Everyone’s coming for Node.js this week
#479 — March 23, 2023
???? npm Granular Access Tokens Now Generally Available — The granular access token feature on the npm registry is now generally available, allowing you to restrict token access to specific packages, set expiration dates, limit access by IP range, and more.
GitHub
Automatic npm Publishing with GitHub Actions and Granular Tokens — As mentioned above, GitHub has announced granular access tokens for the npm registry. Tim explains why this is a big deal, not only from a security point of view for us all, but also for anyone publishing packages.
Tim Perry
React Authentication, Simplified — In this article, we lay out a new approach to authentication (plus access control & SSO) in React applications.
Userfront sponsor
Deno 1.32 Released with Enhanced Node Compatibility — I know this is a Node newsletter, but given Deno’s provenance and continuing insistence for Node.js compatibility, this is Node news in a round about way. 1.32 ships with TypeScript 5 and extends package.json support in particular.
Deno Team
Why We Added package.json Support to Deno — Further to the above item and Deno’s Node and npm compatibility continuing to improve, the Deno team has been facing questions about the runtime’s core priorities. Ryan Dahl explains more about the thinking here.
Ryan Dahl
This item led to an amusing Hacker News subthread wondering if Deno is just heading back to where Node already is. Probably not, but it’s a playful observation, and a common issue around the ‘version 2’ of popular systems generally.
IN BRIEF:
The folks at Socket have introduced what they’re calling ‘safe npm’, a transparent wrapper for npm that tries to protect users from malware, typosquatting, malicious install scripts, and more.
Over on Twitter, Sid Palas started with what he called a ‘pile of ????’ Dockerfile for a Node app and worked up to a podium-place example.
Snyk’s Vivek Maskara takes a quick look at how Express, Fastify, and NestJS secure themselves against common security concerns.
Swizec Teller asks: Can you build a semantic search system in an afternoon? It seems so.
Migrating from ts-node to Bun — Everyone’s coming for Node.js this week! Now it’s the turn of performance oriented Bun. John runs us through porting a console app from ts-node over to Bun — something he calls “a pretty easy process”.
John Reilly
Tuple, a Lightning-Fast Pairing Tool Built for Remote Developers
Tuple sponsor
Create a CLI Chatbot with the ChatGPT API and Node — If you can’t beat them, join them..
Phil Nash
What’s New in Eleventy 2: How a Great Node.js Static Site Generator Just Got Better
Craig Buckler
???? Code & Tools
OTPAuth: One Time Password (HOTP/TOTP) Library — When you log in on a site with 2FA and you’re asked for six digits from your authentication app, that’s probably a so-called Time-based One-Time Password (or TOTP). This library for Node, Deno, Bun and the browser lets you work with both TOTPs and HOTPs (HMAC-based OTPs) from JavaScript.
Héctor Molinero Fernández
DOCX 8.0: Generate Word .docx Files from Node or Browser — The code to lay out your documents is verbose but there’s a lot of functionality baked in. Here’s a CodePen-based example and the v8.0 release notes – GitHub repo.
Dolan Miu
???? Monitor And Optimize Website Speed To Rank Higher in Google — Monitor Google’s Core Web Vitals and optimize performance using in-depth reports built for developers. Improve SEO & UX.
DebugBear sponsor
Malibu: Framework-Agnostic CSRF Middleware — ESM only, zero-dependency, and TypeScript types are included. It’s compatible with Express, Tinyhttp, and most modern frameworks based around the core HTTP package.
Reinaldy Rafli
pg-anonymizer 0.7.0: Anonymized Data Dumping from Postgres — A Node-powered tool for taking anonymized exports of databases. Sensitive data is replaced with faked data of equivalent types.
Raphaël Huchet
eslint-formatter-pretty 5.0: Pretty ESLint Formatter — Nicer output than the default. Sort results by severity. Get stylized inline code blocks, and more.
Sindre Sorhus
Express-Ts-Auth-Service: A Ready-to-Use Authentication Service — A pre-built authentication server built around Express.js, JSON Web Tokens, TypeScript and MySQL (via Prisma).
Louis X
AWS JWT Verify: Verify JWTs Signed by Amazon Cognito — In both Node.js and the browser.
Amazon Web Services
???? Jobs
Full Stack JavaScript Engineer @ Emerging Cybersecurity Startup — Small team/big results. Fun + flexible + always interesting. Come build our award-winning, all-in-one cybersecurity platform.
Defendify
Software Engineer (Backend) — Join our “kick ass” team. Our software team operates from 17 countries and we’re always looking for more exceptional engineers.
Sticker Mule
Find Tech Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.
Hired
QUICK RELEASES:
Playwright 1.32.0 – Powerful browser control and Web testing framework. More on this in JavaScript Weekly tomorrow as it’s ▶️ quite an interesting release.
js-bson 5.1
↳ BSON parser library. Now supports Map
express-mysql-session 3.0
↳ MySQL session store for Express.js.
Hexo 7.0 RC1
↳ Node blogging framework.
Slonik 33.1.3
↳ Type safe Postgres client library.
Fastify 4.15
↳ Fast, low overhead web framework.
node-cache-manager 5.2
↳ Flexible cache module.
