#475 — February 23, 2023
▶ The State of Node.js Core with Colin Ihrig — Colin sits on the Node.js Technical Steering Committee (TSC) and gives us a 30-minute presentation reviewing what’s going on and some potential upcoming features (including a permissions system, better TypeScript integration, proxy support for fetch and more promisified core modules).
This Dot Media
Node v19.7.0 (Current) Released — Two key updates: npm v9.5.0, and the new Ada WHATWG-compliant URL parser we mentioned two weeks ago is now in play (with up to 87% faster URL parsing),
Node 18.4.2 (LTS) has also been released with npm 9.5 and updates to both V8 and the Undici HTTP client.
Add Pangea’s Security Services to Your Node App – Start Free — Get the APIs to deliver a secure user experience in one place! Comply with SOC2 (Secure Audit Log), strip out PII (Redact), comply with export restrictions (Embargo), and block known threat actors (File, Domain, IP, URL Threat Intelligence). Start for free
Node v19.7.0’s Single Executable Applications Support — I told a half truth above, there are three neat things in Node 19.7. The third is experimental and significant enough to require its own item. With the right incantations, you can package a Node app along with the Node executable itself for easier distribution. I struggled to get it working and the resulting executable will be over 80MB in size, but it’s early days 🙂
As expected last week, several Node.js releases dropped to resolve some security issues, namely Node 14.21.3, 16.19.1, 18.14.1 and 19.6.1.
GitHub has streamlined the npm password reset flow.
CodeSandbox has unveiled Sandpack 2.0 which includes a fast Node runtime for the browser. There’s a lot of moving parts here, but in short it opens up a lot of potential for running live demos and interactive docs on the Web all within the browser. Check out the demos in the post itself.
The OpenJS Foundation has posted its latest Node.js security progress report covering January 2023.
▶ The NPM Library Creation Speedrun — Social media’s most famous TypeScript developer right now takes just 90 minutes to build, CI, and publish a complete npm package. You could do it faster, of course, but he takes a thorough approach with testing, TypeScript, writing a README and actually building something useful. (Note: He actually starts around the 17-minute mark in the video.)
Prefer ▶️ a 3-minute primer to publishing an npm package with the latest tools? Matt’s got you covered there, too.
Building a Simple CLI Tool with Modern Node.js — Starting from scratch, with no boilerplate.
React Authentication, Simplified — In this article, we lay out a new approach to authentication (plus access control & SSO) in React applications.
Task Queuing the Easy Way with Node and BullMQ — Why do something immediately if you can put it off until later? Message queuing isn’t for the lazy though—it can help make your app more responsive.
🛠 Code & Tools
Papr 11.0: Making the World (Type) Safe for MongoDB Queries — Papr is a TypeScript wrapper around the usual MongoDB Node.js driver that uses JSON schema validation to improve type safety. This post explains how it has recently been enhanced. GitHub repo.
NodeGUI: Build Native Cross-Platform Desktop Apps with Node.js — Unlike Electron which leans upon webviews and HTML, NodeGui uses a Qt based approach. Last week’s 0.58.0 release was the first stable release based on Qt 6 and offering high DPI support.
Need to Upgrade Node? We Open Sourced depngn to Help with That 🛠️
DOMPurify 3.0: Fast, Tolerant XSS Sanitizer for HTML and SVG — A project that’s nine years old and still actively developed. Supports all modern browsers (IE support was only just dropped) and is heavily tested. There’s a live demo here.
Bridge Mongo: A Fully-Typed Mongoose ODM — It must be the week for people bringing typing to MongoDB. Bridge Mongo takes the approach of sitting atop the Mongoose ODM while providing full type-safety and auto-completion. GitHub repo.
↳ Node.js open CLI app framework.
↳ LDAP client and server API.
↳ iCalendar (ics) file generation.
↳ Metadata scraper with oEmbed and Open Graph support.
Article Extractor 7.2.9
↳ Extract the article from a given URL.
↳ Client implementation for ChatGPT and Bing GPT.
Software Engineer (Backend) — Join our “kick ass” team. Our software team operates from 17 countries and we’re always looking for more exceptional engineers.
Senior Backend Engineer (Remote) — Change the way the world works together with us. We are looking for developers to extend our team.
Find Tech Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.
👾 Letting Node Play Your Games
A Node Script That Plays ‘Hay Day’ — Hay Day is a mobile ‘virtual farming’ game and like many such games, it seems to involve a lot of grinding to progress. Sam has used Node to bring together some OCR, screenshotting, and calling out to AutoHotKey to play the more boring parts of the game – techniques you might be find useful to try elsewhere, perhaps. There are ▶️ some clips of it in action on Twitch.