Three new security related Node releases

#​409 — October 14, 2021

Read on the Web

Node Weekly

The GitHub Advisory Database Now Powers

—

is a command you can run to scan your project’s dependencies for known security vulnerabilities.

Edward Thomson (GitHub)

Node 16.11.1, 14.18.1, and 12.22.7 Released — Billed as the ‘October 2021 Security Releases’, v16.11.1 (Current), v14.18.1 (LTS) and v12.22.7 (LTS) each fix the same two HTTP request smuggling vulnerabilities – the details of which aren’t entirely public as of yet.

Matteo Collina

All-In-One APM for Node.js Applications — AppSignal doesn’t just offer Node.js performance monitoring and error tracking. We have a full set of features to monitor your application from A to Z packed in a clear and intuitive interface. All features are included in all plans.

AppSignal sponsor

npm 8.0 Released (But It’s Not a Huge Deal) — The npm CLI has been upgraded to version 8 (almost exactly a year after the meatier npm 7 release) but as Myles Borin notes it’s a ‘fairly innocuous’ release primarily to drop Node.js v10 support: “Please feel free to use this as an example when folks argue about not bumping a major, npm has a lot of adoption”.

GitHub Blog

QUICK BITS:

• The main npm repository was down for a couple of hours just after we sent last week’s issue.

• Serverless platform AWS Lambda has added a Graviton2/ARM-based environment to the mix in addition to its normal x86 platform.

Retiring the Node.js Community Committee — The Node.js Community Committee’s initiatives are being moved to the Node.js Technical Steering Committee (TSC) due, primarily, to an overall decline in the number of folks involved.

Tierney Cyren

Building a Static-First MadLib Generator with Portable Text and Netlify On-Demand Builder Functions — On-demand builders can be useful for more than just deferring rendering of large amounts of content. They are also useful for generating user-generated content, as in this MadLib generator.

Bryan Robinson

Build Video for Your Node App That Just Works

Mux sponsor

Is Deno Still a Thing? A Look at the Status of the ‘Node Killer’ — Not a particularly deep piece, but if you’ve not kept up with Deno it’s a quick catch up.

Fernando Doglio

A Complete Guide to Buffers in Node.js

Ruan Martinelli

Objection.js: An SQL-Friendly ORM for Node — Built on top of Knex and supporting SQLite, Postgres, and MySQL, Objection aims to ‘stay out of your way’ and let you use the full power of SQL while making common operations easier. GitHub repo.

Sami Koskimäki

Benny 3.7.0: A Simple Benchmarking Framework — Benny builds on top of the

package with an improved API for benchmarking both synchronous and async code, setup and selection of cases, saving results in various formats, and more.

Maciej Cąderek

Node SDK for Transactional Email Enhancement API. Try Out for Free

Courier sponsor

Sequelize 6.7.0: Easy-to-Use Multi SQL Dialect ORM for Node.js — Supports PG, MySQL, MariaDB, SQLite, & SQL Server and is fully promise-based.

Sequelize

Marble.js 4.0: Functional Reactive HTTP Middleware Framework — Based on TypeScript and RxJS.

Marble.js

crypto-hash 2.0: A Hashing Module Using the Native Crypto API in Node and Browser — Get the same hashing API in both environments. Uses the

module on Node and

in the browser.

Sindre Sorhus

jsdom 18.0: Pure JS Implementation of Various Web Standards for Use with Node

Elijah Insua

Tedious 14.0: A TDS Module for Connecting to SQL Server Databases

Mike D Pilsbury