Node 20 gets faster, approaches LTS status
#504 — October 3, 2023
Honey, I Shrunk the npm Package! — Compression is under the hood of everything on the Web today, including npm packages. But could the standard gzip approach be showing its age in both speed and effectiveness? Jamie runs a package through a few alternative options and gives an update on efforts to modernize npm’s compression defaults.
Frontend Masters sponsor
Node v20.8.0 (Current) Released — With only three more weeks to go until v20 becomes the active LTS version, a lot of work has been going into making Node faster. v20.8 gains some key performance improvements with regards to streams.
Ruy Adorno and the Node.js Team
A variety of malicious ‘typosquatting’ packages on both npm and PyPI have been found to be stealing ssh keys from developers. Take care over what you’re installing.
On the plus side, npm provenance is now generally available (above) and the npm registry is now blocking the publishing of packages with differing name/version fields between manifest and tarball versions of package.json.
🐢 We recently mentioned that some folks are discussing the need for Node.js to have its own mascot. The discussion has continued with lots of new ideas thrown into the mix if you want to keep your eye on things or even submit your own.
Google Cloud SQL’s Node.js connector is now generally available.
Integrating Slonik with Express.js — Slonik is a type-safety focused Postgres client library for Node and its author gives a basic introduction to integrating it with an Express app. Useful snippets if you’re just getting going.
Towards a Socket API That Works Across JS Runtimes — Certain runtimes have long had limitations that make creating direct TCP sockets tricky (e.g. edge functions). Earlier this year, Cloudflare introduced the connect() API for establishing TCP connections from Cloudflare Workers and now engineers from Cloudflare and Vercel have created a spec of this API, along with a Node-compatible implementation you can use straight away if you want to create universal experiences.
Picheta, Snell and Arrowood
Best Practices for Securing Node Apps in Production — A list of fifteen straightforward and fundamental best practices for keeping your Node apps safe out there.
Zanini and Fernandez (Semaphore)
Working with a TypeScript Monorepo with NPM Workspaces — npm’s workspaces feature makes it possible to manage multiple packages within a singular top-level package/monorepo.
🛠 Code & Tools
dotenv-flow 4.0: Loads Environment Variables From Multiple .env Files — The latest versions of Node (v20.6+) have build-in .env file support but if it’s still a bit too new for you or you need extended functionality, dotenv-flow is for you. It extends dotenv into loading different .env files, such as in different scenarios like production, testing, etc.
📑 Learn how Temporal OSS delivers durable execution for your services and applications in this TypeScript SDK developer’s guide.
🎟️ Join Astro core team member Elian Van Cutsem to see what is new in Astro 4 at CityJS Berlin, Nov 1-3. Use discount code COMMUNITY to save 25% off.
📆 Debugging Node.js Errors Faster with Distributed Tracing – Join Sentry on October 17, to learn how to connect frontend and backend.
Tesseract.js 5.0: Pure JS OCR for 100+ Languages — A port of the C++-based Tesseract library commonly used for extract text from images. v5.0 is a pretty big deal as there are huge file size reductions resulting in a 50% decrease in runtime size, similar reductions in memory use, and it’s now iOS 17 compatible too. GitHub repo.
Gluegun: A Toolkit for Building Node-Powered CLIs — For when you want to build a CLI app and want a lot of features available ‘out of the box’. Areas covered include templating, sub-command support, colorful output, argument parsing, etc.
Infinite Red, Inc.
Vavite 3.0: Develop Server-Side Applications with Vite — Vite is best known as a build tool closely associated with (but that doesn’t require) Vue.js but it supports transpiling server-side code too and Vavite takes advantage of this.
Isaac Z. Schlueter
exiftool-vendored 23.2 – Cross-platform access to ExifTool for managing metadata in multimedia files.
JSPyBridge 1.0.4 – Run Python from Node or vice versa.
node-usb 2.11 – Communicate with USB devices from Node.
Gitbeaker – Typed GitLab SDK for browser, Node.js, Deno and CLI.