May 31, 2022

Supply chain security and other Adventures in Nodeland - Issue #61

Matteo Collina

Hi Folks, this week come with a supply chain incident originating from a very old npm data dump. Read up the cover story from the GitHub blog. There are plenty of other news too.. so read up!

Next week I will be in Austin for OpenJS World, so the usual Monday newsletter might be skipped!

npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog

On April 15, we published a blog detailing an attack campaign utilizing stolen OAuth user tokens issued to two third-party GitHub.com integrators, Heroku and Travis CI. The npm organization on GitHub.com was impacted by this campaign and we have been actively investigating the impact of this attack on npm since April 12.

github.blog

Fastify

The path for Fastify v4 is coming to an end and I plan to ship it next week during OpenJS World in Austin. What can go wrong? Wish me luck! We had quite a few releases lea to that model:

Other modules

There were quite a few more releases in other modules here they are:

patch-package

Hint: in case you need to patch a module inside node_modules, you can always use patch-package.

www.npmjs.com

News

Migrating millions of lines of code to TypeScript

Stripe migrated all their codebase to TypeScript! Read up the story!

stripe.com

The road to universal JavaScript

Universal JavaScript. JavaScript that works in every environment. JavaScript that runs on both the client and the server, something thinking about for years (see 1, 2). Where are we now?

fettblog.eu

Airbnb’s Microservices Architecture Journey To Quality Engineering

Are MicroService the ultimate architecture? What comes next? Let’s study the Airbnb usecase!

medium.com

Building data-centric apps with a reactive relational database

Building apps is too hard. Even skilled programmers who don’t specialize in app development struggle to build simple interactive tools. We think that a lot of what makes app development hard is managing state: reacting and propagating changes as the user takes actions.

riffle.systems

Announcing TypeScript 4.7

TypeScript v4.7 ships supports for ESM and many other improvements, read up!

devblogs.microsoft.com

Partners

This Week in React: the best of React & React Native news. Sebastien filters the noise, and you save time!

Do you like this newsletter? Would you like to sponsor it? Check out the new sponsorship page.

Did you enjoy this issue? Yes No

Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.

If you were forwarded this newsletter and you like it, you can subscribe here.

Created with Revue by Twitter.