A proposal to make npm safer?
#413 — November 11, 2021
Node-RED in Industrial IoT: A Growing Standard — Node-RED is a very long standing Node.js-based ‘low code’ environment where you wire components together. As explained here, it’s heavily used in IoT scenarios and is even taking on established commercial systems.
United Manufacturing Hub
Bree 7.0: A Versatile Job Scheduler for Node — Supports cron, dates, ms, later, and human-friendly for scheduling things. Made to help run Forward Email, a neat email forwarding service worth checking out on its own merits. GitHub repo.
Track Changes From Creation To Merge With Batch Changes — Understand the total impact of large-scale code changes before you make them and move 75% faster with Batch Changes. See how teams are using Batch Changes from configuration, refactoring, and more.
The next branch of V8 has appeared: V8 v9.7 – a relatively minor one with findLast and findLastIndex methods appearing for Arrays and TypedArrays. Wait for a Node release in a month or two, perhaps.
The OpenJS Foundation has updated its Node.js certification exams from Node 14 to Node 16 standards.
Proposal: Make npm’s Install Scripts Opt In — Recent security issues involving compromised packages are making npm install’s ability to run arbitrary commands seem like a risky proposition. A developer kicked off a discussion by suggesting adding some nuance to how common pre/post-install scripts are run (or not).
Francisco Ryan Tolmasky I, et al.
Node v17.1.0 (Current) Released — A reasonably minor release. There’s now support for JSON import assertions (see here for more on what that entails) and a new promise_hook module for exposing V8’s PromiseHook API to userland.
How To Work with Files Using Streams in Node — Streams provide an efficient mechanism for working with files in Node – this is a practical and straightforward introduction to how to work with them.
How to Speed Up Your TypeScript Monorepo with esbuild — Using esbuild to compile your TypeScript codebase could hugely improve build times.
sudo rm →rf / === npm install — A tale of why copying and pasting random commands from the Internet isn’t a great idea, but then moving on to why install scripts that can ‘run just about anything’ might not be much better. (Note: Title edited for safety.)
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
🛠 Code & Tools
JestTestGen: Generates Jest Unit Test Files for Existing JS/TS Files — Auto generation of Jest unit test files with all imports mocked and test stubs for every class method or function exported.
Slonik v25: A Sophisticated Node Postgres Client Library — A ‘battle tested’ framework that abstracts repeating code patterns, protects against unsafe behavior, and provides a rich debugging experience.
randoma 2.0: User-Friendly Pseudorandom Number Generator