Node 20 gets faster, approaches LTS status
#504 — October 3, 2023
Honey, I Shrunk the npm Package! — Compression is under the hood of everything on the Web today, including npm packages. But could the standard gzip approach be showing its age in both speed and effectiveness? Jamie runs a package through a few alternative options and gives an update on efforts to modernize npm’s compression defaults.
Jamie Magee
New Introduction to Node.js Course — Take your JavaScript skills to the server and gain all the skills you need to develop professional Node apps. The course covers CLIs, modules, CRUD operations, async code, testing, and more.
Frontend Masters sponsor
Node v20.8.0 (Current) Released — With only three more weeks to go until v20 becomes the active LTS version, a lot of work has been going into making Node faster. v20.8 gains some key performance improvements with regards to streams.
Ruy Adorno and the Node.js Team
ASIDES:
A variety of malicious ‘typosquatting’ packages on both npm and PyPI have been found to be stealing ssh keys from developers. Take care over what you’re installing.
On the plus side, npm provenance is now generally available (above) and the npm registry is now blocking the publishing of packages with differing name/version fields between manifest and tarball versions of package.json.
🐢 We recently mentioned that some folks are discussing the need for Node.js to have its own mascot. The discussion has continued with lots of new ideas thrown into the mix if you want to keep your eye on things or even submit your own.
Google Cloud SQL’s Node.js connector is now generally available.
Integrating Slonik with Express.js — Slonik is a type-safety focused Postgres client library for Node and its author gives a basic introduction to integrating it with an Express app. Useful snippets if you’re just getting going.
Gajus Kuizinas
Towards a Socket API That Works Across JS Runtimes — Certain runtimes have long had limitations that make creating direct TCP sockets tricky (e.g. edge functions). Earlier this year, Cloudflare introduced the connect() API for establishing TCP connections from Cloudflare Workers and now engineers from Cloudflare and Vercel have created a spec of this API, along with a Node-compatible implementation you can use straight away if you want to create universal experiences.
Picheta, Snell and Arrowood
🚨Node 16 Has Hit EOL! 🚨Need to Catch Up? — Let us help you gradually pay off your JavaScript technical debt. Collaborate with the @JSUpgrade team and upgrade your dependencies now 🚀
UpgradeJS | JavaScript Services sponsor
Best Practices for Securing Node Apps in Production — A list of fifteen straightforward and fundamental best practices for keeping your Node apps safe out there.
Zanini and Fernandez (Semaphore)
Working with a TypeScript Monorepo with NPM Workspaces — npm’s workspaces feature makes it possible to manage multiple packages within a singular top-level package/monorepo.
Dmitry Kudryavtsev
🛠 Code & Tools
instant.dev: A New Postgres-Focused ORM for JavaScript — We teased it last week, but Instant now has an official homepage. Joining a pretty busy ORM ecosystem, Instant is a newly released ORM (spun out of the Autocode platform) providing a more Ruby on Rails/ActiveRecord style experience.
instant․dev
dotenv-flow 4.0: Loads Environment Variables From Multiple .env Files — The latest versions of Node (v20.6+) have build-in .env file support but if it’s still a bit too new for you or you need extended functionality, dotenv-flow is for you. It extends dotenv into loading different .env files, such as in different scenarios like production, testing, etc.
Dan Kerimdzhanov
📰 Classifieds
📑 Learn how Temporal OSS delivers durable execution for your services and applications in this TypeScript SDK developer’s guide.
🎟️ Join Astro core team member Elian Van Cutsem to see what is new in Astro 4 at CityJS Berlin, Nov 1-3. Use discount code COMMUNITY to save 25% off.
📆 Debugging Node.js Errors Faster with Distributed Tracing – Join Sentry on October 17, to learn how to connect frontend and backend.
Tesseract.js 5.0: Pure JS OCR for 100+ Languages — A port of the C++-based Tesseract library commonly used for extract text from images. v5.0 is a pretty big deal as there are huge file size reductions resulting in a 50% decrease in runtime size, similar reductions in memory use, and it’s now iOS 17 compatible too. GitHub repo.
Tesseract Team
Gluegun: A Toolkit for Building Node-Powered CLIs — For when you want to build a CLI app and want a lot of features available ‘out of the box’. Areas covered include templating, sub-command support, colorful output, argument parsing, etc.
Infinite Red, Inc.
node-osc 9.0: Open Sound Control Protocol Library — OSC is a protocol used to communicate between media devices.
Myles Borins
Vavite 3.0: Develop Server-Side Applications with Vite — Vite is best known as a build tool closely associated with (but that doesn’t require) Vue.js but it supports transpiling server-side code too and Vavite takes advantage of this.
Fatih Aygün
Glob: Match Files Using Shell-Style Patterns — “The most correct and second fastest glob implementation in JavaScript.”
Isaac Z. Schlueter
Better-SQLite3 8.7 – Fast & simple SQLite library. Now including SQLite 3.43.1.
exiftool-vendored 23.2 – Cross-platform access to ExifTool for managing metadata in multimedia files.
AlaSQL.js 4.1.10 – Isomorphic JavaScript SQL database.
JSPyBridge 1.0.4 – Run Python from Node or vice versa.
node-usb 2.11 – Communicate with USB devices from Node.
Gitbeaker – Typed GitLab SDK for browser, Node.js, Deno and CLI.