A snapshot of what’s new in Node

#​536 — June 18, 2024

Read on the Web

Node v22.3.0 (Current) Released — One of those releases where lots of tiny things have occurred, but little of broad significance, except… for snapshot testing! Snapshot tests serialize arbitrary values into string values to be compared against a set of pre-built known ‘good’ values (stored as a ‘snapshot’ representing a desired state).

Rafael Gonzaga

Researchers Uncover npm Registry Vulnerability to Cache Poisoning — The basic idea is that specific versions of target packages can be targeted to appear as if they are no longer available for brief periods of time. This isn’t a huge vulnerability, but still an important one that GitHub is fixing.

Sarah Gooding (Socket)

WorkOS: Modern Identity Platform for B2B SaaS — Start selling to enterprise customers with just a few lines of code. WorkOS provides flexible, easy-to-use APIs to integrate SSO, SCIM, and RBAC in minutes. It’s used by some of the hottest startups in the world including Perplexity, Vercel, & Webflow.

WorkOS sponsor

Dual Publishing ESM and CJS Modules with

and ‘Are the Types Wrong’ — tsup makes it easy to bundle TypeScript libraries, and Are the Types Wrong? is a tool to analyze packages for issues with their TypeScript types, particularly ESM-related module resolution issues.

John Reilly

What Happens When a Major npm Library Goes Commercial? — The ua-parser-js library is commonly used to parse user agent strings and gets over 12 million downloads a month, but it has recently switched to AGPL+commercial licensing.

Matteo Collina

📄 How to Create WebVTT Files for Videos in Node (with AssemblyAI) – The Web Video Text Tracks Format (WebVTT) is a common standard for subtitles/closed captioning. AssemblyAI’s platform does the hard work here. Niels Swimberghe

📄 UUIDv7 Implemented in 20 Languages – Surprisingly short and sweet. Anton Zhiyanov

📄 Writing Your First Visual Regression Check in Playwright Nočnica Mellifera

📄 Capturing Garbage Collection Traces in Node Apps CoderOasis

📄 Using JSON Schema When Calling Google Gemini Raymond Camden

🛠 Code & Tools

super-regex: Timeout Long Running Regular Expressions — Many regular expression implementations suffer from so-called ReDoS vulnerabilities, where certain regexes can cause an excessively long evaluation time.

introduces the ability to have regexes timeout when they take too long.

Sindre Sorhus

💡

just wraps Node’s usual regex implementation, but if you can tolerate switching to a different regex engine entirely, RE2JS is also worth a look.

Transformational Auth & Identity | Userfront — “Compared to our previous experiences in the security/auth space, Userfront is an order of magnitude simpler to use.”

Userfront sponsor

Electron 31.0.0: The Cross Platform Desktop App Framework — Chromium gets bumped to v126, V8 to v12.6, and Node.js to v20.14.0. WebSQL support finally gets removed.

OpenJS Foundation

Eicrud: A CRUD/Authorization Framework Based on NestJS — Extends NestJS / Fastify, and works with MikroORM, CASL and class-validator. GitHub repo.

Antoine Crosetti

• Ts.ED 7.72 – Node + TypeScript framework on top of Express.

• pnpm 9.4 – The fast, efficiency-focused package manager.

• Fastify 4.28 – The fast, low overhead Node web framework.

• ESLint 9.5.0