#480 — March 30, 2023
⏱ Node Weekly is moving to Tuesdays. We’re making some changes to our schedule, and since next Tuesday isn’t far away, we’re skipping next week’s issue and we’ll be back on Tuesday, April 11, 2023. See you then!
Peter Cooper, your editor
Are Half of New npm Packages Just Junk? — Sandworm is the creator of the Sandworm Audit package analysis tool and as part of that work, the claim is made that “more than half of all new packages” on the official npm registry are just placeholders with READMEs that contain links to various nefarious sites.
Gabi Dobocan (Sandworm)
Node v16.20.0 (LTS) Released — Not a big release. Mostly updates to dependencies like npm (to 8.19.4) and undici. The version bump is justified by the backporting of support for externally shared JS builtins.
Beth Griggs (Node.js Team)
Smooth Log Management for Node.js Developers — Unlock the power of logs with AppSignal. Find all the key information in a few clicks in our clean and intuitive interface. Monitoring doesn’t need to be a hassle, AppSignal is here to help.
Node.js Compatibility for Cloudflare Workers — Cloudflare Workers is a popular serverless platform that uses V8 isolates rather than a Node runtime. This has meant support for Node functions has been lacking, but things are changing with support for AsyncLocalStorage, EventEmitter, Buffer, assert, and parts of util now available to use with more to follow.
James M Snell
Did you know it’s been three years since npm joined GitHub?
Mongoose is a popular library for modelling data in MongoDB from Node, but its lead maintainer, Valeri Karpov, has revealed they’re working on Cassandra support for Mongoose in the shape of stargate-mongoose.
Looking for a database option? The Technically Database Database provides a straighforward look at some popular options.
Azure Functions user? Version 4 of the Node.js programming model is currently in preview there. This means changes to how functions are structured and defined.
The Landscape of npm Packages for CLI Apps — If you want to create a CLI app, there are a lot of options nowadays for covering areas like pretty output, parsing arguments, and accepting user input. This post rounds up some of the options in these various areas.
Navigate the Pitfalls and Returns of Using Node.js Worker Threads — Review the pros and cons of worker threads, and how they differ from other multithreading implementations, in Snyk’s recent Node.js article.
A Business Case for SvelteKit — A good post covering the experience of migrating from Meteor to SvelteKit, the process this team undertook, and the outcomes from both a performance and UX point of view.
Understanding module.exports and exports in Node
🛠 Code & Tools
np 7.7.0: A Better npm publish — Makes the process of publishing a package smoother with an interactive UI, checks that you’re publishing the right thing, runs tests, pushes commits and tags, etc.
Nano JSX: A Lightweight SSR-First JSX Library — Features include no Virtual DOM, no external dependencies, on-demand hydration, and support for Node and Deno-based server-side rendering situations.
React Authentication, Simplified
pnpm 8.1: Alternative Fast and Space Efficient Package Manager — “A new setting has been added called dedupe-direct-deps, which is disabled by default. When set to true, dependencies that are already symlinked to the root node_modules directory of the workspace will not be symlinked to subproject node_modules directories. This feature was enabled by default in v8.0.0 but caused issues, so it’s best to disable it by default”
Sharp 0.32.0: High Performance Image Processing from Node — It’s been a few years since we included this properly, but it’s so good. It uses libvips behind the scenes to provide what it claims is ‘the fastest module to resize JPEG, PNG, WebP and TIFF images’. You can also rotate, do gamma correction, crop, etc. Image resizing API and examples.
Software Engineer (Backend) — Join our “kick ass” team. Our software team operates from 17 countries and we’re always looking for more exceptional engineers.
Find Tech Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.
↳ oEmbed, Twitter and Open Graph metadata scraper.
↳ MIDI library for Node and browsers.
↳ Popular forum software. (Demo.)
↳ Rust-powered task runner and repo management tool.
↳ Node.js-based headless CMS.
↳ Next-generation ORM for Node and TypeScript.