View profile

Trojan Source, Automatic type detection for Fastify routes and other Adventures in Nodeland - Issue #33

Matteo Collina
Matteo Collina
Hi Everyone! Thanks for keep reading this weekly newsletter on my open source endeavors. This week edition is centered on a new supply chain vulnerability affecting a lot of languages/compilers/runtimes, a new feature coming in Fastify v4 and some docs for pino.

A new week start and a new supply chain attack become possible. This one is a tricky, subtle one that attacks humans by making the code they read different from the code it is excuted. Read up the paper at:
Then the GitHub response to it:
Warning about bidirectional Unicode text | GitHub Changelog
And finally what is the Node.js stance in all of this. If you do not bother to read all of this, there is a link with a script included that you should be including in your security scans:
Here is the script you can use to sanitize/check your codebase.
GitHub - siddhesh/find-unicode-control
Fastify
This week I’m so proud to announce that Fastify v4 will finally solve the number one feature requested by typescript users: the ability to automatically derive the JSON schemas from types (and viceversa) and have it all wired up automatically to reduce the boilerplate to a minimum.
The following PR brings the dream of every TypeScript fan close to reality: request parameters, query and body validated and typed correctly, just by writing TypeScript. Check it out, it will be part of Fastify v4:
Fastify Type Providers by sinclairzx81 · Pull Request #3398 · fastify/fastify · GitHub
This amazing work was done by @sinclairzx81, the amazing developer behind typebox, check it out if you want to use TypeScript and Fastify together for awesome data validation.
@sinclair/typebox - npm
Check out Manuel Spigolon blog post on how to handle multipart uploads with Fastify:
Fastify Multipart File Upload
Pino
A few people have been opening issues about how to fix the prettyPrint deprecation in [email protected] I have been working hard on the the docs to improve this.
Improve docs and deprecation about prettyPrint by mcollina · Pull Request #1203 · pinojs/pino · GitHub
Articles and News
Here is an oldish article from Shawn about REST vs GraphQL that I set aside some time back.. I would call it a classic, take a look.
Why do Webdevs keep trying to kill REST? : The epic client-server battle of our time ∊ swyx.io
What would be needed to get an interview at a big tech company? Apparently a lot of buzzword. This twitter thread explains why it’s normal and you should not be surprised.
Gergely Orosz
An eng created a fake CV with Instagram, Zillow, LinkedIn, Microsoft and Berkeley on it, all details being nonsense. Got 60% response rate.

Reddit is going wild.

Me, as a hiring manager: what is surprising about any of this. It’s exactly how recruiting works. Let me explain: https://t.co/FVaFUiPtYG
Read this nice story about Hacktoberfest and how much effort might be needed to overcome some “unfortunate” limitation of JavaScript. I loved it:
setInterval() and the 32 bit debacle.
Did you enjoy this issue? Yes No
Matteo Collina
Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.