Javascript Node

Optimizing npm script performance4 min read

#​480 — March 30, 2023

Read on the Web

Node Weekly is moving to Tuesdays. We’re making some changes to our schedule, and since next Tuesday isn’t far away, we’re skipping next week’s issue and we’ll be back on Tuesday, April 11, 2023. See you then!
__
Peter Cooper, your editor

Are Half of New npm Packages Just Junk?Sandworm is the creator of the Sandworm Audit package analysis tool and as part of that work, the claim is made that “more than half of all new packages” on the official npm registry are just placeholders with READMEs that contain links to various nefarious sites.

Gabi Dobocan (Sandworm)

Node v16.20.0 (LTS) Released — Not a big release. Mostly updates to dependencies like npm (to 8.19.4) and undici. The version bump is justified by the backporting of support for externally shared JS builtins.

Beth Griggs (Node.js Team)

Smooth Log Management for Node.js Developers — Unlock the power of logs with AppSignal. Find all the key information in a few clicks in our clean and intuitive interface. Monitoring doesn’t need to be a hassle, AppSignal is here to help.

AppSignal sponsor

Speeding Up the JavaScript Ecosystem: npm Scripts — The latest in a fascinating series on finding ‘low hanging fruit’ when it comes to performance. The author explains this one best himself: “‘npm scripts’ are executed by JavaScript developers … all the time. Despite their high usage they are not particularly well optimized and add about 400ms of overhead. In this article we were able to bring that down to ~22ms.”

Marvin Hagemeister

Node.js Compatibility for Cloudflare WorkersCloudflare Workers is a popular serverless platform that uses V8 isolates rather than a Node runtime. This has meant support for Node functions has been lacking, but things are changing with support for AsyncLocalStorage, EventEmitter, Buffer, assert, and parts of util now available to use with more to follow.

James M Snell

IN BRIEF:

Did you know it’s been three years since npm joined GitHub?

Mongoose is a popular library for modelling data in MongoDB from Node, but its lead maintainer, Valeri Karpov, has revealed they’re working on Cassandra support for Mongoose in the shape of stargate-mongoose.

Looking for a database option? The Technically Database Database provides a straighforward look at some popular options.

Azure Functions user? Version 4 of the Node.js programming model is currently in preview there. This means changes to how functions are structured and defined.

The Landscape of npm Packages for CLI Apps — If you want to create a CLI app, there are a lot of options nowadays for covering areas like pretty output, parsing arguments, and accepting user input. This post rounds up some of the options in these various areas.

Joey Kilpatrick

Navigate the Pitfalls and Returns of Using Node.js Worker Threads — Review the pros and cons of worker threads, and how they differ from other multithreading implementations, in Snyk’s recent Node.js article.

Snyk sponsor

A Business Case for SvelteKit — A good post covering the experience of migrating from Meteor to SvelteKit, the process this team undertook, and the outcomes from both a performance and UX point of view.

Chris Ellis

Understanding module.exports and exports in Node

James Hibbard

🛠 Code & Tools

np 7.7.0: A Better npm publish — Makes the process of publishing a package smoother with an interactive UI, checks that you’re publishing the right thing, runs tests, pushes commits and tags, etc.

Sindre Sorhus

Nano JSX: A Lightweight SSR-First JSX Library — Features include no Virtual DOM, no external dependencies, on-demand hydration, and support for Node and Deno-based server-side rendering situations.

Nano JSX

Concurrent.js: Load Modules into Background Threads — Billed as a concurrent computing approach for JavaScript environments including the browser, Node and Deno, this library lets you dynamically import modules into worker threads (in Node) or Web Workers (in the browser).

Bitair

React Authentication, Simplified

Userfront sponsor

pnpm 8.1: Alternative Fast and Space Efficient Package Manager“A new setting has been added called dedupe-direct-deps, which is disabled by default. When set to true, dependencies that are already symlinked to the root node_modules directory of the workspace will not be symlinked to subproject node_modules directories. This feature was enabled by default in v8.0.0 but caused issues, so it’s best to disable it by default”

pnpm

Sharp 0.32.0: High Performance Image Processing from Node — It’s been a few years since we included this properly, but it’s so good. It uses libvips behind the scenes to provide what it claims is ‘the fastest module to resize JPEG, PNG, WebP and TIFF images’. You can also rotate, do gamma correction, crop, etc. Image resizing API and examples.

Lovell Fuller

💻 Jobs

Software Engineer (Backend) — Join our “kick ass” team. Our software team operates from 17 countries and we’re always looking for more exceptional engineers.

Sticker Mule

Find Tech Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.

Hired

QUICK RELEASES:

Unfurl 6.3
↳ oEmbed, Twitter and Open Graph metadata scraper.

JZZ 1.6.1
↳ MIDI library for Node and browsers.

NodeBB 2.8.10
↳ Popular forum software. (Demo.)

Moon 1.0
↳ Rust-powered task runner and repo management tool.

Strapi 4.9
↳ Node.js-based headless CMS.

Prisma 4.12
↳ Next-generation ORM for Node and TypeScript.

Pin It on Pinterest