Why Node permissions are experimental for now

#​492 — June 27, 2023

Read on the Web

Kysely: A Type-Safe SQL Query Builder — Inspired by Knex and targeting Node, it also works in Deno and the browser. It boasts a good autocomplete experience thanks to its fluent API. GitHub repo.

Sami Koskimäki

The June 20 Node.js Security Releases — As we suggested last week, the Node.js 16.x, 18.x, and 20.x lines all got updates in the form of v20.3.1 (Current), v18.16.1 (LTS), and v16.20.1 (LTS). The vulnerabilities are explained in the post and are primarily related to OpenSSL or the use of the experimental permissions feature behind the

flag. (This is why it’s an experimental feature, while initial weaknesses are discovered and fixed.)

Rafael Gonzaga

A Day in the Life of an Ethical Hacker — Ethical hackers proactively identify security weaknesses before they can be exploited by malicious actors. Learn practical steps for getting started with ethical hacking, from reconnaissance and vulnerability exploitation to responsible disclosure.

Snyk sponsor

A Look at TypeScript 5.2’s New Keyword:

—

brings something akin to Python’s

context management into TypeScript with a way to automatically run a function when an object leaves scope. You could use it to shut down a database connection, close file handles, etc.

Matt Pocock

ASIDES:

• NPM NASTIES: On Twitter, Feross Aboukhadijeh takes us on an illuminating, if mildly depressing, 🐦 tour of some of the worst malware that Socket detected landing on npm recently.

• SAFER ACTIONS: GitHub has a new tool to secure your GitHub Actions. It monitors your workflows and recommends the minimum permissions they really need to run.

• NESTJS v10: We mentioned the release of NestJS v10 last week, but somehow missed the official NestJS v10 release post that goes into more detail of what’s new in the popular server-side Node framework.

• 11TY NEWS: Zach Leatherman, the creator of the Eleventy (11ty) static site generator, says that due to the conclusion of Netlify’s (appreciated) sponsorship of the project, Eleventy will be returning to ‘side project’ status. If you’re a user, there’s a community survey to help guide what Zach does next.

A Look at the Architecture of an Early Stage SaaS — Feelback is a hosted feedback collection app and their team explains their app’s architecture in detail. Their API is built on Node, hosted on Fly, with a React SPA up front.

Feelback Team

An Intro to Command Injection Vulnerabilities — Think SQL injection but with commands. If your app, or even one of its dependencies, constructs commands from user/third party input and runs them locally, there’s potential for trouble.

Liran Tal

How to Create a Multi-Region Node.js Lambda API — …using Serverless Framework and pairing it with a serverless multi-region CockroachDB database.

Paul Scanlon (Cockroach Labs)

Using PlanetScale with Serverless Framework Node Apps on AWS

Matthieu Napoli (PlanetScale)

🛠 Code & Tools

Nightwatch.js 3.0: End-to-End Web Testing Framework — v3 includes some new selectors, features a revamped experience, lets you test Angular components in isolation, adds test double support for unit tests, and more. GitHub repo.

BrowserStack Limited

☕️ Along similar lines, TestCafé 3.0 has also been released. It takes a more direct approach than Nightwatch’s Selenium-derived WebDriver API approach, and v3.0 has added support for directly driving Chromium-based browsers over the Chrome DevTools Protocol.

Shiki: A Syntax Highlighter Using VS Code Themes — Supports over 100 languages and you can specify a VS Code theme in the settings to get the look you want. Works in both Node.js and even on static sites (via a CDN build) and you can see some examples here.

Shiki

Save $1 Off Your Next Domain Name Registration at Porkbun.com — Create your next project on a domain from Porkbun.com. The best prices, services, and support of any domain registrar!

Porkbun.com sponsor

google-spreadsheet 4.0: Interact with Google Sheets — Sheets is Google’s cloud-based spreadsheet app and it has an API so you can work with documents from your own code.

Theo Ephraim

DerbyJS 2.1: Mature MVC Web Framework — It’s never been the most popular option, but at 12 years old, Derby has lived through most of Node’s history and remains an option for building realtime, collaborative apps. GitHub repo.

Nate Smith et al.

Node Dependency Management UI for VS Code — Supports npm, yarn, pnpm and lets you manage dependencies from the VS Code sidebar with a few extra features. Visual Studio Marketplace listing.

Kasper Mikiewicz

• DOCX 8.1
  ↳ Generate Word /

  1

  .docx

  documents from JS. (90 demos!)

• BullMQ 4.1
  ↳ Redis-based distributed queue for Node.

• Octokit.js 2.1
  ↳ Batteries-included GitHub SDK.

• PureORM 4.0.1
  ↳ ORM that maps SQL query results to objects.

• Wallpaper 7.0
  ↳ Get / set desktop wallpaper cross-platform.

• N|Solid v4.9.4