JavaScript, ML and LLMs

#​654 — September 14, 2023

Read on the Web

JavaScript Weekly

Bun 1.0: Is It a Toolkit? Is It a Runtime? It’s Both — You’ve used Node, you’ve seen Deno, now Bun has grown up too. It’s a performance-oriented server-side JS runtime built atop JavaScriptCore and makes the unique claim of being “a drop-in replacement for Node.js.” It includes extras like transpilation, bundling, package management, and a Jest-compatible test runner too. The post goes into a lot of depth, but we enjoyed the Bun team’s ▶️ 10 minute introductory video. Does Bun deliver on all its promises yet? No. Is it promising? Yes.

Jarred Sumner et al.

Why Does every() Return true for Empty Arrays? — Nicholas wondered how a condition can possibly be satisfied when there aren’t any values to test, so he dug into the language specs to understand the logic.

Nicholas C. Zakas

The Complete UI Component Library For Enterprise Web Apps — A professional UI component library with power widgets like data grid, calendar, scheduler & Gantt charts. Includes API docs, guides and an unreasonable amount of demos to play with. Seamlessly integrates with React, Angular, Vue & Salesforce apps.

Bryntum sponsor

A First Look at TypeScript 5.3TypeScript 5.2 landed a few weeks ago, which means TypeScript 5.3 is already in the works (the final release is due in November), with possible features to think about including Import Attributes, throw expressions, and isolated declarations.

Matt Pocock

⚡️ IN BRIEF:

📅 ViteConf is taking place this October 5-6. It’s free and online.

The August 2023 build of VS Code has just been released and includes improvements to the JS debugger including WebAssembly module decompilation, as well as Move to File and Inline Variable refactorings.

Linus Groh is working on a JavaScript engine in Zig called Kiesel, mostly as a learning project, but it’s passing 25% of test262 after four months of effort.

While searching for something else, I encountered this JavaScript tutorial from 1996 that’s still online. Amazingly, most of it still works fine today.

Esteemed Microsoft code archaeologist Raymond Chen looks at how freestanding JS functions using this can be mistaken for a constructor by VS Code’s static analyzer.

🎉 RELEASES:

MikroORM 5.8 – Powerful Node.js ORM.

Reason 3.10 – Write code in OCaml, but for the JS ecosystem.

Happy DOM 11.0 – A JS implementation of a web browser sans UI.

Node.js v20.6.1 (Current)

📒 Articles & Tutorials

JavaScript’s New Array Grouping Methods — A look at Object.groupBy and Map.groupBy. The proposal including these methods is currently at stage 3 at TC39, but initial support is creeping into dev builds of browsers.

Phil Nash

JPEG and EXIF Data Manipulation in JavaScript — A look at how to pick through the JPEG format and read and replace EXIF tags directly without leaning on a third party library.

Cédric Patchane

Frontend Performance Monitoring 101 — Learn the basics of JavaScript application performance monitoring to see (and fix) slow faster. Join us for a live AMA.

Sentry sponsor

▶  Building a Mario Game Complete with Auth and Score Saving — Ania tackles the implementation of a game in her usual thorough, step-by-step manner.

Ania Kubów

Running a Playwright Script on AWS Lambda — If you’ve struggled to make it work too, Matt has some pointers.

Matt Steele

A New Method to Validate URLs — URL.canParse isn’t broadly supported yet, but can be easily polyfilled.

Stefan Judis

How to Run a GitHub Gist with npx — This is an interesting way to quickly deploy a script.

Kelly Fox

🕑 Lei Mao has a cute example of using React in an ad-hoc way on a web page to dynamically render an analog clock. No build step. No JSX.

▶️ Jack Herrington refutes six reasons not to use React.

🛠 Code & Tools

Shadcn for Vue: Components You Can Copy and Paste — A community-led Vue port of the React-oriented shadcn/ui, a suite of attractive components built with Tailwind CSS and Radix UI, thus making them easy to ‘copy and paste’ into your own apps.

Radix Vue Project

FlexGrid by Wijmo: The Industry-Leading JavaScript Datagrid

Wijmo from GrapeCity sponsor

npm-check-updates: Update package.json Dependencies to Latest Versions — That is, as opposed to the specified versions. It include a handy -i interactive mode so you can look at potential upgrades and then opt in to them one by one.

Raine Revere

Starry Night 3.0: GitHub-Like Syntax Highlighting — GitHub’s own syntax highlighter isn’t open source, but Starry Night uses WebAssembly (to get access to the Oniguruma regex engine) to get as close as it can.

Titus Wormer

Vuestic 1.8: Open Source UI Library for Vue 3 — A library of more than 60 customizable components. v1.8 introduces new Layout and Textarea components. Official homepage.

Epicmax

Goxygen 0.7: Quickly Generate a Go Backend for a JS Project — A tool that sets up a new Go-based project with Angular, React, or Vue in the front-end, and Docker and Docker Compose files to make it all work.

Sasha Shpota

Deliver Real-Time Live Streams with Amazon IVS — Amazon IVS enables developers to create dynamic real-time and low-latency video experiences. Click here to learn more.

Amazon Web Services (AWS) sponsor

xterm.js 5.3.0: Build Terminals in the Browser — It’s used in many projects like VS Code, cPanel, Azure Cloud Shell, and other browser-based IDEs. There’s a live demo on the homepage to try.

xterm.js team

Gridstack.js 9.2
↳ Build interactive dashboards in minutes. (Demos.)

Accessible Astro Starter 3.0
↳ A starter theme for an Astro-powered blog.

Ant Design 5.9
↳ Popular React UI library & design language.

📊 Reveal.js 4.6 – Write presentations in HTML.

Electron 26.2

💻 Jobs

Find JavaScript Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.

Hired

🤖 A little JavaScript AI-side..

AI, LLMs and machine learning have caught the imagination of many developers recently, whether through training and deploying models, calling out to third party APIs (like those OpenAI offers), or using tools like GitHub Copilot to write code. It’s common, however, for a lot of AI/LLM experimentation to take place in Python, rather than JavaScript..

Nonetheless, there’s an increasing number of projects in the JavaScript AI/ML space worth keeping an eye on, as well as an upcoming AI developer event being organized by two folks from the JavaScript space:

Transformers.js: State-of-the-Art Machine Learning for the Web — A JavaScript library designed to be functionally equivalent to Hugging Face’s transformers Python library meaning you can run the same pretrained models using a very similar API. You can do things like ML-powered speech recognition directly in your browser using OpenAI’s Whisper model. GitHub repo.

Joshua Lochner et al.

Microsoft TypeChat: An Approach for Type-Safe LLM Responses — Anders Hejlsberg and Daniel Rosenwasser of TypeScript fame are just two of the prominent names attached to this project, demonstrating the huge interest within MS for LLMs. TypeChat’s goal is to work around the issue of LLMs outputting unstructured natural language and to direct output into a typed form.

Hejlsberg, Lucco, Rosenwasser et al.

WebLLM: Run LLM Models in the Browser with WebGPU — Less directly JavaScript, as it uses WebGPU, but yet another way to run large language models directly within the browser and that you can control from JavaScript. GitHub repo.

MLC LLM

TensorFlow.js: Machine Learning for JavaScript Developers — Slightly lower level, but a great way to train and deploy models in the browser or in Node.js. There are, of course, lots of demos, too.

TensorFlow

JavaScript Library Lets Devs Add AI Capabilities to the Web

Loraine Lawson (The New Stack)

▶  A Primer on AI for Developers with Swyx from Latent Space

Svelte Radio

📅 Plus, two JavaScript folks are putting on an AI event..

As part of my interest in AI and ML, I’m attending what promises to be the technical AI event of the year in San Francisco next month: The AI Engineer Summit.

The emerging ‘AI engineer’ category is at the intersection of AI/ML and code: where software engineers can access and implement powerful AI models with just an API. Andrej Karpathy believes that “there’s probably going to be significantly more AI engineers than there are ML engineers / LLM engineers.”

With speakers representing companies like OpenAI, Microsoft, Replit, Vercel, AutoGPT, Adept, LlamaIndex, and Notion, at the Hotel Nikko this October 8-10, the event is organized by two folks well known in the JavaScript world: Swyx (who you may remember from his popular The Third Age of JavaScript post) and Benjamin Dunphy, formerly of Reactathon and Jamstack Conf. You can apply to attend or get a free remote ticket to tune in from wherever you are.

If you’re going to the AI Engineer Summit, I’ll see you there!

👋

Strengthening Node.js Security: NodeSource-GitHub Partnership

Strengthening Node.js Security: NodeSource and GitHub Partner to Boost Security for Software Developers

The NodeSource-GitHub partnership is a game-changer for developers seeking to build secure applications directly integrating NCM’s (Node Certified Modules) powerful security features into their GitHub Actions workflow. With our NCM GitHub App developers can easily add NCM to their repositories, configure organization-wide rules for vulnerability scanning and approval processes, and receive real-time reports on vulnerabilities in pull requests and deployment workflows that target a GitHub environment.

NCM is a core feature of N|Solid, providing enhanced security for Node.js applications in production environments. We help organizations & developers use Node to its fullest through __N|Solid__, the world’s best Node.js observability and security tool built on top of the Node.js runtime. It provides a secure environment for running Node.js applications and advanced features such as worker threads monitoring, memory leak detection, and CPU profiling.

This new integration with GitHub Actions Deployment Protection Rules streamlines managing open-source Node packages, ensuring compliance with licensing requirements, and helps developers proactively identify and mitigate security risks before they deploy their Node.js applications using GitHub Actions Workflows. It adds a valuable layer of security to the development and deployment workflows, enabling developers to identify and fix vulnerabilities before they become major security breaches, ultimately safeguarding Node.js applications and protecting critical data.

Simplifying Vulnerability Management for Open-Source Dependencies

Node.js applications and services rely heavily on open-source Node packages for their source code. Unfortunately, many of these packages have publicly disclosed vulnerabilities, often ignored or overlooked by developers. This can leave applications vulnerable to malicious code execution and secret leaks, potentially resulting in significant security breaches.

To mitigate this risk, developers must be vigilant when selecting and using Node packages in their projects and take prompt action when vulnerabilities are discovered. This requires staying informed about potential security issues and planning to address them.

NCM integration with GitHub Actions Deployment Protection Rules simplifies managing open-source Node packages. Users can add the NCM GitHub App to their repositories via the GitHub Marketplace and check NCM results in the Accounts Portal for every action, such as Pull Requests or Deployments.

With this integration, devs can:

Set up repositories to use the NCM GitHub App by searching and adding it via the GitHub Marketplace or using a direct link from the NodeSource Accounts Portal.

Check the NodeSource Accounts Portal for NCM results related to actions such as Pull Requests or Deployments configured in GitHub repositories.

NCM analyzes and approves or rejects every deployment flow based on organization-configured rules, ensuring secure project deployments.

Receive detailed reports attached to every Pull Request and deployment in configured repositories, indicating NCM’s findings with green or red status markers, helping users make informed security decisions.

Now, with the integration of NCM (Node Certified Modules) directly into N|Solid Console and through the __GitHub Marketplace__, users can access even more powerful toolsets for managing their Node.js applications. This integration streamlines managing open-source Node packages, allowing users to easily track and monitor package dependencies, scan for vulnerabilities, and ensure compliance with licensing requirements.

By leveraging the power of NCM within N|Solid Console and the GitHub Marketplace, organizations can effectively enhance their applications’ security and compliance while ensuring their stability and reliability. NCM provides a robust solution to proactively identify and address security risks, maintain compliance, and improve application performance. It empowers organizations to build and deploy secure, reliable, and compliant applications, ultimately protecting their reputation and mitigating risks associated with security breaches and compliance violations.

NCM is a powerful tool that greatly enhances application security, compliance, stability, and reliability. Organizations can proactively mitigate security risks, maintain compliance, and ensure application stability by integrating NCM into the deployment flow through N|Solid Console and the GitHub Marketplace. Embracing NCM as a part of the development process is a prudent choice for organizations prioritizing application security, compliance, and reliability in today’s dynamic software development landscape.

NCM – Deployment Protection Rule

GitHub Marketplace offers a range of third-party applications and services, such as code analysis tools, project management tools, continuous integration, deployment (CI/CD) tools, and security tools, among others, that can be integrated into pull requests and deployment workflows with GitHub Actions.

With its powerful feature set and certification program, NCM is an essential tool for any developer working with open-source Node packages.

Related Content

Unleashing the Power of NCM – https://nsrc.io/UnleashingNCM

Vulnerability Scanning with NCM – https://nsrc.io/VulnerabilityScanningNS

Avoiding npm substitution attacks using NCM – https://nsrc.io/AvoidAttackswithNCM

Experience the Power of N|Solid

To get the best out of Node.js and experience the benefits of its integrated features, including OpenTelemetry support, SBOM integration, and machine learning capabilities.✍️ Sign up for a free trial and see how N|Solid can help you achieve your development and operations goals. #KnowyourNode