A proposal to make npm safer?
#413 — November 11, 2021
Node Weekly
Node-RED in Industrial IoT: A Growing Standard — Node-RED is a very long standing Node.js-based ‘low code’ environment where you wire components together. As explained here, it’s heavily used in IoT scenarios and is even taking on established commercial systems.
United Manufacturing Hub
Bree 7.0: A Versatile Job Scheduler for Node — Supports cron, dates, ms, later, and human-friendly for scheduling things. Made to help run Forward Email, a neat email forwarding service worth checking out on its own merits. GitHub repo.
Nick Baugh
Track Changes From Creation To Merge With Batch Changes — Understand the total impact of large-scale code changes before you make them and move 75% faster with Batch Changes. See how teams are using Batch Changes from configuration, refactoring, and more.
Sourcegraph sponsor
QUICK BITS:
The next branch of V8 has appeared: V8 v9.7 – a relatively minor one with findLast and findLastIndex methods appearing for Arrays and TypedArrays. Wait for a Node release in a month or two, perhaps.
The OpenJS Foundation has updated its Node.js certification exams from Node 14 to Node 16 standards.
Proposal: Make npm’s Install Scripts Opt In — Recent security issues involving compromised packages are making npm install’s ability to run arbitrary commands seem like a risky proposition. A developer kicked off a discussion by suggesting adding some nuance to how common pre/post-install scripts are run (or not).
Francisco Ryan Tolmasky I, et al.
Node v17.1.0 (Current) Released — A reasonably minor release. There’s now support for JSON import assertions (see here for more on what that entails) and a new promise_hook module for exposing V8’s PromiseHook API to userland.
Michaël Zasso
A Guide to Load Testing Node APIs with Artillery — Artillery is a load testing tool, written in JavaScript no less, that can let you test your apps under virtual traffic surges.
Ayooluwa Isaiah
How To Work with Files Using Streams in Node — Streams provide an efficient mechanism for working with files in Node – this is a practical and straightforward introduction to how to work with them.
Adaobi Aniuchi
Notification Systems 2.0: Part 1 – User Requirements
Courier sponsor
How to Speed Up Your TypeScript Monorepo with esbuild — Using esbuild to compile your TypeScript codebase could hugely improve build times.
Matteo Mazzarolo
sudo rm →rf / === npm install — A tale of why copying and pasting random commands from the Internet isn’t a great idea, but then moving on to why install scripts that can ‘run just about anything’ might not be much better. (Note: Title edited for safety.)
Geoffrey Huntley
? Jobs
Backend Engineer (Remote, EU Timezones) — We’ve built a product thousands of people love (See Trustpilot if you don’t believe us). We need your help with Node & TypeScript.
Feather
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
Hired
? Code & Tools
Depp: Check npm Modules for Unused and Duplicate Dependencies Fast — A new Go-powered tool you run from your JavaScript/TypeScript project’s folder to look for unused dependencies.
Rahul Tarak
JestTestGen: Generates Jest Unit Test Files for Existing JS/TS Files — Auto generation of Jest unit test files with all imports mocked and test stubs for every class method or function exported.
Giulio Dellorbo
Slonik v25: A Sophisticated Node Postgres Client Library — A ‘battle tested’ framework that abstracts repeating code patterns, protects against unsafe behavior, and provides a rich debugging experience.
Gajus Kuizinas
Tired of Manual Domain Management? Automate with This Special Offer ?
DNSimple sponsor
blake-hash: Rust Blake3 Hash Bindings for Node — BLAKE3 (Wikipedia entry) is a cryptographic hash function focused on performance.
LongYinan
randoma 2.0: User-Friendly Pseudorandom Number Generator
Sindre Sorhus
node-fetch 3.1: Lightweight Module Bringing the Fetch API to Node
Node Fetch
