Running WebAssembly apps inside Node.js
#554 — November 5, 2024
Why Code Security Matters – Even in Hardened Environments — A beautifully illustrated deep dive (and it really is deep) into a technique that allows malicious parties to turn a file write vulnerability in a Node app into a remote code execution exploit even when the file system is mounted read-only.
Stefan Schiller (Sonar)
Wasmer Adds Node.js and Bun Support — Wasmer is a fast, Rust-powered WebAssembly runtime and as of Wasmer 5.0, it has (experimental) V8 backend support, meaning you can try all sorts of curious things like, say, running Clang or Python inside Node.js..
Syrus Akbary
Move Fast and Fix Things with Honeybadger — Honeybadger transforms your logs into rich events and helps you fix issues before your users know what happened. Get notified instantly and find the root cause faster with your application errors and logs in one place. Try our free plan!
Honeybadger sponsor
📈 NPM Chart: Search for a Package to See Its Download Stats Over Time — The tool allows you to customize the data by selecting a color theme, monthly or weekly view, and a start date. You can download as SVG or PNG or share as a direct link. The charts are attractive and well suited to dropping into a blog post, README, or presentation.
Sébastien Chopin
IN BRIEF:
🇨🇦 If you’re near Vancouver, check out Vancouver.dev and Platformatic’s Vancouver Node.js Meetup taking place on November 11.
⚠️ Phylum takes a look at yet another (ongoing) typosquatting campaign to try and trick JavaScript developers into installing malicious packages.
If you missed the recent release of Node 23 (latest), RisingStack has a quick update of Node 23’s new features.
Josh Sherman is back with his regular VPS showdown pitting the performance of Digital Ocean, Linode and Vultr against each other.
Building My Resume in HTML with Eleventy — Eleventy (a.k.a. 11ty) is a popular Node.js-based static site generator and gives you a very familiar feeling developer experience.
Michael Engen
Revamping a Five-Year Old Node.js Project — It’s a tale as old as time. Your company has built a fast and reliable app which has done its job so well that it hasn’t been touched in years and suddenly you’re asked to rewrite it.
DongDong Zhang
Reduce Your Apache Kafka Costs by 80+% — Kafka with no local disks or interzone fees, zero ops auto-scaling and in your cloud with no cross-account access.
WarpStream sponsor
📄 How to Build Smaller Container Images: Docker Multi-Stage Builds – Including “How NOT to organize a Node.js application’s Dockerfile”. Ivan Velichko
📄 Securing Your Express REST API with Passport.js – A modern take on a classic task. Huseyin Babal
📄 Deprecating Node.js REST APIs in 6 Frameworks Adrian Machado
🛠 Code & Tools
Faker 9.2: Generate Massive Amounts of Fake Data — Names, bios, addresses, zip codes, dates, monetary amounts, transactions and, as of v9.2, pet names and roman numerals! I love the guided DevTools console based demo you can try – an idea other projects should consider. GitHub repo.
Faker.js Team
📂 Yauzl: Yet Another Un-ZIP Library for Node — One of those libraries you might not have heard of but which is getting 15 million downloads a week due to being depended upon by popular projects. Yauzl keeps it simple and just provides safe, async unzipping of ZIP archives. Yazl is its counterpart for making ZIPs.
Josh Wolfe
Edge.js: Run .NET and Node.js Code In-Process — Call .NET functions from Node.js and Node.js functions from .NET and Edge.js takes care of marshalling the data properly. Works with .NET Core on Windows, macOS and Linux.
agracio / Tomasz Janczuk
📰 Classifieds
🪝Hookdeck: The Amazon EventBridge Alternative. Receive, authenticate, transform, filter, route, and send messages across your EDAs.
👋 Tired of handling failures and outages? Let Temporal keep your code running flawlessly. Start on Temporal Cloud with $1,000 in free credits.
Searching for an easier search? Typesense is an open-source alternative to Algolia and Elasticsearch that’s dev-friendly, fast and free.
Fraction.js: Library for Working with Rational Numbers — The imprecise representation of floating point numbers can lead to all sorts of problems, so if you’re working with fractions at all, you might want a little more precision, which Fraction.js offers.
Robert Eisele
💬 The Lounge: A Modern, Self Hosted Web-Based IRC Client — It’s been a few years since we linked to this, so we felt it was about time. It’s a self-hostable Node-powered webapp that acts as a client to IRC chat servers (potentially handy to roll your own self-hosted community chat or support channel).
The Lounge
🐘 pg-dump-parser: Parses Postgres Dump Files into Arrays of Schema Objects — Takes a Postgres database dump, splits it up, and turns the table and view structures into a format you can more easily work on from code (or just use as a reference or check into version control).
Gajus Kuizinas
zx 8.2 – Google’s tool for better Node shell scripting. v8.2 adds delayed piping and promisified streams.
ESLint v9.14.0 – Now with support for ES2025 Import Attributes and regexp modifiers.
🤖 node-llama-cpp 3.2 – Run AI models locally with Node.js llama.cpp bindings.
🤖 OpenAI Node 4.71.0 – Adds support for OpenAI’s new predicted outputs feature.
Happy DOM 15.9 – JS implementation of a web browser sans UI.
TestCafe 3.7 – Automated end-to-end web testing framework.
Fastify 5.1 – The fast, low overhead Node web framework.
Mongoose 8.8 – Popular MongoDB object modeling library.
Strapi 5.2 – Popular Node.js headless CMS.