Node.js Digest #8: Official Node.js mascot, Deno JSR, Node.js documentary, Node.js without npm
Hello, community! Oleksandr here and that means it's time for a new issue of the Node.js digest. So, without further ado, let's get right into the news ???
Brief highlights
??Another update of Node.js v21.7.0, this time allowing the upload of .env files along with many other fixes, as usual.
??An update to drizzle-orm v0.30.1 has been released, introducing support for the op-sqlite driver.
??OpenJS Foundation undertook to standardize package .json.
??TypeScript v5.4 has been officially released, bringing numerous updates. Among the most interesting ones, in my opinion, are the support for Object.groupBy and Map.groupBy methods, as well as the NoInfer type ??.
??Release of Bun v1.0.30, with many bug fixes.
??Express is back in the game, more lively than ever, and has received some minor updates after over a year of radio silence.
Node.js now has a mascot
Indeed, it has happened, and Node.js has its very own mascot! ???????
Now, you can buy t-shirts, stickers, backpacks, and notebooks featuring this lovely turtle (although it's not guaranteed).
Community opinions on the official mascot have been somewhat divided; you can read more about it here. A lot of people have pointed out that the mascot is a bit cartoonish and unserious compared to those of other languages, which I partly agree with. However, this is a great event in the world of Node.js, so congratulations to all of us! By the way, share your thoughts on the new official mascot in the comments.
Node.js without npm?
In their blog, Socket company shared the ongoing debate about the future of Node.js and npm in the Technical Steering Committee. It all started with a proposal to enable Corepack by default, which would let developers use alternative package managers – yarn, pnpm, and, of course, npm – without needing to install them.?
However, the discussion smoothly shifted from Corepack, already included in the latest Node.js bundles, to npm's uniqueness and whether it should be separated entirely from the Node.js bundle.
There is no unanimity on the matter, and the discussion is still ongoing, but we can rest easy for now. It's now evident that removing npm from the main bundle is unlikely. Firstly, it's a significant change, and it's doubtful the community would agree. Secondly, Node.js and npm form a synergy, making them one of the largest platforms in terms of packages and contributors. So, is it worth disrupting all this?
To calm everyone down, I'm adding a post from Rafael Gongaza. Due to his involvement in the platform, he has a better understanding and vision of what lies ahead of us:
Deno JSR
The Deno team keeps surprising and developing their platform. This time, they announced early access to a new npm alternative – the JavaScript Registry.
In their article, the team clearly explains why they created JSR and why it might be time to rethink the role and move away from exclusively using npm for module work. Their points make sense, especially considering numerous reports on attacks exploiting npm's vulnerabilities.
What I liked most about the new JSR is the quality assessment. With shared metrics to evaluate each package, it's easy to determine if it meets your needs.
Furthermore, you can write packages directly in TypeScript and upload them to JSR, which is a truly cool and cutting-edge solution. Developers also claim that JSR modules can be utilized in Node.js + npm projects.
You can read the community's opinions on it here.
Netlify's horror stories
This month, I stumbled upon a website that might seem like a nightmare for those using Serverless services.
领英推荐
Well, I came across this site because of a tweet on X.com about a heart-stopping bill from Netlify — $104k. If we go into more detail, one day, a user of the Netlify platform received a friendly email notifying them of a small debt for using the platform resources: $104k. Upon investigation, it was found to be a targeted DDoS attack. In such cases, Netlify typically asks for a 20% payment, but they agreed to reduce it to 5% of the total bill due to the significant amount. When the user refused to pay even that much and posted about it on Reddit, Netlify eventually canceled the bill. But all in all, it's a scary situation ??. The full story is here.
Must-read
??Rafael Gongaza, mentioned earlier, has shared his retrospective view on Node.js in 2023.?
??Wondering who's faster: Node.js, Bun, or Deno? Kitson P. Kelly conducted research on this matter.
??Have you heard of LLRT? If not, now's the perfect time to learn about it and find out which is faster in AWS Lambdas: Node.js or LLRT.?
??Yet another article has been published about why it's important to be careful, especially with pre-install and post-install scripts.
??A compilation of the latest updates in V8 on the AppSignal company blog.
??Alex Hari shares his ideas on what to do if you can't use TypeScript but really want to.
??If you're curious about what's in store for Express in the future and where the library is going, you can read the discussion on this topic at the link.
??And here you can discover what interesting things await us in the Set structure in the near future.
Must-see
??A fairly large and detailed tutorial on using AWS Amplify Gen2:
??Are you in the dark about Drizzle ORM? Check out a short video to get a sense of what it's all about:
??Here's a snippet about deployment from Web Dev Cody:
??Best practices for configuring AWS Lambda:
??A closer look at the situation with Node.js and npm by Theo Brown:
??A video for those who haven't heard of LLRT – a new JavaScript runtime environment from AWS:
??Soon, the world will see a documentary about Node.js. In the meantime, you can take a look at the trailer ??????
Library of the month
BBC isn't just about news; they also contribute to open-source projects. This month, check out their library, which makes working with SQS easier, especially if you're already using the AWS SDK.
That's it for now. Leave your comments, share this digest with friends, and ask questions if you have any. See you in April! ??