We have 12 links for you - Stay up-to-date on JavaScript and tools

‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏ ‌‍‎‏

February 4, 2025

Subject: Mocking fetch(); failed npm proposal; fetch() and HTTP/2 in Node.js, Bun, Deno; Node.js security audit; performance.now() 2024; performance.sync() 2024; ES Module Shims 2.0; Web Workers on Node.js; Turborepo 2.4; pnpm 10.1

The easiest security tool you will ever install.

socket.dev Sponsor

Socket’s developer-first platform detects and blocks malicious packages in real time. Our tools help developers quickly evaluate open source risk, automating the majority of dependency reviews to drastically reduce manual security engineering work. Socket analyzes the actual code of your dependencies to alert you to supply chain attacks and 70+ indicators of risk. Install our free GitHub app today.

Mentoss: mocking `fetch()` in browsers and server-side runtimes

humanwhocodes.com @nzakas@fosstodon.org

Story of a failed proposal: compressing all npm packages with Zopfli

evanhahn.com @EvanHahn@bigshoulders.city

“In 2022, I had an idea that could decrease the size of all newly-published npm packages by about 5%, and it was completely backwards compatible. This would have improved performance and reduced storage costs.”

“I eagerly pitched this idea to the npm maintainers, convinced it was a clear win. But after a few months, my proposal was rejected. To be clear: I think this was the right call!”

The state of fetch() and HTTP/2 support in Node.js, Bun and Deno

blog.disintegrator.dev @disintegrator@mastodon.social

Enhancing Node.js security: highlights from the recent audit

openjsf.org @openjsf@social.lfx.dev @nodejs@social.lfx.dev

“The OpenJS Foundation is pleased to share the results of the recent Node.js security audit conducted by Ada Logics, in collaboration with the Open Source Technology Improvement Fund (OSTIF).”

Videos: performance.now() 2024 conference on web performance

www.youtube.com

Archived version of 2024 website

Videos: performance.sync() 2024 meetup on web performance and collaboration

www.youtube.com

Website of meetup

New versions

ES Module Shims 2.0: “nobuild” TypeScript in browsers and more

guybedford.com @guybedford@fosstodon.org

“ES Module Shims 2.0 is now live, a comprehensive 13KB polyfill for import maps, multiple import maps, CSS & JSON imports, Wasm modules and Source Phase imports.”

“If you don’t know what all of these features are, they are covered below, but first and most importantly I want to highlight one of the major new features in 2.0: TypeScript type stripping support.”

web-worker 1.5.0: Web Worker API for Node.js

github.com @developit@mastodon.social github.com/martines3000

Turborepo 2.4: Boundaries, terminal UI improvements, watch mode caching, and more

turbo.build github.com/NicholasLYang github.com/anthonyshew github.com/chris-olszewski github.com/vercel

Highlights (quoting the blog post):

Boundaries Experimental: A first look at Boundaries in Turborepo
Terminal UI improvements: Persistent preferences and new features
Watch Mode caching Experimental: Develop faster in Watch Mode
Circular dependency recommendations: Adopt Turborepo in large repos more easily
schema.json in node_modules: Versioned configuration validation from within your repository
ESLint Flat Config support: eslint-config-turbo and eslint-plugin-turbo updated for ESLint v9

pnpm 10.1: new features for dealing with ignored build scripts and more

github.com @pnpm@fosstodon.org

‍

This email was sent to {{ email | default }}. You can unsubscribe from this list here or update your preferences.

‍