#​452 — September 1, 2022

Read on the Web

Tinybench: A Tiny and Simple Benchmarking Library — No dependencies, but uses whatever precise timing capabilities are available (e.g.


). You can then benchmark whatever functions you want, specify how long or how many times to benchmark for, and get a variety of stats in return.


Installing and Running


Scripts — npm packages can specify which shell scripts/runnable files they provide by way the package.json


property. Dr. Axel digs pretty deep, here, into how it all works and the two approaches for installing packages offering such



Dr. Axel Rauschmayer

Virtual Capture the Flag 101 Workshop: September 14 | 11am EDT — Join Snyk in a hands-on, virtual workshop to learn how to solve Capture the Flag (CTF) challenges and build the security skills and experience you need to compete in CTFs. Save your spot today.

Snyk sponsor

Jazzer.js: In-Process ‘Fuzzing’ for Node Apps — Inspired by a similar named JVM-based fuzzer (Jazzer), Jazzer.js is a libFuzzer-based in-process fuzzer for Node apps. It doesn’t just generate fuzzed inputs, but detects when new code paths are reached and adjusts input to reach even deeper code paths. GitHub repo.

Code Intelligence

Heroku Reveals Roadmap; Drops Free Plans — Much conjecture has swirled around the state of Heroku, a commonly used PaaS for hosting Node apps, and now its owner has responded with a slightly underwhelming roadmap which sadly includes the discontinuation of its popular free plans this November. So if you have apps on Heroku, it’s worth checking in on how they’ll fare and, perhaps, taking a look at some alternatives.


4 Ways to Minimize Your Dependencies — After numerous npm supply chain stories (and vulnerabilities thereof) or looking at how large that


folder has ended up, keeping your dependencies to a minimum may appeal to you. Dmitry has a few ideas, but you might not like them.

Dmitry Kudryavtsev

Instant Real-Time Tracking and Monitoring for Your Tests

Buildkite Test Analytics sponsor

Building a Secure API with gRPC and Node — A walkthrough of allowing two Node apps to communicate over the HTTP/2 and protocol buffer based gRPC mechanism.

Vitalis Ogbonna (Snyk)

Making a Twitter Bot in the Year 2022 with Node.js

Colin Diesh

🛠 Code & Tools

jscythe: Misusing the Node.js Inspector Mechanism to Run Arbitrary Code — An interesting proof of concept of a way to use Node’s inspector mechanism to force any Node/Electron/V8-based process to run arbitrary JavaScript code, even if their own debugging capabilities are disabled.

Simone Margaritelli

TestCafe v2.0.0: Automated End-to-End Testing Tool — A popular and long standing testing tool reaches a new milestone and, notably, is the first update to include breaking changes.. so if you’re a user, pay close attention.

Developer Express Inc.

Detect Latency in Your Code Without Affecting Node App Performance

Datadog sponsor

Uncino: Fast, Tiny and Solid Hooks System — The latest Node package with an Italian name (don’t forget Undici!) provides a hooks system inspired by the one in WordPress (not to be confused with React-style hooks).

Riccardo Tartaglia


Mercurius 10.5 – Implement GraphQL servers on Fastify.
graphql-request 5.0 – Minimal GraphQL client.
Clinic.js 12.0 – Node performance profiling suite.
fastest-validator 1.15 – Fast data validation library.
env-var 7.2 – Verification and sanitization for env variables.
grammY 1.11 – Telegram bot framework.
Faker 7.5 – Generate massive amounts of fake data.
Prisma 4.3 – The next-gen ORM for Node & TypeScript.
Middy 3.3 – Node middleware engine for AWS Lambda.
Dynamoose 3.0.2 – Modeling tool for DynamoDB.

💻 Jobs

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.



Leave a Reply

Your email address will not be published. Required fields are marked *