Security

#​417 — December 9, 2021

Read on the Web

Node Weekly

GitHub Rolling Out Enforced 2FA and More for npm Registry — Many public code package registries have suffered issues with user security in recent years, and a single compromised package can cause havoc in the npm ecosystem in particular. GitHub are, therefore, moving forward with plans for ‘enhanced login verification’ including enforced 2FA for publishers of high impact packages in early 2022. If you want to check your npm account and improve its security, now is the time!

Myles Borins

Why You Should Check-In Your Node Dependencies — “I currently work at Google on the Chrome DevTools team and we check our node_modules folder into source control. At first this struck me as unusual, but I’ve come to believe that there are some major benefits to this approach that I think more people should consider.”

Jack Franklin

The DevSecGuide to Infrastructure as Code — Learn research on the state of IaC security, practical steps for building a DevSecOps culture, and tips for embedding automated security throughout the DevOps lifecycle. Download the guide for free.

Bridgecrew sponsor

IN BRIEF:

• npm 8.2.0 has been released.

• GitHub is making some serious improvements to its code search functionality. There’s a waitlist if you want to try it out, though.

• Chalk 5.0, the popular terminal styling library, is now out, and has gone pure ESM. TypeScript users will want to stick with Chalk 4 until TypeScript 4.6, however.

On Node.js Memory Limits: What You Should Know — Node.js is pretty efficient in terms of its memory use so you might never run into its limits, but it’s worth understanding how Node’s memory management works and how to handle limits and things like memory leaks before they crop up in your app.

Camilo Reyes

Fighting TLS Fingerprinting with Node — For a whole variety of reasons, some sinister, many commercial, a lot of online services want to track people and their use of the Web – fingerprinting is one way to do this, and the way TLS requests are made can add to this, as demonstrated here.

Tim Perry

Want to Transfer a Domain with No Downtime? 👀 Our Handy Checklist 👉

DNSimple sponsor

Creating Views with Postgres and TypeORM — TypeORM is a popular ORM that supports the Active Record and Data Mapper patterns and can be used from Node.

Marcin Wanago

How to Set Up Server Side Rendering (SSR) with React, Express.js, & esbuild

Adam Berg

graphql-request: A Minimal GraphQL Client for Node and Browsers — The target use here is small scripts and simple apps, not larger things where something like Apollo might provide the structure you need.

Prisma Labs

CSSO 5.0: A CSS Minifier with Structural Optimizations — A tool that cleans, compresses, and restructures CSS. The newly dropped v5.0 adds ES module support and CSS Selectors Level 4 support too.

Roman Dvornov

node-datachannel: libdatachannel Bindings for Node.js —

is a standalone C++17-based implementation of various WebRTC standards, as well as WebSockets, for use on POSIX platforms.

Murat Doğan

Video for Node: Build Video in Just Two API Calls

Mux sponsor

Nock: HTTP Server Mocking and Expectations Library — Let’s say you’re creating a client library that uses HTTP to hit a third party service. Nock will let you test it in isolation by mocking requests/responses.

Nock

Ink 3.2: React, but for Building Interactive CLI Apps — Build your command line apps using React-style components.

Vadim Demedes

github-unstar: Unstar All Your Starred GitHub Repos — If you’ve starred far too many repos on GitHub and want to start from scratch, this quick script could help.

tpkahlon

async-sema: A Semaphore Implementation for Use with

Vercel

jsdom 19.0: Pure JS Implementation of Web Standards for Use with Node

Elijah Insua

Multer: Middleware to Handle

Submissions

Hage Yaapa

Zod: TypeScript-First Schema Validation with Static Type Inference

Colin McDonnell