Things people get wrong about Electron

Posted by
0

#​564 — January 28, 2025

Read on the Web

A Failed Attempt to Shrink All npm Packages by 5% — What if you could shrink all npm package sizes by 5%.. wouldn’t that benefit all of us? Here’s how one developer did just that using Zopfli compression and then made a proposal to the npm maintainers to implement it. While promising, the proposal was ultimately rejected due to a variety of challenges and trade-offs, such as slower publishing speeds. Nonetheless, it’s a good story packed with things to learn from.

Evan Hahn

Things People Get Wrong About Electron — A proud maintainer of the wildly successful Electron cross-platform app framework stands by the technical choices made over the years and defends it against some of the more common criticisms here. If an hour of Netflix is 7 gigabytes, what’s 100MB for an app?

Felix Rieseberg

Reduce Your Apache Kafka Costs + Ops Burden with WarpStream — WarpStream reduces Kafka costs by 80+% by eliminating disks and interzone networking fees and features zero ops auto-scaling. It runs in your private cloud and data is stored in your object storage buckets, so raw data never leaves your environment.

WarpStream sponsor

The January 21, 2025 Security Releases Arrived — Security updates for versions 18.x, 20.x, 22.x, and 23.x, addressing vulnerabilities including a high-severity worker permission bypass. Patches also cover path traversal issues on Windows & HTTP/2 memory leaks.

The Node.js Project

IN BRIEF:

We mentioned NestJS 11’s release last week, but now there’s a full release post explaining what’s new with the popular Node backend app framework.

Some security experts have dubbed a recent Node-related CVE warning people against using end-of-life versions of Node.js as the ‘worst CVE’ of 2024 due to being a ‘hypothetic CVE’ when there are already plenty of real ones to tackle.

Troubles with Multipart Form Data and fetch in Node — One developer’s pain in debugging somethng that ‘should have just worked’ could be your relief if you run into issues where using fetch for multipart/form-data requests simply isn’t working (due to a missing trailing CRLF).

Phil Nash

How I Open-Sourced My Secret Access Tokens from GitHub, Slack, and NPM (and Who Cared) — A developer accidentally published API tokens to npm via a misconfigured CI pipeline. npm and Slack detected and revoked said tokens, though GitHub did not. The author shares his tale and some advice.

Ivan Borshcho

Is Heroku Still Worth It in 2025? 💸 — You might want to give this guide a read — we took a tour through PaaS alley and found some worthy (💵) alternatives.

Judoscale sponsor

📄 A Deeper Look into Node.js Docker Images – Which Docker image should you choose? And just what do they contain anyway? Ivan Velichko

📄 A WebAssembly Compiler That Fits in a Tweet – A look into a fantastic little bit of hacking. And, yes, it runs in Node. Mariano Guerra and Patrick Dubroy

🛠 Code & Tools

DBOS Transact v2: Lightweight Durable Execution in TypeScript — An open source library for lightweight durable execution built on Postgres. Durable execution means persisting the execution state of your program while it runs, so if it’s interrupted or crashes, it resumes from where it left off – ideal for long-running or business-critical workflows. Docs.

DBOS, Inc.

Bun 1.2: A Big Step Forward for the Fast JS/TS Runtime — I know it’s not Node, but JavaScriptCore based Bun continues to up the server-side runtime game with major strides forward in Node.js compatibility in particular with this release. I often try Node scripts with bun and it Just Works™ – this is a good thing.

Ashcon Partovi and the Bun Team

🎨 node-canvas 3.1: A Cairo-Backed Canvas Implementation — We recently linked to Skia Canvas, a Skia and GPU-powered canvas drawing API for Node, but node-canvas is the longer standing library and is particularly easy to deploy and use, especially as it no longer has libuv or V8 dependencies.

Automattic

Emittery: A Simple, Modern Async Event Emitter — A small, async event emitter for Node and the browser, and now with support for AbortController.

Sindre Sorhus

Nock 14.0 – HTTP server mocking and expectations library.

pnpm 10.1 – The alternative, efficient package manager.

Poku 3.0 – Cross-platform JavaScript test runner.

np 10.2 – A better npm publish. Adds support for Bun’s new lock file.

Node File Router 0.7 – File-based routing for API services.

JSPyBridge 1.2.2 – Run Python from Node or vice versa.

OpenAI Node 4.80, Undici 7.3, ESLint 9.19.0

📰 Classifieds

Protect your SaaS app with advanced device fingerprinting from WorkOS Radar. Stop fake signups, free tier abuse, bot attacks and brute force attempts today.

🚀 Master Fullstack, JS Backends & DevOps at Node Congress 2025! Join 5K devs worldwide on April 17-18. 2 days of talks & workshops!

📢  Elsewhere in JavaScript

A quick roundup of some of other interesting stories in the broader JavaScript landscape, in case you’ve missed them:

🗓️ Implementations of the Temporal object are beginning to appear in experimental browser releases. Brian Smith takes a look at how Temporal will modernize the way we deal with dates in JavaScript.

🕒 On the topic of time, Iago Lastra ponders: how long is a second in JavaScript? Luckily most of the time you won’t need to worry about the complexities explained here.

Node competitor Deno (they share a dad!) did a 2024 roundup of what happened with Deno with a large focus on Node and npm compatibility.

Nicholas C. Zakas took a look back at the year 2024 and what happened with ESLint during the year.

SRCL is a neat new suite of React components for creating webapps with a monospaced, terminal-style aesthetic.

Categories: Javascript

Related Posts

  • #​723 — February 14, 2025 Read on the Web JavaScript Weekly Style Observer: A Library to Observe CSS Property Changes — Lea Verou is a developer who’s easy to admire because whenever she sets out to solve a problem, the results are always fully formed with no cut corners. So it goes with this ‘exhaustively tested’

    Posted by
    0

  • #​566 — February 11, 2025 Read on the Web 🏖️ We’re taking next week off, so the next issue will be on Tuesday, February 25. Feel free to hit reply and send in any submissions!__Peter Cooper, your editor. How to Publish ESM-Based npm Packages with TypeScript — Now that you can use the ES modules

    Posted by
    0

  • #​722 — February 7, 2025 Read on the Web JavaScript Weekly Oracle Claims ‘JavaScript’ Isn’t a Generic Term, and More — In this ‘motion to dismiss’ Oracle has responded to Deno’s attempt to prove Oracle shouldn’t hold the JavaScript™ trademark with the argument that “relevant consumers do not perceive JAVASCRIPT as a generic term” (does Oracle

    Posted by
    0

  • #​565 — February 4, 2025 Read on the Web Announcing TypeScript 5.8 Beta: A Big One for Node Developers — It’s unusual for a TypeScript beta to be exciting for Node developers in particular, but while TypeScript 5.8 is low on features generally, it’s really Node focused with support for require() of ES modules in the

    Posted by
    0

  • #​721 — January 31, 2025 Read on the Web JavaScript Weekly Things People Get Wrong About Electron — A long-time maintainer of the wildly successful Electron cross-platform app framework stands by the technical choices Electron has made over the years and defends it against some of the more common criticisms here. Felix Rieseberg Standard Schema: A

    Posted by
    0

  • #​720 — January 24, 2025 Read on the Web JavaScript Weekly Bun 1.2: A Big Step Forward for the Fast JS/TS Runtime — The JavaScriptCore-based Bun continues to up its server-side runtime game with strides forward in Node.js compatibility, performance boosts, and new APIs for interacting with S3 and S3-like object stores as well as

    Posted by
    0

Leave a Reply

Your email address will not be published. Required fields are marked *

Generated by Feedzy