Easily execute a file, command, or REPL using a specific version (or multiple versions) of Node. For example, you could run npm test over multiple versions at once.

ehmicky

Kafka.js 2.0: A Modern Apache Kafka Client — Production ready and supports Kafka 0.10+. (Kafka is a popular open source system for working with stream-processing at scale.) As the first major release in 4 years, there’s a migration guide for existing users.

Túlio Ornelas

The Official MongoDB Node.js Driver v4.6.0 — You can now define your own custom type for the top level document returned in a change event.
MongoDB Inc.

Hexo 6.2: A Fast and Simple Node.js Blog Framework
Hexo

💻 Jobs

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It's free for job-seekers.
Hired