Digging into dependencies with npm query

#​457 — October 6, 2022

Read on the Web

Together with 

An Active Typosquatting Campaign Targeting npm Users — Security supply chain company Phylum detected a campaign to ‘typosquat’ against a variety of high profile packages. The idea behind typosquatting is that you claim package names similar to others, such as ‘expresss’ for express or ‘ignroe’ for ignore. The discovered packages were removed from the npm registry but this is an issue to keep an eye out for.

Louis Lang (Phylum)

Axios 1.0: A Reasonably Popular HTTP Client Library — We thought you’d like an understatement.. 😁 With 96k GitHub stars and a presence in many thousands of apps, Axios is very popular and it’s amazing it’s just now reached 1.0. The Fetch API has taken much of its thunder, but like jQuery, it wraps up a lot of functionality into a broadly liked API. v1.0 has lots of minor tweaks and enhancements, but is mostly business as usual. (Official homepage.)

Axios Project

New Node.js API from a Google Ventures-Backed Notifications Infrastructure Service — Contacting your users should be simple. That’s why we built Courier. With a single request you can contact your users on multiple channels. Even better, you can schedule notifications and route to the best contact method. Try it today.

Courier.com sponsor

▶  Using npm query and jq to Dig Into Your Dependencies — npm 8.18.0 introduced the ‘npm Dependency Selector Syntax’ and the npm query to use it to be able to programmatically query a project’s dependencies. In this video, Elijah shows us how and why we’d actually use it. (5 minutes.)

Elijah Manor

The New Test Framework Built-In to Node 18.8+ Explained — We’ve mentioned it a few times, but here’s a bit more of a guided introduction to Node’s new ‘no-dependencies-required’ way to run test suites.

David Herron

Announcing TypeScript 4.9 Beta — This is a very ‘satisfy’-ing update that introduces the satisfies operator for when you want to validate a type of an expression matches some type but without changing the actual resulting type. The in operator also becomes more powerful when narrowing types with unlisted properties.

Daniel Rosenwasser (Microsoft)

Best Practices for Creating a Modern npm Package — Learn how to create modern and sustainable npm packages using these best practices. Check it out now.

Snyk sponsor

On Quality Code: Node.js Design Patterns and Performance — A written transcript of an interview with Luciano Mammino, the author of Node.js Design Patterns, covering all sorts of areas from serverless architecture to design patterns and streams.

Raz Cohen (Sprkl)

Ten Best Practices to Containerize Node Apps with Docker — Production-grade guidelines for building optimized and secure Node-based Docker images whether for microservices, server-side rendering, or stand alone apps. Now with a fresh PDF cheatsheet.

Liran Tal and Yoni Goldberg

Routing Postgres Queries Between Read-Write and Read-Only Instances
Gajus Kuizinas

Hosting a Ghost 5 Site on Fly.io’s Free Tier in Two Minutes
Curiositry

🛠 Code & Tools

zx 7.1: Google’s Tool for Easier Scripting with Node.js — The idea is simple: use JavaScript instead of bash or similar shell scripting. zx smoothes off the rough edges (see the README for examples). v7.1 introduces a new --install option that will detect and install all required/imported packages for a script making it even easier to use.

Google

Serverless-Postgres 2.0: Manage Postgres Connections at Serverless Scale — An interesting alternative to proxying large numbers connections to Postgres that, as long as you’re using a library built on top of node-pg, keeps things organized from your app itself.

Matteo Gioioso

Get Real-Time Tracking and Monitoring for All of Your Tests

Buildkite Test Analytics sponsor

Sharing 1.0: Tool to Share Directories with iOS / Android Devices — Basically a simple file server that spits out a QR code you can scan to access files from your mobile devices on the same network.

parvardegr

💻 Jobs

Full Stack Engineer (EU Remote or Relocate to Berlin) — We’ve built a product thousands of people love (see Trustpilot if you don’t believe us). We need your help with React, GraphQL & TypeScript.
Feather

Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
Hired

Related Post

The ins and outs of ‘bin’ scriptsThe ins and outs of ‘bin’ scripts

<table border=0 cellpadding=0 cellspacing=0 align="center" border="0"> <tr><td style="font-family: -apple-system,BlinkMacSystemFont,Helvetica,sans-serif; font-size: 15px; line-height: 1.55em; "> <div> <table border=0 cellpadding=0 cellspacing=0 border=0 cellpadding=0 cellspacing=0><tr> <td align="left" style="padding-left: 4px; font-family: -apple-system,BlinkMacSystemFont,Helvetica,sans-serif; font-size: 15px; line-height:

Using ML to rewrite a test suite to PlaywrightUsing ML to rewrite a test suite to Playwright

<table border=0 cellpadding=0 cellspacing=0 align="center" border="0"> <tr><td style="font-family: -apple-system,BlinkMacSystemFont,Helvetica,sans-serif; font-size: 15px; line-height: 1.55em; "> <div> <table border=0 cellpadding=0 cellspacing=0 border=0 cellpadding=0 cellspacing=0><tr> <td align="left" style="padding-left: 4px; font-family: -apple-system,BlinkMacSystemFont,Helvetica,sans-serif; font-size: 15px; line-height:

Getting Rusty with Node, but in a good wayGetting Rusty with Node, but in a good way

<table border=0 cellpadding=0 cellspacing=0 align="center" border="0"> <tr><td style="font-family: -apple-system,BlinkMacSystemFont,Helvetica,sans-serif; font-size: 15px; line-height: 1.48em; "> <div> <table border=0 cellpadding=0 cellspacing=0 border=0 cellpadding=0 cellspacing=0><tr> <td align="left" style="padding-left: 4px; font-family: -apple-system,BlinkMacSystemFont,Helvetica,sans-serif; font-size: 15px; line-height: