#479 — March 23, 2023
🔒 npm Granular Access Tokens Now Generally Available — The granular access token feature on the npm registry is now generally available, allowing you to restrict token access to specific packages, set expiration dates, limit access by IP range, and more.
Automatic npm Publishing with GitHub Actions and Granular Tokens — As mentioned above, GitHub has announced granular access tokens for the npm registry. Tim explains why this is a big deal, not only from a security point of view for us all, but also for anyone publishing packages.
React Authentication, Simplified — In this article, we lay out a new approach to authentication (plus access control & SSO) in React applications.
Deno 1.32 Released with Enhanced Node Compatibility — I know this is a Node newsletter, but given Deno’s provenance and continuing insistence for Node.js compatibility, this is Node news in a round about way. 1.32 ships with TypeScript 5 and extends package.json support in particular.
Why We Added package.json Support to Deno — Further to the above item and Deno’s Node and npm compatibility continuing to improve, the Deno team has been facing questions about the runtime’s core priorities. Ryan Dahl explains more about the thinking here.
This item led to an amusing Hacker News subthread wondering if Deno is just heading back to where Node already is. Probably not, but it’s a playful observation, and a common issue around the ‘version 2’ of popular systems generally.
The folks at Socket have introduced what they’re calling ‘safe npm’, a transparent wrapper for npm that tries to protect users from malware, typosquatting, malicious install scripts, and more.
Over on Twitter, Sid Palas started with what he called a ‘pile of 💩’ Dockerfile for a Node app and worked up to a podium-place example.
Snyk’s Vivek Maskara takes a quick look at how Express, Fastify, and NestJS secure themselves against common security concerns.
Swizec Teller asks: Can you build a semantic search system in an afternoon? It seems so.
Migrating from ts-node to Bun — Everyone’s coming for Node.js this week! Now it’s the turn of performance oriented Bun. John runs us through porting a console app from ts-node over to Bun — something he calls “a pretty easy process”.
Create a CLI Chatbot with the ChatGPT API and Node — If you can’t beat them, join them..
🛠 Code & Tools
Héctor Molinero Fernández
DOCX 8.0: Generate Word .docx Files from Node or Browser — The code to lay out your documents is verbose but there’s a lot of functionality baked in. Here’s a CodePen-based example and the v8.0 release notes – GitHub repo.
🚀 Monitor And Optimize Website Speed To Rank Higher in Google — Monitor Google’s Core Web Vitals and optimize performance using in-depth reports built for developers. Improve SEO & UX.
Malibu: Framework-Agnostic CSRF Middleware — ESM only, zero-dependency, and TypeScript types are included. It’s compatible with Express, Tinyhttp, and most modern frameworks based around the core HTTP package.
pg-anonymizer 0.7.0: Anonymized Data Dumping from Postgres — A Node-powered tool for taking anonymized exports of databases. Sensitive data is replaced with faked data of equivalent types.
eslint-formatter-pretty 5.0: Pretty ESLint Formatter — Nicer output than the default. Sort results by severity. Get stylized inline code blocks, and more.
Express-Ts-Auth-Service: A Ready-to-Use Authentication Service — A pre-built authentication server built around Express.js, JSON Web Tokens, TypeScript and MySQL (via Prisma).
AWS JWT Verify: Verify JWTs Signed by Amazon Cognito — In both Node.js and the browser.
Amazon Web Services
Software Engineer (Backend) — Join our “kick ass” team. Our software team operates from 17 countries and we’re always looking for more exceptional engineers.
Find Tech Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.
↳ BSON parser library. Now supports Map
↳ MySQL session store for Express.js.
Hexo 7.0 RC1
↳ Node blogging framework.
↳ Type safe Postgres client library.
↳ Fast, low overhead web framework.
↳ Flexible cache module.