#​448 — July 28, 2022

Read on the Web

Node.js Weekly

Introducing Even More Security Enhancements to npm — GitHub continues to up npm’s security game with enhancements that affect most of us in some way or another. There’s a streamlined login and publishing experience with the npm CLI, you can connect your GitHub and Twitter accounts to your npm one, and there’s a new npm command (npm audit signatures) to verify the integrity of packages in npm (all of which have been re-signed).

Myles Borins and Monish Mohan (GitHub)

Build a Fullstack App from Scratch — Join Scott Moss for this detailed video course on building a fully featured app using a modern stack (React, Next.js, TypeScript, Postgres). You'll cover UI, data modeling, authentication, state management, deployment, testing, and more.

Frontend Masters sponsor

Creating ESM-Based Shell Scripts for Unix and Windows — This is not as easy as you’d hope! But luckily Dr. Axel has figured out most of the intricacies of creating modern shell scripts with Node and packed it all into this factually dense post.

Dr. Axel Rauschmayer

Using Rust for Writing Node Modules — Soon it’s going to be difficult to find anywhere that the Rust language isn’t! This post boils down creating a Rust-powered extension to the absolute essentials as a springboard to further experiments. NAPI-RS is another option this space if you want to write as little boilerplate as possible.

TechFund

Deeper Testing of Bun's Performance and Compatibility Against Node — Last week we linked to David’s initial Node vs Bun comparison but had to quickly retract it as there was a rather big flaw in the testing. Happily, David is back with “some more carefully constructed performance tests” that digs deeper and shows that while Bun’s Node.js compatibility still isn’t really there, it’s early days and there’s a lot of promise. “Bottom line is that Bun will succeed if the Node.js community pitches in.”

David Herron

Debug Node Apps in Production Without Stopping Them

Rookout sponsor

Node v18.7.0 (Current) Released — A minor release. npm and Undici get version bumps. http now sends a dropRequest event when requests are dropped due to hitting server.maxRequestsPerSocket. util.parseArgs continues to get some enhancements. It’s all quite bitesize stuff, but progress nonetheless.

Danielle Adams (Node.js)

How to Use Node.js Modules in Deno
Ekekenta Clinton

🛠 Code & Tools

simplex-noise.js 4.0: A Fast Simplex Noise Implementation — Small, self contained, and fast, and you can use it in cool demos like this or for applying convincing grain/noise to images or other data, say.

Jonas Wagner

serverless-bundle 5.4: Optimized Packages for Config-Free ES6 and TypeScript Node.js Lambda FunctionsServerless Framework plugin that optimally packages ES6 or TypeScript Node.js Lambda functions with sensible defaults.

Anomaly Innovations

Malicious Node.js Packages: Configuration Niche + Invisible Characters

Snyk.io sponsor

article-parser 7.0: Node Library to Extract Articles from Web Pages — Give this a URL and if you’re lucky you’ll get some useful data back. Live demo. Mozilla’s Readability is used under the hood to make it work.

Dong Nguyen

ejs-static-converter: Convert EJS-Based Node Apps to Static HTML Sites“useful for converting apps or websites that were made with node and ejs for easier development but don’t require any server-side code into static HTML.”

Thomas Hamilton-Smith

QUICK RELEASES:

Jasmine 4.3 – Popular JavaScript testing framework.
Ghost 5.5 – Blog and CMS platform.
pnpm 7.6 – Efficient alternative package manager.
Fastify 4.3 – The low overhead web framework.
Strapi 4.3 – Popular Node.js headless CMS.
node-acme-client 5.0 – Simple, unopinionated ACME client.
Got 12.2 – Human-friendly HTTP request library.

💻 Jobs

Software Engineers — Sticker Mule is the Internet's most "kick ass" brand. Our software team operates from 17 countries, and we're always looking for more exceptional engineers.
Sticker mule

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It's free for job-seekers.
Hired