#509 — November 7, 2023
Awesome Node Security: A Curated List of Node Security Resources — Includes links to libraries like Helmet (which just had a new release a few hours ago), educational resources, tools, and even stories of incidents like the left-pad incident (which, somehow, was a whole seven years ago!)
Liran Tal
🖼 image-dimensions: Get the Dimensions of Images — Sindre’s latest creation is a simple but comprehensive one. A way to get the size (as width and height in pixels) for JPEG, PNG, APNG, and GIFs in any modern JavaScript environment. He seeks PRs to add JPEG XL, HEIC, WebP support if you have experience in those areas.
Sindre Sorhus
Need to Offer SSO to Your Customers? Use WorkOS — WorkOS lets you quickly build enterprise features like SAML & SCIM. Integration is seamless with beautiful API docs and SDKs. Join hundreds of companies using WorkOS—including Vercel, PlanetScale & Webflow—and make your app Enterprise Ready today.
WorkOS sponsor
Building AI Apps with LangChain and Node.js — Discover the basics of building a Retrieval-Augmented Generation (RAG)-powered application using the LangChain framework (a popular framework for working with LLMs available in both Python and Node).
Julián Duque
IN BRIEF:
Deno 1.38 has been released and takes Node.js compatibility even further by allowing the use of npm (or pnpm) to install packages.
In other ‘runtimes that aren’t Node’ news, Bun v1.0.10 has just landed too, with a 14% faster node:http (a compatible wrapper around Bun.serve).
Node.js v20.x is now the default version on Heroku.
If you’re a VS Code user, get excited: support for moving editors into floating windows is on the way.
If you have any interest in making a Node app work as a Windows service, Jakob Wärnhjelm’s experimentation may save you a lot of time.
🇪🇺 NodeConf EU is taking place right now in Ireland. I’m seeing a lot of love for the talks so far – fingers crossed we get to share some videos soon.
Node hasn’t got its new mascot yet, but the Eleventy static site generator does.
How to Build a Server-Side React App Using Vite and Express — A demo of server-side rendering and server-side data fetching without using a full-on framework — showing what React-powered frameworks actually do.
Paul Scanlon
Best Practices for Bootstrapping a Node App Configuration
Liran Tal
🛠 Code & Tools
Is Text or Binary? 7.0 — It first tries to determine from a filename if the contents of the file are likely to be binary or text. Failing that, it then looks at the actual data to figure it out.
Bevry
Super Expressive: Build Regexes in a Fluent, ‘Natural Language’ Style — A library for building regular expressions using an ‘almost natural language’ approach. It feels a little too verbose for me, but it’s certainly readable. There’s also an online playground where you can experiment.
Francis Stokes
You Look Like You Could Use a T-Shirt. And a Better Auth Provider — Spin up a local instance of FusionAuth in just 5 minutes. Send us a screenshot and we’ll send you a t-shirt. It’s free.
FusionAuth sponsor
log-update 6.0: Logging by Overwriting the Previous Output — Imagine a console.log that just overwrites itself on the same line each time. Perhaps for rendering progress bars, animations, etc.
Sindre Sorhus
node-datachannel 0.5: libdatachannel Bindings for Node — libdatachannel is a standalone C++17-based implementation of various WebRTC standards, as well as WebSockets, for use on POSIX platforms.
Murat Doğan
Google Cloud SQL Node.js Connector 1.1 – Work with Cloud SQL instances from Node.
setup-node 4.0 – Set up a GitHub Actions workflow with a specific Node version.
unix-permissions 6.0 – Helper library for working with POSIX file permissions.
node-llama-cpp 2.8 – Run AI models locally with Node.js llama.cpp bindings.
temporary-path 1.0 – Get a random temporary path / directory.
Nightwatch.js 3.3 – Integrated end-to-end testing framework.
file-type 18.6 – Detect the file type of a buffer.
📰 Classifieds
📢 See if you qualify for $2,400 in Temporal Cloud credits and access to support and services with our new Temporal Cloud for Startups program.
NOTABLE QUOTABLE
“Maintaining an open-source project is like being a flight attendant for an airline where all tickets are free and the majority of customer surveys offer suggestions on how to fly the airplane.”
___
Kelsey Hightower #