#482 — April 18, 2023
Node.js 20 Released — A quirk of fate meant this issue was delayed for a couple of hours and.. Node v20 was launched in that time. Phew! This means we haven’t had much time to digest the news, though, but the key updates include:
Experimental support for a permission model. This is a feature Deno has at its core, but now you can restrict/allow access to certain capabilities with Node too.
V8 11.3 (which finally includes Regexp /v flag support)
The node:test test runner goes stable.
Official support for Windows on AArch64/ARM64.
Numerous performance improvements.
We look forward to featuring more about the release next week too.
The Node.js Team
Memetria: Secure, Scalable Redis 7 Hosting — The latest Redis features, instrumented and scaled with the tools teams need as they grow.
// A look at a JS-specific quirk in regular expressions when empty character classes are used.
The ECMAScript 2023 spec has been approved by TC39 and is now with the ECMA General Assembly for eventual final approval. If you haven’t got several hours to read the spec, Paweł Grzybek can help you out with a simpler look at a few new features.
npm Security Best Practices — Part of the Open Web Application Security Project’s (OWASP) extensive cheat sheet series. This one, written by Liran Tal, covers ten key points to keep in mind with regards to using npm and npm packages.
OWASP Cheat Sheet Series
In other Liran news, he’s released 📗 Node.js Secure Coding, a (paid) book covering secure coding practices through performing local attacks on real-world packages and analyzing the vulnerable code behind them.
Piumi Liyana Gunawardhana (Honeypot)
🛠 Code & Tools
AdminJS 7.0: An Admin Panel for Node Apps — An ‘automatic’, open source admin interface you can introduce to existing apps. Wire it up to your ODM/ORM, and off you go. Here’s what’s new in v7.0, a v7 migration guide, and ▶️ a four-minute screencast intro to what’s new. GitHub repo.
Strong SOAP: A SOAP Driver for Node — If you need to interoperate with SOAP-based services, here’s a fresh (clean?) option that bills itself as a complete rewrite of the earlier node-soap.
Avoid Falling Victim to Malicious Packages in OS Ecosystems — Get a broader view of the rising trend in malicious packages in OS ecosystems — and how to avoid them — in Snyk’s recent article on the theme.
Actio: A Framework for Backend Apps — For both microservices or monoliths. Comes with quite a few batteries included in areas like auth, file upload support, configuration, and even a payment service.
Discord.js V14 Bot: A Multipurpose Discord Bot — If you want a Discord bot you can customize but that has a lot of features like moderation, stats, and social features built in, this is for you.
Sai Teja Madha
LiQuery: SQLite Search, Tagging, Filtering and Sorting via Simple Text Queries — SQL already offers ‘text queries’, of course, but this is an interesting experiment to make things even more concise with a basic search engine style syntax.
Find Tech Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.
↳ Minimal GraphQL client for Node & browsers.
↳ Postgres-backed job queuing system.
↳ Modeling tool for Amazon DynamoDB.
↳ Flexible multi-purpose crawler library.
↳ Type-safe Node Postgres client library.
↳ Qt 6-powered native desktop app framework.
↳ Fast, disk space efficient package manager.