Avoiding npm Substitution Attacks — Recently there have been some high profile examples of supply chain attacks on popular source code repositories, such as where fake or eponymous packages are published, but you can reduce your attack surface by taking precautions and managing dependencies. Here’s some tips when using
1
npm
.
Isaac Z. Schlueter
An Interview with Ryan Dahl, the Creator of Node.js and Deno — Ryan created Node.js 11 years ago and in recent years has moved on to Deno where he’s attempting a new take at the same idea. This interview touches on Deno’s challenges and Ryan’s love of Rust and Vim.
WebdriverIO v7 Released — WebdriverIO is a popular browser and mobile automation testing framework for Node. v7 brings it over to TypeScript, improves its Google Lighthouse integration, and improves compiler tool integration. There’s even a brief video about the release.
Find Your Next Job Through Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
V8’s Route to Faster JavaScript Method Calls — This gets very technical and fast, but it’s fantastic to see how the V8 team continues to address important performance issues in the world’s most widely used JavaScript engine. This work improves the performance of your Node and browser-facing code alike.
SVGO 2.0: A Node-Based SVG Optimizer — If you’ve worked with SVG (Scalable Vector Graphics) at all, you’ve probably seen they can be filled with all sorts of junk code.. SVGO to the rescue. 2.0.0 just came out and drastically reduces the package size while making API changes.
#479 — March 23, 2023 Read on the Web 🔒 npm Granular Access Tokens Now Generally Available — The granular access token feature on the npm registry is now generally available, allowing you to restrict Read more…
#478 — March 16, 2023 Read on the Web Shell-Free Scripts with Execa 7.1 — Execa is a popular process execution library for Node and the latest version includes an interesting 1$ method feature for Read more…
#477 — March 9, 2023 Read on the Web Feathers 5: The API and Real-Time App Framework — Feathers isn’t as well known as Nest or Fastify, say, but it’s a powerful and mature option Read more…
0 Comments