The latest npm registry shenanigans
#516 — January 9, 2024
When ‘Everything’ Becomes Too Much: Fresh npm Package Chaos — While many of us were taking a break, some folks published an ‘everything’ package that depended upon all public npm packages, resulting in millions of transitive dependencies. This caused.. some problems. One of the folks involved also shared the story from behind the scenes.
Feross Aboukhadijeh (Socket)
The State of Benchmarking in Node.js — While Node has always been fast (thanks largely to its V8 underpinnings), there’s a renewed focus on performance in the face of benchmarks and claims from alternatives like Deno and Bun. Lars looks at the ecosystem of benchmarking options in the space.
⚡️ Talking of speed, Node performance expert Yagiz Nizipli shares a look at making improvements to Node’s loader performance.
New TypeScript Courses: Take the Learning Path — Join Mike North (Tech Lead at Stripe) for this series of brand new TypeScript courses. You’ll get hands-on practice covering both the fundamentals and advanced features like utility types and advanced generics. Learn best practices to configure and evolve your TS codebase!
Frontend Masters sponsor
MikroORM 6: The Polished, Flexible ORM — After over a year in development, MikroORM 6 is stable. It’s a TypeScript-based ORM, based around Data Mapper, Unit of Work and Identity Map patterns, with support for MongoDB, MySQL, Postgres, and SQLite. v6 adds strict partial loading, cursor-based pagination, reworked support for raw SQL fragments, an all-new Getting Started guide, plus many other DX-focused improvements.
The V8 team ended 2023 with a look at how V8 is ‘faster and safer than ever.’ The project has continued to advance, deliver more performance, and more is on the way…
In ‘other backend runtime’ news, Deno 1.39 landed with re-enabled WebGPU support, and Bun has continued to get releases at an incredible pace, most recently with Bun v1.0.21 which adds console.table support.
Supabase’s Edge Functions platform now supports npm modules and Node’s built‑in APIs.
A thorough list of JS engines, runtimes and interpreters.
Learn How to Convert Your Cron into a Schedule with Temporal — Converting Cron jobs to Temporal Schedules in the UI of your choice is very simple. See an example in our TypeScript SDK.
Temporal Technologies sponsor
The Complete Playwright Cheatsheet — Covers the basic operations involved in automating Chromium, Firefox or WebKit from Node. When we linked to the author’s Puppeteer cheatsheet, we wondered when the Playwright one might arrive. Now, it seems 🙂
🛠 Code & Tools
Dependency Cruiser 16.0: A Way to Visualize Dependencies — If you want a look at the output without running it for yourself, there’s a whole page of graphs for popular, real world projects including Chalk and Yarn. Might be an option if you’re looking to create a fun poster for your office wall..? 😆
Node Boilerplate 2.0: A Skeleton for Express Microservices — There’s a few projects like this, but Santosh has clearly put effort into maintaining this one, which provides a quick, opinionated starting point for building Web services with Node, Express, TypeScript, along with some initial tests too.
Nodemon 3: Monitor and Restart a Node App on Changes — A long-standing, classic tool: “Swap nodemon instead of node to run your code, and now your process will automatically restart when your code changes.” Remember, though, that Node now has a built in –watch mechanism which may be enough for your needs.
Oxlint: A New High Performance JS Linter — Designed to catch erroneous or useless code in zero-config fashion, Oxlint pitches itself against ESLint in terms of performance (claiming to be ’50-100 times faster’) while conceding it’s not a full replacement.
🕵️ Secretlint: A Linter to Prevent Committing Credentials — While many services, including GitHub, now detect the accidental sharing of secrets and credentials and even revoke those tokens, it’s better if they’re not in your repo in the first place. This can be used on an adhoc basis or in your CI.
c8 v9.0: Output Coverage Reports using Node’s Built in Coverage — Code-coverage using Node’s built-in functionality, that’s compatible with Istanbul’s reporters.
Benjamin E. Coe
👉 Free Temporal 101 & 102 Courses in TypeScript: Learn Temporal’s open source key concepts and best practices with our self-paced training.
Dynamoose 4.0 – Mongoose-inspired DynamoDB modelling.
DOCX 8.5 – Generate .docx/Word files from JS/TS.
TestCafe 3.5 – Automated end-to-end web testing framework.
Awilix 10.0 – Inversion of Control (IoC) container for Node.
getmac 6.6 – Get the MAC address of the current machine.
Chai 4.4 – BDD / TDD assertion framework. Now ESM only.
htmlparser2 9.1 – A fast and forgiving HTML/XML parser.
rpc-websockets 7.9 – JSON-RPC 2.0 over WebSockets.
node-geo-tz 8.0 – Geographical timezone lookup.
Umzug 3.5 – Framework agnostic migration tool.