? Broken packages
#420 — January 13, 2022
Node Weekly
JavaScript Developer Breaks Two Popular npm Packages — The creator of Faker.js and colors.js, two packages we’ve mentioned quite often, made some unorthodox commits to his projects recently that caused them to either disappear or break in interesting ways which resulted in GitHub suspending his access at one point. To be blunt, you want to be finding alternatives. The Register’s writeup is, perhaps, one of the more colorful. Dependencies continue to be risky and this story will surely trundle on.
Thomas Claburn (The Register)
The January 10, 2022 Node.js Security Releases — Updates have arrived for all major release lines to resolve a handful of vulnerabilities. There’s Node 17.3.1, plus joint LTS releases 16.13.2, 14.18.3, and 12.22.9.
Bryan English and the Node.js Team
AppSignal Speaks Louder Than Words — AppSignal helps you inspect and improve the performance of your Node.js applications. Enhance your customer’s experience, and make sure your apps stay performant. We’ll tell you which piece of code to look at.
AppSignal sponsor
What npm Should Do Today to Stop a New Colors Attack Tomorrow — “A misfeature in NPM’s design means that as soon as the sabotaged version of colors was published, fresh installs of command-line tools depending on colors immediately started using it, with no testing that it was in any way compatible with each tool. (Spoiler alert: it wasn’t!)” — Russ explains how Go’s approach could avert such an issue.
Russ Cox
NAPI-RS 2.0: A Minimal Library for Building Node Addons in Rust — A nifty way to ‘Rustify’ Node and build pre-compiled Node.js addons in the popular systems language. v2 introduces a new macro API for defining JS values in Rust and makes the Rust code far easier to write. Async functions are now also supported, which is dope. Neon explores similar ideas in this space.
NAPI-RS Team
0x 5.0: Single-Command Flamegraph Profiling for Node — A tool that can profile and generate an interactive flamegraph (example) for a Node process in a single command.
David Mark Clements
? Jobs
Backend Developer Excited About Internet of Things? — Great opportunity to join a remote-friendly company positioned for exponential growth, working with emerging technologies and tools. Apply now.
Dimension Four
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
Hired
Using Node.js ES Modules and Top-Level await in AWS Lambda — Serverless AWS Lambda functions now support ES modules by way of the Node.js 14.x runtime.
Dan Fox
A Red Hat Flavored Review of Node.js in 2021 — Red Hat has its own Node.js team and this is what they achieved in 2021, including working on Node 17, shipping a variety of useful cheat sheets, and work on using Node serverlessly on Red Hat OpenShift.
Red Hat Developers
Think Less, Do More: Reducing Cognitive Overhead with ThePrimeagen
Sourcegraph sponsor
Ask HN: Where Are the Resources for Complex Architectures for Node.js?
Hacker News
? Code & Tools
Robots Parser 3.0: A robots.txt Parser — If you’re scraping or otherwise making automated requests to other people’s sites, abiding by their robots.txt rules is a good practice, and this could help you figure it out.
Sam Clarke et al.
Instauto: An Instagram Bot / Automation Library — Uses Puppeteer to do the hard work. The focus here is on ease of use.
Mikael Finstad
fast-json-stringify 3.0: 2x Faster than JSON.stringify()? — It seems apt that Fastify made this library.
Fastify
Build Internal Tools in Minutes with Retool, Where Visual Programming Meets the Power of Real Code
Retool sponsor
Jasmine 4.0: The Testing Framework for Browsers and Node — Yes, there are breaking changes (no IE support, no old Node versions support, behavior changes and more) but there’s a migration guide to make it simpler if you’re a Jasmine user.
Jasmine Team
active-win 7.7.0: Get Metadata About the Active Window — You can use this to get the title, width, height, x and y of the currently active window. Maybe useful for building your own productivity tracker or something? Now supports Apple Silicon natively.
Sindre Sorhus
public-ip 5.0: Quickly Get Your Public IP Address — Queries the DNS records of OpenDNS, Google DNS, and HTTPS services to determine your IP address. Now a pure ES module.
Sindre Sorhus
The Official MongoDB Node.js Driver v4.3.0 — Adds SOCKS5 support and key auto-completion support and type hinting on nested documents if you use TypeScript (all explained in these release notes).
MongoDB, Inc.
TypeScript Express Starter App 7.0 — A boilerplate app generator for getting a RESTful API up and running quickly on top of things like PM2, SWC, and Docker. You can choose from sub-templates covering the basics, using Sequelize, Mongoose, TypeORM, Prisma, or Knex too.
아구몬
SuperTest 6.2: Super-Agent Driven Library for Testing Node HTTP Servers — Make assertions about HTTP servers using a fluent API.
Sloth
