Damage caused by package-based protest

🇺🇦 #​429 — March 17, 2022

Read on the Web

Node Weekly

How the peacenotwar Module Sabotaged Software to Protest Russia’s Invasion of Ukraine — Users of a variety of systems (including Vue CLI as seen here) began to notice that the node-ipc dependency was doing some unusual things, such as corrupting files on systems geolocated to Russia or Belarus, as well as writing messages of protest. This is a complex story, but well outlined in this post, yet another reminder of how fragile dependencies can be.

Liran Tal (Snyk)

Build a Fullstack App from Scratch — Join Scott Moss for this detailed video course on building a fully featured app using a modern stack (React, Next.js, TypeScript, Postgres). You’ll cover UI, data modeling, authentication, state management, deployment, testing, and more.

Frontend Masters sponsor

Node.js Security Releases Due Imminently — As of the time of publishing, these releases haven’t dropped yet, but they’re imminent and will incorporate upstream patches from OpenSSL for an as yet undisclosed high severity issue.

Joe Sepi (Node.js Project)

Faker 6.0: Generate Massive Amounts of Fake Data — After some issues with a maintainer going rogue in January, a community team took over the popular Faker project and their first major release is now out, complete with ESM support. There are v5 to v6 migration instructions if you want to upgrade.

Faker.js Team

Quick bits:

Node 17.7.1 has been released to fix a regression in url.resolve() when working with URLs that contain the @ (at) symbol.

NodeSource has unveiled a free tier of their N|Solid SaaS offering for folks who want to explore Node.js metrics, process monitoring, etc.

📆 DevOps.js is a virtual conference on building, deploying, and monitoring JS apps taking place next week (March 24-25). You can register here.

💻 Jobs

Senior Backend Developer — Are you looking to level up your skills and work on a wide variety of applications and technologies? Look no further.

Bitovi

Senior Node Engineer for Global Health (Remote) — SystemOne’s IoT platform enables infectious disease laboratories to securely transport patient data to where it can be actioned.

SystemOne

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.

Hired

Why and How to Use HTTPS in Your Local Development Environment — Learn why you should use HTTPS even for development and how to set things up, including spinning up a simple Node.js server.

Andrea Chiarelli

Updating Node Dependencies Automatically, Selectively, or Incrementally — A tour of npm-check-updates.

Elijah Manor

How to Build a File Upload Service with Vanilla JavaScript — Building a file upload service with vanilla JavaScript, from scratch, with a method that requires no npm packages and no dependencies outside of the standard library.

Pankaj Tanwar

Write Your Real-Time Apps in Python with This Tutorial for InfluxDB

InfluxData sponsor

▶  How Remix Helps Bridge the Network Chasm — Kent C. Dodds—the Director of Developer Experience at Remix—and the JS Party panelists take a look at the new React framework: what it does today, how it lured Kent away from a lucrative independent teaching career and what’s next.

The JS Party Podcast podcast

How to Avoid SQL Injection Attacks in Node

James Q Quick

Boost Your Webmaster Skills with the Google Search Console API from Node

Shehzad Akbar

Lessons Learned From Switching to AWS SDK v3 in Node.js Lambda Functions

Allen Helton

🛠 Code & Tools

Taiko: A Library and REPL to Automate Browsers — This differs from Puppeteer or Playwright by being higher level and more visual. It includes a REPL mode and is more designed to work with a visible, rather than headless, browser instance, with a bigger focus on testing.

Gauge

Pino 7.9.0: A Fast ‘Very Low Overhead’ JSON Logger — There are code samples for using it with Fastify, Express, Hapi, Koa, and more.

pino

Build Internal Tools in Minutes with Retool, Where Visual Programming Meets the Power of Real Code

Retool sponsor

node-json-db: A Simple JSON-Powered File-Based Data Store — For when you need a simple database but.. you don’t want a ‘database’, if you know what I mean.

Antoine Aflalo

Mongoosastic 5.0: Index Mongoose Models into Elasticsearch Automatically — Now that’s quite the project name.

James R. Carr

Awilix 7.0: An Inversion of Control (IoC) Container for Node

Jeff Hansen

Hexo 6.1: A Node-Powered SSG-Style Blog Framework

Tommy Chen

Leave a Reply

Your email address will not be published. Required fields are marked *