#404 — September 9, 2021
Node v16.9.0 (Current) Released with Experimental Package Manager Manager — A big addition this time out is Corepack, a new experimental tool for managing package managers directly within the Node distribution itself (as already used to occur with npm but could now be Yarn or pnpm instead). V8 also moves up to V8 9.3 with error cause support and Object.hasOwn.
How an npm Package with 3M Weekly Downloads Had a Severe Vulnerability — It’s not every day a publication as mainstream as Ars Technica covers Node news, but security researcher Ax Sharma has put together a good story about a significant vulnerability in pac-resolver.
Fauna: A Modern Serverless Data API for Node.js Apps — Fauna combines the schema flexibility that’s provided by document databases with ACID compliant transactions. Quickly integrate Fauna into your applications with our Data API and leave scaling, sharding and all other operations to Fauna.
Common npm Mistakes Every Developer Should Avoid — Learn how to avoid common mistakes when managing dependencies, publishing packages, and more.
GitHub Security Update: Vulnerabilities in tar and @npmcli/arborist — GitHub has received reports via a private security bug bounty program about code execution vulnerabilities in tar (the npm package) and @npmcli/arborist so they’re strongly recommending upgrading both npm to 6.14.15 or 7.21.0 or newer and tar, if you use it in your projects.
Mike Hanley (GitHub)
Trace-Based Testing with OpenTelemetry: Meet Malabi — An introduction to Malabi, a new OpenTelemetry-based test framework that lets you do what they’re calling trace-based testing for verifying interconnectivity issues between distributed services.
Why Electron Apps Are Fine — While Niels agrees with many common criticisms of Electron, his users don’t care, and he says you shouldn’t care either.
🛠 Code & Tools
bundle: A Quick npm Package Size Checker — Enter a package name, then hit the “run” button and this tool will give you the minified, bundled, and gzipped size of the package.
is-reachable: Check If a Server Is Reachable — Another library from Sindre’s immense catalogue. This library simply does a TCP handshake with a specified target to see if a server is at least ‘reachable.’ Before that, maybe you can use is-online to work out if you’re even online in the first place? 😉
timefind: Search a Web Site’s History — A Node-based tool (which you can use from the terminal) for quickly flipping through the Web Archive’s snapshots.
cron-parser 4.0: Node Library for Parsing cron Rules — cron is a commonly used mechanism on Unix-based systems for running recurring tasks and such tasks are defined in a very specific format. This package lets you parse this format for your own ends.
Boilerplate to Kickstart Creating an npm Package using TypeScript — The self descriptively named typescript-npm-package-template gives you a quick launchpad for creating your own TS powered npm package.
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.