What hides in your node_modules?
#428 — March 10, 2022
Node Weekly
What’s Really Going On Inside Your node_modules Folder? — A running joke is that node_modules folders are so huge they’re heavier than black holes but when packages get taken over by nefarious groups, the contents of node_modules becomes somewhat less funny. This post looks into what malicious packages can do and the broad problem of supply chain attacks generally.
Feross Aboukhadijeh
Node v17.7.0 (Current) Released — Updates to nghttp2 and npm (8.5.2), some new options for net.Socket and net.Server, and Ben Noordhuis (one of the most prolific Node contributors who stepped back as a core committer for reasons in 2013) is officially fully back as a Node.js collaborator (though he has continued to contribute code all along).
Stewart X Addison
Introducing the Elastic CI Stack for EC2 Mac — This new open source stack is created specifically for mobile teams, helping you migrate to AWS-managed servers for increased reliability, security, and speed. 📱
Buildkite sponsor
Socket: See Potential Security Issues for npm Packages — An interesting new project that scans the code of each npm package in an attempt to characterize their behavior which is then reported on project specific pages, such as this one for lodash or this one for zx.
Socket
A Case Study on Moving from Next.js to Remix — Remix is the newest full stack Web framework on the block, and the first case studies are beginning to come in. In this case, the author covers the rewrite of his personal site (where this article is hosted).
Adam Collier
Making a Discord Playlist Bot with Serverless Cloud — Serverless Cloud is a serverless platform from Serverless Inc., the folks behind Serverless Framework. (Have we said ‘serverless’ enough yet?) This post ties together Node.js with some specific Serverless Cloud features to easily create a Discord chat bot that can add songs to a shared Spotify playlist.
Ben Miner
💻 Jobs
Senior Backend Developer — Are you looking to level up your skills and work on a wide variety of applications and technologies? Look no further.
Bitovi
Fullstack Developer — Konrad is hiring Fullstack developers to join our team in building products for the world’s most exciting companies.
Konrad Group
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
Hired
A Guide to Node Process Management with PM2 — PM2 is one of the longest standing Node utilities used for managing processes and is worth checking out if you have a Node process you need to stay up 24/7.
Ayooluwa Isaiah
Malicious Node.js Packages: Niche Configurations & Invisible Characters
Snyk sponsor
Diving into Node’s Streams — Streams provide a defined interface and abstraction over the idea of working with streaming data in Node – they seem to suffer from often being misunderstood, though, so tutorials always tend to be popular.
Juan José Arboleda
▶ USB Reverse Engineering and Writing Drivers — If you’ve got a hankering to do some hardware hackery with Node, you might enjoy this truly low level stream.
Low Level JavaScript
▶ Discussing Securing the Open Source Supply Chain with Feross Aboukhadijeh — Feross Aboukhadijeh is one of the minds behind Socket (featured above) and he joined the popular Changelog podcast to discuss the launch and why making the assumption that all your dependencies are malicious may be a necessary step to take.
The Changelog podcast
Deploying Your Node API to AWS Using Elastic Beanstalk
Vasil Kosturski
The Fetch API is Finally Coming to Node
Elijah Asaolu
🛠 Code & Tools
PSD: A Zero-Dependency PSD (Photoshop) Parser for Browser and Node.js — Will parse info for each layer including text and also supports Photoshop’s .psb (big image) format. GitHub repo.
webtoon
Undici 4.15: The Fresh HTTP/1.1 Client for Node — Undici’s goal to be the best HTTP/1.1 client for Node takes another step forward.
Matteo Collina
Bree 8.0: A Versatile Job Scheduler for Node — Supports cron, dates, ms, later, and human-friendly for scheduling things.
Nick Baugh
Stream Video in Your Node App in Two API Calls
Mux sponsor
exiftool-vendored: Fast, Cross-Platform Node.js Access to ExifTool — Use this when you want to access embedded EXIF data within image files (particularly those taken with phones or DSLRs).
PhotoStructure
elasticsearch-js 8.1.0: Official Elasticsearch Client for Node — Elasticsearch is a great open source search database system for adding powerful search features to your apps. This update adds Elasticsearch 8.1 compatibility.
elastic
AVA 4.1: The Node.js Test Runner — A popular test runner known for its simplicity and speed.
AVA
fastify-websocket: Basic WebSocket Support for Fastify
Fastify
Dynamodump 2.0: A CLI Tool for Backing Up and Restoring Schema and Data from DynamoDB
Mikael Finstad
ssh2 v1.7: Pure JavaScript SSH2 Client and Server Modules for Node
Brian White