#406 — September 23, 2021
The Story of 5 RCEs Found in npm for $15,000 — A security researcher explains some remote code execution vulnerabilities he found in the npm tool and how they added up to $15K in payouts. Few of us need to dig into our tools this deeply but it’s interesting to see behind the curtain a little. (These RCEs prompted the npm upgrade request we covered two weeks ago.)
Electron 15.0.0 Released — Following on rather quickly from v14, Electron is now on a new eight week release cadence. v15 of the popular cross-platform desktop app framework upgrade to Chromium 94, V8 9.4, and Node.js 16.5.0 – none of which are huge advancements (though WebCodecs support may interest some), but it’s always great to see how up to date Electron is kept.
Sofia Nguy and Keeley Hammond
Fast Redis Hosting and Analytics — RedisGreen databases include seamless online upgrades, SSL encryption, key size tracking, memory mapping, and more.
Node.js Garbage Collection Explained — Learn how garbage collection and memory management works in practice with Node.js complete with illustrations and code examples. This is an older item but recently updated.
Node v16.10.0 (Current) Released — No big changes, but lots of smaller things, like npm and Acorn being updated and a new way to limit requests per connection via http.
How to Implement Logging in a Node App with Pino-Logger — Pino is a low overhead Node logging library that you can use with any Node app and is easy to integrate with any Web framework too.
Creating a Slack Bot with Serverless Framework — The basics of implementing Slack bots with Serverless and hooking one up to PagerDuty on-call schedules.
A Next.js ‘New Post’ Node Script — How a developer went about creating a Node-powered script to simplify creating new blog posts in a Next.js-based site.
Track Twitter Follower Growth Over Time with a Serverless Node API — Yet again another great use case for Node.js and serverless. AWS Amplify makes an appearance here, too.
Michael Hoffmann (Mokkapps)
How to Debug Cloudflare Workers with AppSignal
🛠 Code & Tools
Ackee: A Self-Hosted, Node-Based Web Analytics Tool — If you want to self host your own Web analytics system and have privacy in mind.
nbb: Adhoc ClojureScript Scripting on Node.js — If you want to write ClojureScript and run it quickly on top of Node, this provides a way.
Typegoose 9.0: Define Mongoose Models using TypeScript Classes — If you’re a Node developer and using Mongoose and want to be using TypeScript, this is for you.
Datadog APM sponsor
ow 0.28.0: Function Argument Validation for Humans — A fluent API to define constraints for function arguments (e.g. ow(input, ow.string.minLength(5))) and get nice error messages if those validations fail.
i18n-tools: CLI to Make Common Operations Around i18n Files Simpler — Convert i18n JSON files to xslx or CSV (and vice versa) or compare two i18n files for differences.
Glob 7.2.0: Match Files Using Shell-Style Patterns
Isaac Z. Schlueter
Node.js Developer at X-Team (Remote) — Join the most energizing community for developers and work on long-term projects for Riot Games, FOX, Sony, Coinbase, and more.
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.