Back to News
8 min read

Node.js Digest #6: Deno news, Node.js updates and insights, npm under attack again

Node.js Digest #6 by Oleksandr Zinevych

Hello, community! Welcome to the new, Christmas edition of the digest πŸ‘‡

By the way, I hope everyone remembers that December marks the anniversary of JavaScript? If not, hurry up and read the digest to get a bit nostalgic and catch up on the latest news from the Node.js world!

Key highlights

πŸ”Ή As always, there are updates to Node.js. This time the new version v.21.4.0 includes an update for fs.writeFileSync, making this function up to 2.5 times faster than before. Updates were also released for v.20.10.0(LTS) and v.18.19.0(LTS).

πŸ”Ή The new version Prisma v.5.6.0 includes fixes for Prisma Client, Prisma Migrate, and driverAdapters released in version 5.4.0, as well as a new prisma debug command.

πŸ”Ή The drizzle-orm team released a new version of one of the most popular ORMs in the Node.js world. A lot of work has been done, and you can check out the detailed list of all improvements and new features in version 0.29.0 here.

πŸ”Ή The official release of TypeScript 5.3 has landed. You can review all the new features as well as breaking changes in the official announcement.

πŸ”Ή The Serverless framework announced that the new version v.4 will include support for so-called extensions. According to the authors, in the near future there will be a marketplace where you can purchase extensions for various needs, such as ready-made AI service integrations, deploying a website on AWS, and more. The ability to develop such extensions and reserve names is already available. So if you want some passive income, hurry up and read about the new functionality here, or watch a short review here.

πŸ”Ή Node.js 20.x is now available in AWS Lambda and AWS Lambda@Edge. More details in the AWS blog post.

JavaScript anniversary

On December 4, 1995, a press release was published in which Netscape announced the arrival of JavaScript as a new language for customizing applications on the Internet, with 28 industry giants expressing their support.

This may not be a full-fledged birthday, but it is certainly a landmark date for all of us β€” the community that works with JavaScript on the front end and back end, for building mobile and desktop applications, writing tests, and describing infrastructure. The press release itself is available in the archive.

Deno Cron

The Deno platform keeps moving forward, and in almost every digest we mention how they are trying to reinvent the wheel simplify web development. This time they developed their own mechanism for writing cron jobs β€” Deno Cron. At the time of writing this digest, this functionality is only available with the --unstable flag, but it already works with Deno Deploy and is visualized on the Deno Dashboard, where you can view your jobs, information about them, and details about the last and next runs.

As usual, the code side of things is straightforward. A basic job can look like this:

It is not entirely clear how this works locally, but Deno Deploy, as always, works its magic by deploying everything in the cloud.

Since the feature is new, the Deno team is actively asking the community to share feedback, which the community is doing here. You can read more about the feature itself here.

On a personal note, this pace of platform development is really impressive, even considering that all these features will be monetized one way or another.

Node.js insights

Matteo Collina shared in his blog that at the latest unofficial collaborators summit held during the NodeConf.eu conference, he and his colleagues realized that to make certain decisions they lacked an understanding of which Node.js versions are being used and on which systems. That is why Matteo prepared the corresponding statistics.

The first and perhaps biggest problem that is immediately apparent is that users are not updating Node.js on time. That is why in every digest I remind you that timely updates are the key to the security and stability of your applications πŸ˜‰

Another interesting observation is that the number of users on Windows is not as small as one might think:

Additionally, January saw a record number of Node.js downloads β€” 131 million.

You can read the full article, along with links to various talks by Matteo, here.

Npm vs Hackers

A very interesting case of a hacker attack using npm was reported by the Phylum team. In early November, some packages caught their attention that had been published on npm and contained an encrypted blob, which could only be decrypted using certain local machine data. You can read more about how it all worked here.

The interesting part: these packages turned out to be not actually malicious but pseudo-malicious, as they were developed by a specialized team (red team) that was simulating a hacker attack within a company. This particular story has a happy ending because no actual hacking took place. However, it serves as yet another reminder to all of us to be cautious with the npm packages we use.

Something to watch

  • Since 2023 is coming to an end, I recommend this short overview of technology trends that will most likely be popular in 2024:

  • Why is endpoint versioning important? Web Dev Cody's channel has the answer to this question:

  • Edge Computing, deploying applications at the Edge, etc. β€” a fairly popular topic in modern Node.js development (and beyond). Theo Browne explains why Edge is not always a good idea:

  • AWS re:Invent 2023 recently took place. As always, discussions covered everything related to AWS news, trends, tendencies, and best practices. Recordings are already available on the official channel, so I recommend setting aside some time to watch them, as there is a lot of interesting content. Here are a few notable talks:

  • A bit more about Serverless and how this approach is used at Lego:

  • A short tutorial on how to build a REST API using Nest.js, Prisma ORM, and Neon Postgres:

  • To lift your spirits, I recommend watching a new video on ThePrimeTime channel about how to improve performance in Node.js:

Something to read

πŸ”Ή Bun has not gone anywhere and continues to actively develop as a technology. In his article, Jeffrey Faden shares his own thoughts on Bun.

πŸ”Ή The AppSignal company blog, as always, has a lot about Node.js development, this time about profiling.

πŸ”Ή An interesting article about Session Fixation attacks and how to prevent them in Node.js.

πŸ”Ή Still think JS is single-threaded? Here is an article about how to achieve multithreading in JS.

πŸ”Ή A bit more about how Deno is developing its platform for monetization, adding more and more new features. This time they added Deno Subhosting β€” here is the corresponding post on the official Deno blog.

πŸ”Ή Luca Mezzalira talks about how they improved AWS Lambda startup. A bit of a long read, but it will be interesting for all serverless enthusiasts.

πŸ”Ή Liran Tal spoke at the Node.js fwdays conference a couple of weeks ago, but today I will share one of his recent posts on his personal blog about best practices for working with configuration in Node.js applications.

πŸ”Ή Here is a brief overview of how AWS Lambda scaling has been improved by up to 12 times for certain use cases.

πŸ”Ή A comprehensive tutorial on automating the deployment of a Node.js application using CouchDB, Aptible, and GitHub Actions was published on Hackernoon.

Library of the month

This month's featured library from me is drizzle-orm. Simply because it is a Ukrainian-made project (which was a surprise to me) that is one of the leading ORMs for Node.js. πŸ‡ΊπŸ‡¦

The team presented at the December Node.js fwdays and talked about where their product currently stands and what their future plans are. I hope that some readers of this digest were able to attend the event in person. For those who could not, look forward to the video being published on the official fwdays channel, and even better β€” join and support the drizzle-orm team by becoming sponsors πŸ˜‰

And so the last Node.js digest of this year comes to an end. I am going on a short break and will be back in February. Do not forget to share this post with friends and leave your feedback in the comments.

I would especially like to thank all readers for their attention, and I also look forward to your comments about what was the most significant event in the Node.js world in 2023 for you?

Happy holidays to everyone, and see you in the New Year 2024!

Like the digest? Subscribe to the author to receive notifications about new posts via email.