GitHub Rolling Out Enforced 2FA and More for npm Registry — Many public code package registries have suffered issues with user security in recent years, and a single compromised package can cause havoc in the npm ecosystem in particular. GitHub are, therefore, moving forward with plans for ‘enhanced login verification’ including enforced 2FA for publishers of high impact packages in early 2022. If you want to check your npm account and improve its security, now is the time!
Myles Borins
Why You Should Check-In Your Node Dependencies — “I currently work at Google on the Chrome DevTools team and we check our node_modules folder into source control. At first this struck me as unusual, but I’ve come to believe that there are some major benefits to this approach that I think more people should consider.”
Jack Franklin
The DevSecGuide to Infrastructure as Code — Learn research on the state of IaC security, practical steps for building a DevSecOps culture, and tips for embedding automated security throughout the DevOps lifecycle. Download the guide for free.
Chalk 5.0, the popular terminal styling library, is now out, and has gone pure ESM. TypeScript users will want to stick with Chalk 4 until TypeScript 4.6, however.
On Node.js Memory Limits: What You Should Know — Node.js is pretty efficient in terms of its memory use so you might never run into its limits, but it’s worth understanding how Node’s memory management works and how to handle limits and things like memory leaks before they crop up in your app.
Camilo Reyes
Fighting TLS Fingerprinting with Node — For a whole variety of reasons, some sinister, many commercial, a lot of online services want to track people and their use of the Web – fingerprinting is one way to do this, and the way TLS requests are made can add to this, as demonstrated here.
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
Nock: HTTP Server Mocking and Expectations Library — Let’s say you’re creating a client library that uses HTTP to hit a third party service. Nock will let you test it in isolation by mocking requests/responses.
Deno Land, the developers of the Deno TypeScript/JavaScript runtime, have introduced Deno Cron, a feature the company describes as an easy way to create scheduled jobs. Announced November 29 and available behind the 1--unstable flag Read more…
#512 — November 28, 2023 Read on the Web Node.js Download Statistics — Node.js TSC member Matteo has put together a handy site that visualizes the publicly available Node.js download statistics, partly as a way Read more…
#511 — November 21, 2023 Read on the Web ‘A Node + TypeScript + ts-node + ESM Experience That Works’ — It’s just three files: 1package.json , 1tsconfig.json and a utilities file, and you’re good Read more…
0 Comments