#420 — January 13, 2022
Thomas Claburn (The Register)
The January 10, 2022 Node.js Security Releases — Updates have arrived for all major release lines to resolve a handful of vulnerabilities. There’s Node 17.3.1, plus joint LTS releases 16.13.2, 14.18.3, and 12.22.9.
Bryan English and the Node.js Team
AppSignal Speaks Louder Than Words — AppSignal helps you inspect and improve the performance of your Node.js applications. Enhance your customer’s experience, and make sure your apps stay performant. We’ll tell you which piece of code to look at.
What npm Should Do Today to Stop a New Colors Attack Tomorrow — “A misfeature in NPM’s design means that as soon as the sabotaged version of colors was published, fresh installs of command-line tools depending on colors immediately started using it, with no testing that it was in any way compatible with each tool. (Spoiler alert: it wasn’t!)” — Russ explains how Go’s approach could avert such an issue.
NAPI-RS 2.0: A Minimal Library for Building Node Addons in Rust — A nifty way to ‘Rustify’ Node and build pre-compiled Node.js addons in the popular systems language. v2 introduces a new macro API for defining JS values in Rust and makes the Rust code far easier to write. Async functions are now also supported, which is dope. Neon explores similar ideas in this space.
0x 5.0: Single-Command Flamegraph Profiling for Node — A tool that can profile and generate an interactive flamegraph (example) for a Node process in a single command.
David Mark Clements
Backend Developer Excited About Internet of Things? — Great opportunity to join a remote-friendly company positioned for exponential growth, working with emerging technologies and tools. Apply now.
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
Using Node.js ES Modules and Top-Level await in AWS Lambda — Serverless AWS Lambda functions now support ES modules by way of the Node.js 14.x runtime.
A Red Hat Flavored Review of Node.js in 2021 — Red Hat has its own Node.js team and this is what they achieved in 2021, including working on Node 17, shipping a variety of useful cheat sheets, and work on using Node serverlessly on Red Hat OpenShift.
Red Hat Developers
🛠 Code & Tools
Robots Parser 3.0: A robots.txt Parser — If you’re scraping or otherwise making automated requests to other people’s sites, abiding by their robots.txt rules is a good practice, and this could help you figure it out.
Sam Clarke et al.
Instauto: An Instagram Bot / Automation Library — Uses Puppeteer to do the hard work. The focus here is on ease of use.
fast-json-stringify 3.0: 2x Faster than JSON.stringify()? — It seems apt that Fastify made this library.
Jasmine 4.0: The Testing Framework for Browsers and Node — Yes, there are breaking changes (no IE support, no old Node versions support, behavior changes and more) but there’s a migration guide to make it simpler if you’re a Jasmine user.
active-win 7.7.0: Get Metadata About the Active Window — You can use this to get the title, width, height, x and y of the currently active window. Maybe useful for building your own productivity tracker or something? Now supports Apple Silicon natively.
public-ip 5.0: Quickly Get Your Public IP Address — Queries the DNS records of OpenDNS, Google DNS, and HTTPS services to determine your IP address. Now a pure ES module.
The Official MongoDB Node.js Driver v4.3.0 — Adds SOCKS5 support and key auto-completion support and type hinting on nested documents if you use TypeScript (all explained in these release notes).
TypeScript Express Starter App 7.0 — A boilerplate app generator for getting a RESTful API up and running quickly on top of things like PM2, SWC, and Docker. You can choose from sub-templates covering the basics, using Sequelize, Mongoose, TypeORM, Prisma, or Knex too.
SuperTest 6.2: Super-Agent Driven Library for Testing Node HTTP Servers — Make assertions about HTTP servers using a fluent API.