A proposal to make npm safer?

#​413 — November 11, 2021

Read on the Web

Node Weekly

Node-RED in Industrial IoT: A Growing StandardNode-RED is a very long standing Node.js-based ‘low code’ environment where you wire components together. As explained here, it’s heavily used in IoT scenarios and is even taking on established commercial systems.

United Manufacturing Hub

Bree 7.0: A Versatile Job Scheduler for Node — Supports cron, dates, ms, later, and human-friendly for scheduling things. Made to help run Forward Email, a neat email forwarding service worth checking out on its own merits. GitHub repo.

Nick Baugh

Track Changes From Creation To Merge With Batch Changes — Understand the total impact of large-scale code changes before you make them and move 75% faster with Batch Changes. See how teams are using Batch Changes from configuration, refactoring, and more.

Sourcegraph sponsor

QUICK BITS:

The next branch of V8 has appeared: V8 v9.7 – a relatively minor one with findLast and findLastIndex methods appearing for Arrays and TypedArrays. Wait for a Node release in a month or two, perhaps.

The OpenJS Foundation has updated its Node.js certification exams from Node 14 to Node 16 standards.

Proposal: Make npm’s Install Scripts Opt In — Recent security issues involving compromised packages are making npm install’s ability to run arbitrary commands seem like a risky proposition. A developer kicked off a discussion by suggesting adding some nuance to how common pre/post-install scripts are run (or not).

Francisco Ryan Tolmasky I, et al.

Node v17.1.0 (Current) Released — A reasonably minor release. There’s now support for JSON import assertions (see here for more on what that entails) and a new promise_hook module for exposing V8’s PromiseHook API to userland.

Michaël Zasso

A Guide to Load Testing Node APIs with ArtilleryArtillery is a load testing tool, written in JavaScript no less, that can let you test your apps under virtual traffic surges.

Ayooluwa Isaiah

How To Work with Files Using Streams in Node — Streams provide an efficient mechanism for working with files in Node – this is a practical and straightforward introduction to how to work with them.

Adaobi Aniuchi

Notification Systems 2.0: Part 1 – User Requirements

Courier sponsor

How to Speed Up Your TypeScript Monorepo with esbuild — Using esbuild to compile your TypeScript codebase could hugely improve build times.

Matteo Mazzarolo

sudo rm →rf / === npm install — A tale of why copying and pasting random commands from the Internet isn’t a great idea, but then moving on to why install scripts that can ‘run just about anything’ might not be much better. (Note: Title edited for safety.)

Geoffrey Huntley

💻 Jobs

Backend Engineer (Remote, EU Timezones) — We’ve built a product thousands of people love (See Trustpilot if you don’t believe us). We need your help with Node & TypeScript.

Feather

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.

Hired

🛠 Code & Tools

Depp: Check npm Modules for Unused and Duplicate Dependencies Fast — A new Go-powered tool you run from your JavaScript/TypeScript project’s folder to look for unused dependencies.

Rahul Tarak

JestTestGen: Generates Jest Unit Test Files for Existing JS/TS Files — Auto generation of Jest unit test files with all imports mocked and test stubs for every class method or function exported.

Giulio Dellorbo

Slonik v25: A Sophisticated Node Postgres Client Library — A ‘battle tested’ framework that abstracts repeating code patterns, protects against unsafe behavior, and provides a rich debugging experience.

Gajus Kuizinas

Tired of Manual Domain Management? Automate with This Special Offer 👀

DNSimple sponsor

blake-hash: Rust Blake3 Hash Bindings for NodeBLAKE3 (Wikipedia entry) is a cryptographic hash function focused on performance.

LongYinan

randoma 2.0: User-Friendly Pseudorandom Number Generator

Sindre Sorhus

node-fetch 3.1: Lightweight Module Bringing the Fetch API to Node

Node Fetch

Leave a Reply

Your email address will not be published. Required fields are marked *