Node gets a built-in package manager manager (not a typo)

#​404 — September 9, 2021

Read on the Web

Node Weekly

Node v16.9.0 (Current) Released with Experimental Package Manager Manager — A big addition this time out is Corepack, a new experimental tool for managing package managers directly within the Node distribution itself (as already used to occur with

but could now be Yarn or

instead). V8 also moves up to V8 9.3 with error cause support and

.

Michaël Zasso

How an

Package with 3M Weekly Downloads Had a Severe Vulnerability — It’s not every day a publication as mainstream as Ars Technica covers Node news, but security researcher Ax Sharma has put together a good story about a significant vulnerability in

.

Ars Technica

Fauna: A Modern Serverless Data API for Node.js Apps — Fauna combines the schema flexibility that’s provided by document databases with ACID compliant transactions. Quickly integrate Fauna into your applications with our Data API and leave scaling, sharding and all other operations to Fauna.

Fauna sponsor

Common

Mistakes Every Developer Should Avoid — Learn how to avoid common mistakes when managing dependencies, publishing packages, and more.

Bhagya Vithana

GitHub Security Update: Vulnerabilities in

— GitHub has received reports via a private security bug bounty program about code execution vulnerabilities in

(the npm package) and

so they’re strongly recommending upgrading both

to 6.14.15 or 7.21.0 or newer and

, if you use it in your projects.

Mike Hanley (GitHub)

An Intro to Web Scraping with JavaScript and Node — Leans on Axios (to fetch HTML over HTTP), Cheerio (a jQuery-a-like for querying Web documents), and Playwright (to automate a browser).

Ander Rodriguez

Simple Concurrency in Go for Fans of JavaScript’s

— If Go is a language that interests you, you can both see how a common JavaScript concept translates over and.. you can check out our Go newsletter 😉

Nate Anderson

Stream Video in Your Node App in Two API Calls

Mux sponsor

Trace-Based Testing with OpenTelemetry: Meet Malabi — An introduction to Malabi, a new OpenTelemetry-based test framework that lets you do what they’re calling trace-based testing for verifying interconnectivity issues between distributed services.

Michael Haberman

Why Electron Apps Are Fine — While Niels agrees with many common criticisms of Electron, his users don’t care, and he says you shouldn’t care either.

Niels Leenheer

bundle: A Quick npm Package Size Checker — Enter a package name, then hit the “run” button and this tool will give you the minified, bundled, and gzipped size of the package.

Okiki Ojo

Renamer 4.0: Rename Files in Bulk — A Node powered CLI tool but with the interesting addition that you can write a

function in JavaScript to perform more complex renames.

Lloyd Brookes

is-reachable: Check If a Server Is Reachable — Another library from Sindre’s immense catalogue. This library simply does a TCP handshake with a specified target to see if a server is at least ‘reachable.’ Before that, maybe you can use is-online to work out if you’re even online in the first place? 😉

Sindre Sorhus

Auth Without Complexity

Userfront sponsor

timefind: Search a Web Site’s History — A Node-based tool (which you can use from the terminal) for quickly flipping through the Web Archive’s snapshots.

Nathan Manceaux-Panot

cron-parser 4.0: Node Library for Parsing

Rules —

is a commonly used mechanism on Unix-based systems for running recurring tasks and such tasks are defined in a very specific format. This package lets you parse this format for your own ends.

Harri Siirak

Boilerplate to Kickstart Creating an npm Package using TypeScript — The self descriptively named

gives you a quick launchpad for creating your own TS powered

package.

Ryan Sonshine

ssh2 v1.4: Pure JavaScript SSH2 Client and Server Modules for Node

Brian White