The one with the npm security stories
source link: https://nodeweekly.com/issues/437
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Node Weekly Issue 437
🇺🇦 #437 — May 12, 2022 |
Node Weekly |
An Enhanced 2FA Experience for Your Myles Borins (GitHub) |
A Community Group for Web-Interoperable JavaScript Runtimes — Cloudflare, Vercel, Shopify and core contributors to Node and Deno have got together to form a new group around the interoperability and development of standardized Web APIs for non-browser, JavaScript-based environments. So much as browsers collaborate on features, so too can backend platforms. James M Snell |
Couchbase Capella DBaaS: Store in JSON, access with SQL — Build faster with in-memory performance, automatic replication and scaling. Try it now for free and be live in under 3 minutes. Couchbase sponsor |
Ryan Dahl on JavaScript Containers — Ryan, originally known for Node and now Deno, thinks about JavaScript as being a universal scripting language and how the JS sandbox acts as a sort of high level version of the traditional Linux container and will only become more important in the next few years. Ryan Dahl |
Mystery of Industry-Focused Backdoored npm Packages Solved — Snyk, JFrog and ReversingLabs spent a fair bit of time investigating modules that were built by an intern at a security research company researching dependency confusion. The Register |
Quick bytes:
|
What's Involved in Running a Ransomware Attack in a Node Module — What began as a learning experiment to see how difficult it would be turned into concern at how easy it was.. Charlie Gerard |
Keep Up with the Latest in Startups, Tech, & Programming in Just 5 Min TLDR Newsletter sponsor |
How We Employed The New ES Module Support in TypeScript
|
How to Use the GitHub Pulls API to Manage Pull Requests
|
Managing OAuth 2.0 User Credentials in Your Node App
|
🛠 Code & Tools
GraphQL Yoga 2.0: A Light But Fully-Featured GraphQL Server — Bills itself as the ‘easiest way to run a GraphQL server’. Yoga follows the GraphQL over HTTP spec, supports file uploaded, subscriptions over HTTP Server Sent Events, and more – plus it’ll work on Node, Deno, or even serverlessly. GitHub repo. Michał Tyszkiewicz |
Agenda 4.3: Lightweight Job Scheduling for Node — Uses a MongoDB-backed persistence layer and offers rate limiting, pause/resume, and repeatable jobs. Ryan Schmukler |
Data-Driven Edge Functions with Netlify and Polyscale.ai PolyScale.ai sponsor |
nve 15.0: Run Things With a Specific Node.js Version — Easily execute a file, command, or REPL using a specific version (or multiple versions) of Node. For example, you could run ehmicky |
Kafka.js 2.0: A Modern Apache Kafka Client — Production ready and supports Kafka 0.10+. (Kafka is a popular open source system for working with stream-processing at scale.) As the first major release in 4 years, there’s a migration guide for existing users. Túlio Ornelas |
The Official MongoDB Node.js Driver v4.6.0 — You can now define your own custom type for the top level document returned in a |
|
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK