Damage caused by package-based protest
?? #429 — March 17, 2022
How the peacenotwar Module Sabotaged Software to Protest Russia’s Invasion of Ukraine — Users of a variety of systems (including Vue CLI as seen here) began to notice that the node-ipc dependency was doing some unusual things, such as corrupting files on systems geolocated to Russia or Belarus, as well as writing messages of protest. This is a complex story, but well outlined in this post, yet another reminder of how fragile dependencies can be.
Liran Tal (Snyk)
Build a Fullstack App from Scratch — Join Scott Moss for this detailed video course on building a fully featured app using a modern stack (React, Next.js, TypeScript, Postgres). You’ll cover UI, data modeling, authentication, state management, deployment, testing, and more.
Frontend Masters sponsor
Node.js Security Releases Due Imminently — As of the time of publishing, these releases haven’t dropped yet, but they’re imminent and will incorporate upstream patches from OpenSSL for an as yet undisclosed high severity issue.
Joe Sepi (Node.js Project)
Faker 6.0: Generate Massive Amounts of Fake Data — After some issues with a maintainer going rogue in January, a community team took over the popular Faker project and their first major release is now out, complete with ESM support. There are v5 to v6 migration instructions if you want to upgrade.
Node 17.7.1 has been released to fix a regression in url.resolve() when working with URLs that contain the @ (at) symbol.
NodeSource has unveiled a free tier of their N|Solid SaaS offering for folks who want to explore Node.js metrics, process monitoring, etc.
? DevOps.js is a virtual conference on building, deploying, and monitoring JS apps taking place next week (March 24-25). You can register here.
Senior Backend Developer — Are you looking to level up your skills and work on a wide variety of applications and technologies? Look no further.
Senior Node Engineer for Global Health (Remote) — SystemOne’s IoT platform enables infectious disease laboratories to securely transport patient data to where it can be actioned.
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
Why and How to Use HTTPS in Your Local Development Environment — Learn why you should use HTTPS even for development and how to set things up, including spinning up a simple Node.js server.
Updating Node Dependencies Automatically, Selectively, or Incrementally — A tour of npm-check-updates.
Write Your Real-Time Apps in Python with This Tutorial for InfluxDB
▶ How Remix Helps Bridge the Network Chasm — Kent C. Dodds—the Director of Developer Experience at Remix—and the JS Party panelists take a look at the new React framework: what it does today, how it lured Kent away from a lucrative independent teaching career and what’s next.
The JS Party Podcast podcast
How to Avoid SQL Injection Attacks in Node
James Q Quick
Boost Your Webmaster Skills with the Google Search Console API from Node
Lessons Learned From Switching to AWS SDK v3 in Node.js Lambda Functions
? Code & Tools
Taiko: A Library and REPL to Automate Browsers — This differs from Puppeteer or Playwright by being higher level and more visual. It includes a REPL mode and is more designed to work with a visible, rather than headless, browser instance, with a bigger focus on testing.
Pino 7.9.0: A Fast ‘Very Low Overhead’ JSON Logger — There are code samples for using it with Fastify, Express, Hapi, Koa, and more.
Build Internal Tools in Minutes with Retool, Where Visual Programming Meets the Power of Real Code
node-json-db: A Simple JSON-Powered File-Based Data Store — For when you need a simple database but.. you don’t want a ‘database’, if you know what I mean.
Mongoosastic 5.0: Index Mongoose Models into Elasticsearch Automatically — Now that’s quite the project name.
James R. Carr
Awilix 7.0: An Inversion of Control (IoC) Container for Node
Hexo 6.1: A Node-Powered SSG-Style Blog Framework