TypeScript 5.2, Node 20.6, and Astro 3.0

#​653 — September 7, 2023

Read on the Web

😅 We’re back! After two weeks enjoying the blistering desert heat of Las Vegas and downpours of Storm Hilary, I’m ready to get back to the weekly JavaScript roundups – fingers crossed we’re here each week till Christmas now 🙂
__
Peter Cooper and the Cooperpress team

JavaScript Weekly

Astro 3.0 Released: The All-in-One Web Framework — An increasingly popular, turbo-charged site generator comfortable with not just static sites, but dynamic and interactive ones too by way of its ‘islands’ approach. You can use React, Vue, Svelte, Solid, and others, with it, and v3 adds View Transitions API support (more on that here) which can result in striking creations like this Spotify ‘clone’. It requires a play to really ‘get it’ but it’s great.

Astro Team

Good news – now SvelteKit supports the View Transitions API too 😉

Node.js 20.6 Released with Built-In Support for .env Files — The official release post covers everything new in 20.6, but the highlight is support for .env environment files to set environment variables dynamically when a script is run without requiring a third-party library like dotenv.

Phil Nash

Simplify Security and Compliance for Your Apps — Introducing Pangea: comprehensive API-based security services for developers. Effortlessly integrate foundational security services like Authentication, Authorization, and Audit Logging to create a safer app experience and accelerate your time to market.

Pangea sponsor

Bye to Rome and Hi to Biome for JS Formatting and Linting — First announced in 2020, Rome is/was an ambitious effort to create a unified frontend dev tool to bring ideas from Babel, ESLint, webpack, etc. into one place. After forming a company around Rome and raising money two years ago, things seem to have gone awry, with its key maintainers forking the project as Biome.

Emanuele Stoppa and the Biome Team

⚡️ IN BRIEF:

Version 1.0 of Bun, the notably fast JavaScriptCore-based JS runtime, is due to launch in the coming hours. There’s a livestream and, we assume, a launch post due to land here very soon.

In other ‘alternative runtime news’, the Deno team has announced native npm support on its Deno Deploy platform. They’ve also announced Deno KV is in open beta.

Mozilla: “Over the course of the year Firefox has improved by around 40% on the Vue.js benchmark” – find out why.

David Heinemeier Hansson, the creator of Ruby on Rails, announced that they’re dropping TypeScript from Turbo (a library commonly used with Rails) in favor of plain old JavaScript. Social media drama ensued.

What’s going on with the Gatsby React framework? Folks are noticing there’s not a lot going on with it lately and that 🐦 Netlify layoffs had a big impact. Netlify does, however, say 🐦 updates are coming.

GitHub has made changes to its homepage feeds. Quite a few people are unhappy about it, though.

“The CSS-in-JS sector has plateaued,” says the latest State of CSS survey.

What’s new in Svelte as of September 2023? Quite a lot.

🎉 RELEASES:

TypeScript 5.2 – Complete with the much awaited using declarations..

Node-RED 3.1 – The powerful low-code/visual programming environment gets some key improvements in its editor.

jq 1.7 – It’s not JavaScript, but surely the best JSON processing tool to exist.

Ky 1.0 – Simple HTTP client based upon Fetch for browsers, Node & Deno.

jQuery 3.7.1 – Oh yes indeedy 🎉

Cypress 13

📒 Articles & Tutorials

Making Sense of React Server Components — This is fantastic and exactly what it says on the tin, – we’ll be focusing on it more in next week’s React Status newsletter though 😉

Josh W Comeau

You Don’t Need to Learn Svelte – Here’s Why — I mean.. you kinda do, but Kavii’s excitement is infectious and Svelte’s approach remains refreshing.

Kavii Suri

item: Using Labeled Loops in JavaScript — If using labels gives you flashbacks to BASIC and GOTO statements, I sympathize, but in JavaScript, labels open up an interesting control flow technique. More about this on MDN. continue item;

Ben Nadel

Build a Documentation Chatbot with ChatGPT and EdgeDB — Let’s do it using EdgeDB’s intuitive data model & query language, as well as its powerful TypeScript query builder.

EdgeDB sponsor

A Wide View of Automated Testing in React Apps — A straightforward and to the point introduction to why you might use automated testing, how to get going in the scope of a React app, and what to be testing.

The React Handbook

How to Create a Dual-Mode Cross-Runtime JavaScript Package — Specifically, supporting both ESM and CommonJS, and across runtimes like Node, Deno and the browser.

Hexagon

Benchmarking 24 CSV Parsing Approaches — The most extensive CSV parsing benchmark I’ve seen. The author is himself the creator of the μDSV CSV parsing library and wanted to check out the common ‘lightning fast performance’ claims of other libaries.

Leon Sorokin

The Complexity of Building an Efficient Node.js Docker Image — It’s possible to get huge reductions in image size and build time and Samuel shares his approach here, but he also questions whether all this work should be necessary.

Samuel Bodin

Learn High-Level Compilers, Tools, & Techniques – in JavaScript!

Dmitry Soshnikov Education sponsor

14 Linting Rules To Help You Write Asynchronous JS Code

Maxim Orlov

How to Create a Chrome Extension in 10 Minutes Flat

James Hibbard

🛠 Code & Tools

Peaks.js 3.0: View and Interact with Audio Waveforms — A JavaScript component for browser-based audio waveform visualization that comes from the BBC’s R&D department. There’s a live example on the homepage. GitHub repo.

BBC

🎸 SVGuitar: Create SVG-Based Guitar Chord Charts — Why not continue with the musical theme? 😁 You can experiment with this one via this live demo.

Raphael Voellmy

FormKit 1.0: The Open-Source Form Framework for Vue — Ships with production-ready scaffolding like inputs, forms, submission and error handling, and validation rules.

FormKit, Inc.

Add Authorization, MFA, Biometrics and More to Your JavaScript App in Just Minutes — It’s about time that somebody talked some sense about OAuth and JavaScript. So we did. You’re welcome.

FusionAuth sponsor

Plate: Roll Your Own Slate-Based Rich-Text Editor — A framework for building React-based rich text editors where you can select the specific features and functionality you need. GitHub repo.

Ziad Beyens

Math.js: An Extensive Math Library for Node and Browser — Work with complex numbers, fractions, units, matrices, symbolic computation, etc. A long standing library now, but continuing to get frequent updates. GitHub repo.

Jos de Jong

Calendar.js: A Calendar Control with Drag and Drop — A responsive calendar with no dependencies, full drag and drop support (even between calendars) and many ways to manage events with recurring events, exporting, holidays, and more.

William Troup

💻 Jobs

Find JavaScript Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.

Hired

🧑‍💻 Got a job listing to share? Here’s how.

npm-to-yarn – Convert npm commands to yarn and vice versa.

export-to-csv – Export arrays of objects to CSV.

Marked 8.0 – Fast Markdown parsing library. (Demo.)

Perfectionist 2.0 – ESLint plugin for sorting various data.

React Native Vision Camera 3.0
↳ Powerful camera control for React Native apps.

YouTube.js 6.3
↳ Client library for YouTube’s internal API.

Ink 4.4 – Use React to build CLI apps.

Prisma 5.2

ffmpeg.wasm 0.12.6

N|Solid v4.10.1 is now available

NodeSource is excited to announce N|Solid v4.10.1 which contains the following changes:

General stability improvements and bug fixes
Node.js v16.20.2 (LTS): Includes a Node.js security release captured in Node.js v16.20.2 (LTS).
Node.js v18.17.1 (LTS): Includes a Node.js security release captured in Node.js v18.17.1 (LTS).

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.

Changes

IMPORTANT: This release of N|Solid v4.10.1 contains a Node.js security release!

This release includes patches for these vulnerabilities:

• CVE-2023-32002: Policies can be bypassed via Module._load (High)

• CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
• CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
• OpenSSL Security Releases
OpenSSL security advisory 14th July.
penSSL security advisory 19th July.
OpenSSL security advisory 31st July

N|Solid

There are two available LTS Node.js versions for you to use with N|Solid, Node.js 16 Gallium and Node.js 18 Hydrogen.

N|Solid v4.10.1 Gallium ships with Node.js v16.20.2.

N|Solid v4.10.1 Hydrogen ships with Node.js v18.17.1.

Node.js

The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.

The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:
Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008
macOS:
macOS 10.11 and newer
RPM based 64-bit Linux distributions (x86_64):
Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer
DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):
Ubuntu 16.04 and newer
Debian 9 (stretch) and newer
Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/ directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click 👉 [HERE]

N|Solid v4.9.4 is now available

MPORTANT: This release of N|Solid v4.9.4 contains a Node.js security release!

NodeSource is excited to announce N|Solid v4.9.4 which contains the following changes:

General stability improvements and bug fixes
Node.js v16.20.1 (LTS): Includes a Node.js security release captured in Node.js v16.20.1 (LTS).
Node.js v18.16.1 (LTS): Includes a Node.js security release captured in Node.js v18.16.1 (LTS).

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.

Changes

NodeSource is excited to announce N|Solid v4.9.4 which contains the following changes:

This release includes patches for these vulnerabilities:

CVE-2023-30581: mainModule.proto Bypass Experimental Policy Mechanism (High).
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium).
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium).
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium).
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium).

With the new action in N|Solid saved views, you can activate the tracing automatically when one or more processes cross over performance thresholds or match query parameters that you set.

N|Solid

N|Solid v4.9.4 Gallium ships with Node.js v16.20.1.
N|Solid v4.9.4 Hydrogen ships with Node.js v18.16.1.

There are three available LTS Node.js versions for you to use with N|Solid, Node.js 16 Gallium, Node.js 14 Fermium and Node.js 18 Hydrogen.

Node.js

The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.

The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:
Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008
macOS:
macOS 10.11 and newer
RPM based 64-bit Linux distributions (x86_64):
Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer
DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):
Ubuntu 16.04 and newer
Debian 9 (stretch) and newer
Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/ directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click 👉 [HERE]

N|Solid v4.9.2 is now available

NodeSource is excited to announce N|Solid v4.9.2 which contains the following changes:

General stability improvements and bug fixes
Node.js v14.21.3 (LTS): Includes a Node.js security release captured in Node.js v14.21.3 (LTS).
Node.js v16.19.1 (LTS): Includes a Node.js security release captured in Node.js v16.19.1 (LTS).
Node.js v18.14.1 (LTS): Includes a Node.js security release captured in Node.js v18.14.1 (LTS).
Support for a new action in N|Solid saved views to capture traces automatically.

IMPORTANT: N|Solid v4.9.1 contains a Node.js security release!

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.

Changes

N|Solid v4.9.2 contains the following changes:

General stability improvements and bug fixes
Node.js v14.21.3 (LTS): Includes a Rebase of N|Solid on Node.js v14.21.3 (LTS).
Node.js v16.19.1 (LTS): Includes a Rebase of N|Solid on Node.js v16.19.1 (LTS).
Node.js v18.14.2 (LTS): Includes a Rebase of N|Solid on Node.js v18.14.2 (LTS).

IMPORTANT: N|Solid v4.9.1 contains a Node.js security release. This release includes patches for these vulnerabilities:

CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low).
With the new action in N|Solid saved views, you can activate the tracing automatically when one or more processes cross over performance thresholds or match query parameters that you set.

N|Solid

N|Solid v4.9.2 Fermium ships with Node.js v14.21.3.

N|Solid v4.9.2 Gallium ships with Node.js v16.19.1.

N|Solid v4.9.2 Hydrogen ships with Node.js v18.14.1.

Node.js

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.
The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.
The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:

Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008

macOS:
macOS 10.11 and newer

RPM based 64-bit Linux distributions (x86_64):

Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer

DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):

Ubuntu 16.04 and newer
Debian 9 (stretch) and newer

Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/ directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click ???? [HERE]

N|Solid v4.8.4 is now available

IMPORTANT: This release of N|Solid v4.8.4 contains a Node.js security release!

NodeSource is excited to announce N|Solid v4.8.4 which contains the following changes:

Node.js v14.21.1 (LTS): Includes a Node.js security release captured in Node.js v14.21.1 (LTS).
Node.js v16.18.1 (LTS): Includes a Node.js security release captured in – Node.js v16.18.1 (LTS).
Node.js v18.12.1 (LTS): Includes a Node.js security release captured in Node.js v18.12.1 (LTS).

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide..

Changes

NodeSource is excited to announce N|Solid v4.8.4 which contains the following changes:

This release includes patches for these vulnerabilities:

CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
CVE-2022-43548: DNS rebinding in –inspect via invalid octal IP address (Medium)

There are three available LTS Node.js versions for you to use with N|Solid, Node.js 16 Gallium, Node.js 14 Fermium and Node.js 18 Hydrogen.

N|Solid v4.8.4 Fermium ships with Node.js v14.21.1.

N|Solid v4.8.4 Gallium ships with Node.js v16.18.1.

N|Solid v4.8.4 Hydrogen ships with Node.js v18.12.1.

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.

The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.

The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:

Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008

macOS:
macOS 10.11 and newer

RPM based 64-bit Linux distributions (x86_64):

Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer

DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):

Ubuntu 16.04 and newer
Debian 9 (stretch) and newer

Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click here to start!

As always, we’re happy to hear your thoughts – feel free to get in touch with our team or reach out to us on Twitter at @nodesource.

N|Solid v4.9.0 is now available

NodeSource is excited to announce N|Solid v4.9.0 which contains the following changes:

This version of N|Solid contains amazing features like M__achine Learning support__ and SBOM support (Software Bill of Materials) , it also contains the latest Node.js versions: v14.21.1 (LTS), v16.18.1 (LTS) and v18.12.1 (LTS), few updates and stability improvements.

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide..

Changes

NodeSource is excited to announce N|Solid v4.9.0 which contains the following changes:

Machine Learning support: this feature contains common Node.js issues detection powered by machine learning analysis, also allows the users to train custom models to be used to detect similar patterns in your applications metrics, the machine learning detection is also integrated with the global notification system and the events logs.

SBOM support (Software Bill of Materials): N|Solid has added support for SBOM reporting in all applications connected to the N|Solid console, the report is offered in two formats: JSON and PDF, it contains the information for the dependency inventory of an specific application; it includes valuable information lik licensing and the security status for each dependency used.

There are three available LTS Node.js versions for you to use with N|Solid, Node.js 16 Gallium, Node.js 14 Fermium and Node.js 18 Hydrogen.

N|Solid

N|Solid v4.9.0 Fermium ships with Node.js v14.21.1.

N|Solid v4.9.0 Gallium ships with Node.js v16.18.1.

N|Solid v4.9.0 Hydrogen ships with Node.js v18.12.1.

Node.js

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.
The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.
The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:

Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008

macOS:
macOS 10.11 and newer

RPM based 64-bit Linux distributions (x86_64):

Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer

DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):

Ubuntu 16.04 and newer
Debian 9 (stretch) and newer

Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click [here]