Three new security related Node releases
#409 — October 14, 2021
The GitHub Advisory Database Now Powers npm audit — npm audit is a command you can run to scan your project’s dependencies for known security vulnerabilities.
Edward Thomson (GitHub)
Node 16.11.1, 14.18.1, and 12.22.7 Released — Billed as the ‘October 2021 Security Releases’, v16.11.1 (Current), v14.18.1 (LTS) and v12.22.7 (LTS) each fix the same two HTTP request smuggling vulnerabilities – the details of which aren’t entirely public as of yet.
All-In-One APM for Node.js Applications — AppSignal doesn’t just offer Node.js performance monitoring and error tracking. We have a full set of features to monitor your application from A to Z packed in a clear and intuitive interface. All features are included in all plans.
npm 8.0 Released (But It’s Not a Huge Deal) — The npm CLI has been upgraded to version 8 (almost exactly a year after the meatier npm 7 release) but as Myles Borin notes it’s a ‘fairly innocuous’ release primarily to drop Node.js v10 support: “Please feel free to use this as an example when folks argue about not bumping a major, npm has a lot of adoption”.
The main npm repository was down for a couple of hours just after we sent last week’s issue.
Serverless platform AWS Lambda has added a Graviton2/ARM-based environment to the mix in addition to its normal x86 platform.
Retiring the Node.js Community Committee — The Node.js Community Committee’s initiatives are being moved to the Node.js Technical Steering Committee (TSC) due, primarily, to an overall decline in the number of folks involved.
Building a Static-First MadLib Generator with Portable Text and Netlify On-Demand Builder Functions — On-demand builders can be useful for more than just deferring rendering of large amounts of content. They are also useful for generating user-generated content, as in this MadLib generator.
Is Deno Still a Thing? A Look at the Status of the ‘Node Killer’ — Not a particularly deep piece, but if you’ve not kept up with Deno it’s a quick catch up.
A Complete Guide to Buffers in Node.js
🛠 Code & Tools
Objection.js: An SQL-Friendly ORM for Node — Built on top of Knex and supporting SQLite, Postgres, and MySQL, Objection aims to ‘stay out of your way’ and let you use the full power of SQL while making common operations easier. GitHub repo.
Benny 3.7.0: A Simple Benchmarking Framework — Benny builds on top of the benchmark package with an improved API for benchmarking both synchronous and async code, setup and selection of cases, saving results in various formats, and more.
Sequelize 6.7.0: Easy-to-Use Multi SQL Dialect ORM for Node.js — Supports PG, MySQL, MariaDB, SQLite, & SQL Server and is fully promise-based.
Marble.js 4.0: Functional Reactive HTTP Middleware Framework — Based on TypeScript and RxJS.
crypto-hash 2.0: A Hashing Module Using the Native Crypto API in Node and Browser — Get the same hashing API in both environments. Uses the crypto module on Node and window.crypto in the browser.
Work From Anywhere in the World: Remote Sr. Front-End Engineer — B2B SaaS company seeks engineers who love building interactive data apps, being a part of a global community, and great hot sauce.
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.