jQuery lives on; major changes teased

#​639 — May 18, 2023

Read on the Web

JavaScript Weekly

Bun’s New Bundler: 220x Faster than webpack?Bun is one of the newest JavaScript runtimes (built atop the JavaScriptCore engine) and focuses on speed while aiming to be a drop-in replacement for Node.js. This week’s v0.6.0 release is the ‘biggest release yet’ with standalone executable generation and more, but its new JavaScript bundler and minifier may attract most of the attention and this post digs into why.

Jarred Sumner

???? If you’d prefer to read what a third party thinks, Shane O’Sullivan gave the new bundler a spin and shared his thoughts. There’s also some discussion on Hacker News. It’s early days and while esbuild may be fast enough for most right now, it’s fantastic to see any progress in bundling.

Deopt Explorer: A VS Code Extension to Inspect V8 Trace Log Info — A thorough introduction to MS’s new tool for performing analysis of the V8 engine’s internals, including CPU profile data, how inline caches operate, deoptimizations, how functions were run (interpreted or compiled) and more. There’s a lot going on.

Ron Buckton (Microsoft)

Supercharge Your Websites and Applications with Cloudflare — Get ready for supercharged speed and reliability with Cloudflare’s suite of performance tools. With ultra-fast CDN, smart traffic routing, media optimization, and more, Cloudflare has everything you need to ensure your site or app runs at peak performance.

Cloudflare sponsor

jQuery 3.7.0 Released — JavaScript Weekly is 638 issues old, or almost 13 years once you take away weeks off, so jQuery was a big deal in our early days. We hold a lot of nostalgia for it, and it remains widely used even if no-one is writing about it anymore ???? v3.7 folds the Sizzle selector engine into the core, adds some unitless CSS properties, gains a new uniqueSort method, and “major changes” are still promised in future. jQuery lives on!

Timmy Willison (jQuery Foundation)

⚡️ IN BRIEF:

TC39’s Hemanth.HM has begun keeping a list of ES2023 code examples like he did for ES2022, ES2021, and ES2020.

???? The New Stack has a story about Meta supporting the OpenJS Foundation – but who wrote the article is what we found more interesting..

The folks at Meta / Facebook have written about the efficiency gains made in Messenger Desktop by moving from Electron to React Native.

One downside to platforms like Cloudflare Workers using V8 isolates has been a lack of support for opening TCP sockets – quite an impediement if you want to talk to a RDBMS over TCP or something. Fear no more, Cloudflare Workers has introduced a connect() API for creating TCP sockets from Workers functions.

Promise.withResolvers progressed to stage 2 at the latest TC39 meeting.

RELEASES:

Node.js 20.2

Rome 12.1
↳ The formatter/linter gains stage 3 decorator support.

Ember.js 5.0 – App framework.

Jasmine 5.0 – Testing framework.

Gatsby 5.10

???? Articles & Tutorials

How to Get Full Type Support with Plain JavaScript — It’s possible to reap the benefits of TypeScript, yet still write plain JavaScript, as TypeScript’s analyzer understands types written in the JSDoc format.

Pausly

TypeScript’s own JS Projects Utilizing TypeScript page has more info on the different levels of strictness you can follow from mere inference on regular JS code through to full on TypeScript with strict enabled.

▶  Coding a Working Game of Chess in Pure JavaScript — No canvas, either. All using the DOM, SVG, and JavaScript. No AI and it’s not perfect, but it’s only 88 minutes long and it’ll give you something to work on..

Ania Kubow

Automate Slack and MS Teams Notifications Using Node.js — Quick guide to send and automate messages via Slack, MS Teams, and any other channel from your Node.js applications.

Courier.com sponsor

Your Jest Tests Might Be Wrong — Is your Jest test suite failing you? You might not be using the testing framework’s full potential, especially when it comes to preventing state leakage between tests.

Jamie Magee

A Guide to Visual Regression Testing with Playwright — The Playwright browser control library can form the basis of an end-to-end testing mechanism all written in JavaScript, and comparing the visual output of tests can help show where things are going wrong.

Dima Ivashchuk (Lost Pixel)

Create a Real Time Multi Host Video Chat in a Browser with Amazon IVS

Amazon Web Services (AWS) sponsor

React Server Components, Next.js App Router and Examples — Addy Osmani’s overview of of the state of React Server Components, the Next.js App Router implementation, other implementations, the move towards hybrid rendering, plus related links.

Addy Osmani

..and if React is your thing, the latest issue of React Status is for you.

???? Code & Tools

VanJS: A 1.2KB Reactive UI Framework Without JSX — A new entrant to an increasingly crowded space, VanJS is particularly light and elegant, and its author has put some serious effort into documenting it and offering tools to convert your HTML to its custom format. It’s short for vanilla JavaScript, by the way.. GitHub repo.

Tao Xin

JavaScript Scratchpad for VS Code (2m+ Downloads) — Quokka.js is the #1 tool for exploring/testing JavaScript with edit-continue experience to see realtime execution and runtime values.

Wallaby.js sponsor

Introducing Legend-State 1.0: Faster State for ReactAnother state management solution? After a year of effort, Legend State 1.0 claims to be the fastest option “on just about every metric” and they have the benchmarks to prove it. Whatever the case, this thorough intro is worth a look. GitHub repo.

Moo․do

Starry Night: GitHub-Like Syntax Highlighting — Apparently, GitHub’s own syntax highlighting approach isn’t open source, but this takes a similar approach and is. It’s admittedly quite ‘heavy’ (due to using a WASM build of the Oniguruma regex engine) but that’s the price of quality.

Titus Wormer

Garph 0.5: A Fullstack GraphQL Framework for TypeScript — Full-stack ‘batteries included’ GraphQL APIs without codegen. GitHub repo.

Step CI

headless-qr: A Simple, Modern QR Code Library — A slimmer adaptation of an older project without the extra code that isn’t necessary today. Turning the binary into an image is your job, or use something like QRCode.js if you want a canvas-rendered QR code out of the box.

Rich Harris

Scroll Btween: Use Scroll Position to Tween CSS Values on DOM Elements — Scrolling/parallax libraries tend to feel the same but this one demonstrates some diverse examples with colors, images, and text — all with no dependencies.

Olivier Blanc

eslint-plugin-check-file: Rules for Consistent Filename and Folder Names — Allows you to enforce a consistent naming pattern for file and directory names in projects.

Huan

Transformers.js 2.0 – Run Hugging Face transformers directly in browser.

PrimeReact 9.4 – Extensive UI component library.

The Lounge 4.4 – Cross-platform, self-hosted web IRC client.

Faast.js 8.0 – Serverless batch computing made simple.

???? Jobs

Find JavaScript Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.

Hired

Fullstack Engineer at Everfund.com — Push code, change lives! Help us become the center for good causes on the modern web with our dev tools.

Everfund

????‍???? Got a job listing to share? Here’s how.

???? Go with the flow..

js2flowchart.js — A visualization library to convert JavaScript code into attractive SVG flowcharts. Luckily, there’s a live online version if you want to play without having to install anything.

Bohdan Liashenko

Playwright now offers a UI mode

#​631 — March 24, 2023

Read on the Web

JavaScript Weekly

Speeding Up the JavaScript Ecosystem: npm Scripts — The latest in what has been a fascinating series on finding ‘low hanging fruit’ when it comes to performance in the JavaScript world. The author explains it best himself:

“‘npm scripts’ are executed by JavaScript developers … all the time. Despite their high usage they are not particularly well optimized and add about 400ms of overhead. In this article we were able to bring that down to ~22ms.”
What Marvin does here is a valuable skill for all developers to pick up, and you can enjoy more by going back to the start.

Marvin Hagemeister

Playwright v1.32 – Now with UI Mode — The popular Web testing and automation framework is taking more steps toward the ground currently served by tools like Cypress by offering a ‘UI mode’ that lets you explore, run and debug tests in a UI environment, complete with watch mode. ▶️ This video provides a good introduction.

Microsoft

A Grid Component with All the Features & Great Performance — Try our powerful JS data grid component which lets you edit, sort, group and filter datasets with fantastic performance. Includes a TreeGrid, API docs and plenty of demos. Seamless integration with React, Angular & Vue apps.

Bryntum sponsor

Why We Added package.json Support to Deno — Deno shares some provenance with Node.js but till recently it hadn’t focused on supporting Node features like npm modules. But with Node and npm compatibility beginning to improve, the team has faced questions about the runtime’s priorities. Ryan Dahl explains more about their thinking here.

Ryan Dahl

???? In other Deno news, Deno 1.32 has been released with… improved package.json support, and more.

How to Start a React Project in 2023 — There are lots of ways, but this well-regarded author explains the pros and cons of a few approaches, and gives you a few options targeting specific use cases you might have.

Robin Wieruch

IN BRIEF:

GitHub had to update its RSA SSH host key today so you may see security related warnings when pushing and cloning. It’s easy to fix, but check the new fingerprint matches – it’s for your own security.

The New Stack caught up with Svelte’s Rich Harris on SvelteKit and what’s coming for Svelte 4.

The React team shared some cutting edge updates on what they’re working on including React Server Components and an optimizing compiler.

If you were experiencing errors on the official Node site last week, here’s the (detailed) post mortem of why. Config errors and inappropriate caching, mostly.

✨ Did you know there’s a market in fake GitHub stars? Some developers analyzed some repos to learn more about it.

???? Congratulations to Lea Verou on her TC39 appointment9. Her efforts to push the Web forward are legendary. Prism is one project you may be aware of.

Make your opinions known on what should be in the next version of Vite.

RELEASES:

Docusaurus 2.4
↳ Easy to maintain documentation site generator.

Puppeteer 19.8
↳ Headless Chrome Node.js API.

Neutralinojs 4.11
↳ Lightweight cross-platform desktop app framework.

Qwik 0.23

???? Articles & Tutorials

Buying a Hard-to-Get Bicycle using Playwright — An unusual use case for JavaScript, Playwright, and GitHub Actions, but Maciek managed to buy his bike.

Maciek Palmowski

Snyk Top 10: JavaScript OSS Vulnerabilities — Dive into the most prevalent critical and high open source vulnerabilities found by Snyk scans of JavaScript apps in 2022.

Snyk sponsor

The ‘End’ of Front-End Development? — A recent narrative doing the rounds suggests that large language models like GPT-4 (or even tools like Copilot X) could soon put some developers out of a job — however, Josh is “optimistic about what these AI advancements mean for the future of software development”.

Josh W. Comeau

In related news, Eric Elliott put ChatGPT through its paces to see if it would make for a good JavaScript tutor. It did well, though with mixed results.

Migrating from ts-node to Bun — A look at adopting performance-oriented Bun when you’re used to using TypeScript with Node.js. John runs us through porting a console app from the ts-node approach over to Bun — “a pretty easy process,” he says.

John Reilly

▶  A Pinia Crash Course for BeginnersPinia is a store / state management solution for Vue that does believe in pineapple on pizza.

Alexander Gekov

A Practical Guide to Getting Started with Astro — An extensive walkthrough of Astro that covers all the topics you’ll need to get you started.

Mojtaba Seyedi

???? Test Website Speed Continuously and Rank Higher In Google — You need a fast website to make users happy and meet Google’s Core Web Vitals metrics. Test and optimize with DebugBear.

DebugBear sponsor

Automatic npm Publishing with GitHub Actions and Granular Tokens

Tim Perry

Make Sure You Do This Before Switching to Signals in Angular

Jordan Powell

Six CSS Snippets Every Developer Should Know

Adam Argyle (Google)

???? Code & Tools

trace.cafe: Easy Webperf Trace Sharing — A quick way to share a performance profile saved from your DevTools, available for up to 90 days with the DevTools perf panel embedded (see example).

paul irish

VueUse: A Collection of Vue Composition Utilities — With over 200 functions targeting both Vue 2 and 3, there’ll be something in this suite of Composition API-based utility functions for you, whether it’s working with state, browser capabilities, animations, Electron, Firebase, and more.

Anthony Fu

Don’t Let Your Issue Tracker Be a Four-Letter Word. Use Shortcut

Shortcut (formerly Clubhouse.io) sponsor

OTPAuth: One Time Password (HOTP/TOTP) Library — When you log in to a site that uses 2FA and you’re asked for some digits from an authentication app, that’s probably a Time-based One-Time Password (or TOTP). This library for Node, Deno, Bun and the browser lets you work with TOTPs and HOTPs from JS.

Héctor Molinero Fernández

Recharts 2.5: Chart Library Built with React and D3 — Easy to deploy with declarative components, native SVG support, and lightweight dependency on D3. Line, bar, scatter, composed, pie, and radar charts are offered. There are lots of examples, complete with code.

recharts

DOCX 8.0: Generate Word .docx Files from JavaScript — The code to lay out documents is verbose but there’s a lot of functionality. Here’s a CodePen example and release notesGitHub repo.

Dolan Miu

SvHighlight: Code Syntax Highlighter for Svelte — Powered by Highlight.js, it includes a blurring feature to focus attention on specific areas of code and you an customize it with Tailwind. Try the interactive examples to see the effect.

SvHighlight

eslint-formatter-pretty 5.0: Pretty ESLint Formatter — Nicer output than the default. Sort results by severity. Get stylized inline code blocks, and more.

Sindre Sorhus

AWS JWT Verify: Verify JWTs Signed by Amazon Cognito — In both Node.js and the browser.

Amazon Web Services

???? Jobs

Software Engineer (Backend) — Join our “kick ass” team. Our software team operates from 17 countries and we’re always looking for more exceptional engineers.

Sticker Mule

Find JavaScript Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.

Hired

????‍???? Got a job listing to share? Here’s how.

melonJS 15.0
↳ Mature HTML5 game engine.

Marked 4.3
↳ Markdown parser and compiler. (Demo.)

v8go 0.9
↳ Execute JavaScript from Go(lang).

Million 2.1
↳ Fast Virtual DOM to make React faster.

Partytown 0.7.6
↳ Take third-party scripts off the main thread.

???? Bonus Item

Make Bookmarklets — Create and test bookmarklets directly in the browser. Makes an irritating task slightly easier if you need to do it.

Cullan Luther

N|Solid v4.9.2 is now available

NodeSource is excited to announce N|Solid v4.9.2 which contains the following changes:

General stability improvements and bug fixes
Node.js v14.21.3 (LTS): Includes a Node.js security release captured in Node.js v14.21.3 (LTS).
Node.js v16.19.1 (LTS): Includes a Node.js security release captured in Node.js v16.19.1 (LTS).
Node.js v18.14.1 (LTS): Includes a Node.js security release captured in Node.js v18.14.1 (LTS).
Support for a new action in N|Solid saved views to capture traces automatically.

IMPORTANT: N|Solid v4.9.1 contains a Node.js security release!

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.

Changes

N|Solid v4.9.2 contains the following changes:

General stability improvements and bug fixes
Node.js v14.21.3 (LTS): Includes a Rebase of N|Solid on Node.js v14.21.3 (LTS).
Node.js v16.19.1 (LTS): Includes a Rebase of N|Solid on Node.js v16.19.1 (LTS).
Node.js v18.14.2 (LTS): Includes a Rebase of N|Solid on Node.js v18.14.2 (LTS).

IMPORTANT: N|Solid v4.9.1 contains a Node.js security release. This release includes patches for these vulnerabilities:

CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low).
With the new action in N|Solid saved views, you can activate the tracing automatically when one or more processes cross over performance thresholds or match query parameters that you set.

N|Solid

N|Solid v4.9.2 Fermium ships with Node.js v14.21.3.

N|Solid v4.9.2 Gallium ships with Node.js v16.19.1.

N|Solid v4.9.2 Hydrogen ships with Node.js v18.14.1.

Node.js

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.
The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.
The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:

Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008

macOS:
macOS 10.11 and newer

RPM based 64-bit Linux distributions (x86_64):

Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer

DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):

Ubuntu 16.04 and newer
Debian 9 (stretch) and newer

Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/ directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click ???? [HERE]

SBOM: The Essential Building Block for Cybersecurity

Software Bill of Materials (SBOMs) is how companies provide a comprehensive inventory of all the components, libraries, and dependencies used in a software system. This information helps organizations identify potential vulnerabilities and manage the risk of software supply chain attacks.

SBOM is a detailed list of all the components, libraries, and dependencies that make up a software system. It includes information such as the names and versions of the components, their sources, and any associated risks or vulnerabilities.

Just as a supply chain document in manufacturing and product development outlines the origin and journey of raw materials and components, a software bill of materials (SBOM) does the same for software components.

SBOM Adoption via Executive Order from the EEUU

On May 12, 2021, President Joe Biden released the Executive Order (EO) on Improving the Nation’s Cybersecurity with a specific requirement for SBOMs. Read here the executive order.

SBOM includes information on their origin, version, and security risk. Just as manufacturers rely on supply chain documentation to ensure the quality and safety of their products, organizations can use SBOMs to manage software supply chain risks and ensure the security and compliance of their software systems. In both cases, having accurate and up-to-date information is critical to making informed decisions and avoiding potential harm.

Since December 2022, in its v4.9.0, N|Solid has SBOM support (Software Bill of Materials).

N|Solid has added support for SBOM reporting in all applications connected to the N|Solid console; the report is offered in two formats: JSON and PDF; it contains the information for the dependency inventory of a specific application; it includes valuable information like licensing and the security status for each dependency used.

Start using SBOM in all applications connected to the N|Solid console START NOW

The role of SBOM:

The Linux Foundation released the results of a survey: The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness, carried out within the framework of the US presidential order on SBOM, where 412 organizations worldwide participated in a survey. Here is the infographic with the highlights.

With the ever-increasing use of third-party components in software development, having an accurate and up-to-date SBOM is essential for ensuring the security and integrity of a company’s software systems; an organization can use SBOMs for many purposes. Some of them are:

Allow organizations visibility and control over their software supply chain, enabling them to make informed decisions about software security, compliance, and licensing.

Companies can proactively manage software risk, improve their cybersecurity posture, and protect their customers and critical data.

Comply with industry standards and regulations. This refers to the process of ensuring that an organization is using software in accordance with its license agreements. This includes ensuring that the software is being used within the terms of the license agreement and that the organization uses only the licenses it has purchased.

Compliance and customer Audit. Ensure that it meets the specified quality criteria. This may include testing, inspections, and reviews to identify any issues or defects and make sure that the product or service meets the customer’s requirements and the high standards of quality that the industry expects.

Despite the clear benefits of SBOMs, the use of SBOMs has traditionally been limited to more than just the largest and most advanced organizations. However, the increasing threat of software supply chain attacks and the growing recognition of the importance of SBOMs are expected to drive the widespread adoption of SBOMs in the near future.

The United States Executive Order on the Nation’s Cybersecurity outlines new requirements for SBOMs and other security measures for software used by federal agencies. This order highlights the importance of SBOMs in ensuring the security of software systems and demonstrates the growing recognition of their value in the industry.

Implementing SBOM in Your Organization

Companies are increasingly aware of their risks by needing to be clearer about their technologies, especially in the open-source ecosystem. according to the Linux Foundation survey, what are the key activities for securing the software supply chain? These answers serve as a basis for understanding the importance of this concept in the ecosystem.

Understanding the process of implementing an SBOM in your organization, from assessing your current software landscape to integrating the SBOM with your existing security and compliance tools, will help you to effectively manage software supply chain risks and ensure the security and compliance of your software systems.

Assessment: The first step is to assess the organization’s current software landscape and identify which software systems and components need to be included in the SBOM.

Inventory: Once the software systems and components have been identified, the next step is to create an inventory of all the components and their attributes, such as name, version, source, and any associated risks or vulnerabilities.

Automation: To ensure the SBOM is accurate and up-to-date, consider automating the SBOM creation process through tools or scripts that can extract information from source code and dependencies.

Integration: The SBOM should be integrated with the organization’s existing security and compliance tools, such as security assessment and license compliance tools, to ensure that the information contained in the SBOM can be effectively utilized.

Monitoring: Regular monitoring of the SBOM should be implemented to ensure that it remains up-to-date and that any changes or updates to software components are accurately reflected in the SBOM.

Review: The SBOM should be regularly reviewed to identify potential security risks or vulnerabilities and ensure compliance with industry standards and regulations.

Training: Finally, provide training to all relevant personnel, including developers and security teams, to ensure that the SBOM is being used effectively and that everyone understands the importance of keeping the SBOM up-to-date.

By following this path, organizations can effectively implement an SBOM and use it to manage software supply chain risks, improve their overall cybersecurity posture, and ensure compliance with industry standards and regulations.

Securing Your Software Supply Chain with N|Solid

N|Solid is a runtime, and a console for managing Node.js applications, providing a secure and reliable runtime environment for Node.js applications developed and distributed by NodeSource. N|Solid includes a range of features to help organizations, including security and performance monitoring, real-time visibility into applications, and the ability to identify and resolve issues quickly.

N|Solid Console has a dedicated section for __NodeSource Certified Modules__. (NCM) are a set of open-source npm packages vetted and certified by NodeSource, a company specializing in Node.js solutions. The certification process involves thorough security, quality, and compatibility testing to ensure that these modules meet high standards for security and performance.

By using NodeSource Certified Modules, organizations can be confident that they are using high-quality, secure, and reliable components in their Node.js applications. In addition, NodeSource provides ongoing maintenance and support for these modules, ensuring that they continue to work effectively and securely over time. By using NodeSource Certified Modules, organizations can simplify the process of selecting and using npm packages in their Node.js applications, helping to ensure that their applications are secure, reliable, and performing optimally for their users.

_NCM enables you to quickly and easily generate SBOMs that:
_

Identify all open-source libraries.
Track and document each component, including direct and transitive dependencies.
Update automatically when components change.
Identify vulnerabilities.
Provide a path to remediation that ensures updates are backward compatible and won’t break the build.

Illustrative Example of Software Life Cycle and Bill of Materials Assembly Line

According to the SBOM document, to stay compliant, the data fields that must be in an SBOM are:

Component name
Component version
Unique identifier for the software
Relationship with other dependencies
Developer name
Name of tool used to create the SBOM document
Document creation date and time

N|Solid complies with the National Institute of Standards and Technology (NIST) laying out the guidelines for an SBOM document.

Conclusion:

SBOMs are an important tool in the fight against software supply chain attacks. Organizations can better track and manage their software components and identify potential risks by incorporating them into the software development process. In addition, SBOMs provide valuable insights into the supply chain history of a product, helping to ensure that all components are sourced from reputable and trustworthy sources.

As a company, ensuring the security of the code and systems you use and create is important. That’s why it is truly important:

To ensure the security of open-source components in your supply chain, it is crucial to track their licenses, vulnerabilities, and associated risks.
To avoid coding security defects and weaknesses, it is important to know common attack methods such as buffer overflows, SQL injection, and cross-site scripting. Vulnerabilities can be difficult to identify, as someone often plants malicious code with in-depth knowledge of the system.
To secure your development and delivery infrastructure, it is recommended to conduct a binary analysis of the container images to inspect component signatures and identify any open-source components and sensitive data present.
To ensure the security of APIs and protocols used for communication with other systems, a lack of visibility and control can put critical systems and sensitive information at risk.

However, implementing SBOMs effectively can be a complex and time-consuming process, and organizations need to choose the right tools and processes to ensure the accuracy and relevance of their SBOMs. We are sure that N|Solid can help! 💪

If you are interested in more information about the supply chain and its associated risks, please contact us at [email protected] or on Twitter @nodesource.
To get the best out of Node.js, try N|Solid SaaS #KnowYourNode

Nodesource Node.js Binary Distributions 2021 & 2022

NodeSource Node.js binary downloads keep increasing monthly, providing millions of users worldwide with the power of Node.js. This blog post gives us important insights into using Node.js across Linux environments and the Node.js community in general.

Nodesource has been packaging and distributing Node.js for Linux environments for 9 years. Every major and minor release, as well as security updates. We’ve seen a massive increase in downloads every year. While we don’t distribute every version of Node.js, most of the downloads in Linux environments are provided by us.

Have you ever wondered how many people still use Node.js version?
Which countries consume Node.js the most?
What versions and distributions are the most popular?
What are the downloads of Node.js month by month?
Are they increasing, or are people moving away toward other technologies?

Let’s find out!

Get the awesome infographic here!
Node.js Binary Downloads

Note: If you want to compare, you can read Node by Numbers 2020 here.

In this article, you can find interesting data about the consumption of Node.js worldwide. the trends, spikes, and odds of the usage of the popular runtime that powers millions of applications.

These are the points to be discussed in this article:

Intro
A bit of History
Process: How is a new release created?
How does the distribution process work?
Stats!
Recent distributions supported
Traffic Peaks
Getting Involved
Conclusions

Introduction

First, let’s start with the basics:

_What is a binary distribution?
_

A binary distribution is a software package containing executables, binaries, or programs ready to be executed. In this case, it will be Node and NPM compiled executables.

_In what consists of the ‘Nodesource Node.js Binary Distributions’
_

Maintains availability and allows the usage of Node.js in production for the Linux community.
If you are installing Node.js in production on a Linux platform, there is a big chance that you are using NodeSource Node.js Binary Distributions.

why is this important?

Well, NodeSource Node.js binary distributions was downloaded over 90 million times worldwide last year. There are 90 million times people have been able to use, learn, and interact with Node.js thanks to this project.

Last month, it was downloaded +11 million times, and millions of applications and web pages are using it. Because of its availability, it has proven over the years to be the best source of installation and extensive use of Node.js packages in Linux, allowing the expansion of its use in the market.

_What kind of distributions are supported?
_

So right, as you can see, we support major Debian, Ubuntu, Redhat, CentOS, and Fedora releases and many different distributions based on those. As you can see, the list can’t go long, but we are always trying to add more there.

Also, if you are using code as infrastructure, the major recipes, formulas, or plugins that include Node.js installation usually work using Binaries distributions.

So if you’re using:

__Ansible__: https://galaxy.ansible.com/

__Chef__: https://supermarket.chef.io/

__Puppet__: https://forge.puppet.com/modules/puppet

__Salt__: https://github.com/saltstack-formulas/node-formula

You are already using binary distributions, and it is recommended to use the Node.js installer. That’s what the NPM documentation and the NodeJS official documentation say. So it’s proven to be the best source of installing these sectors.

A bit of History of Node.js Binary Distributions

_How NodeSource get involved in this project?
_

So, here are some essential milestones for the project:

It started with Chris Leajoining NodeSource in 2014.

Initially supporting Debian and Ubuntu with Node.js V12.

Added support for RHEL, Centos, Fedora, Oracle Linux, and Amazon Linux.

A script was created to ease the setup process. Later we created a script to make the installation process more manageable because you have to add the PPA manually. Now everything is automated!

Io.js was born and immediately supported.

In 2018 we started delivering Node.js in snap packages. A compatible format with multiple Linux distributions that you can use.

Since then, we have expanded support for many compatible Linux Distributions.

We support OpenJS Foundation and the Node.js project doing the same with every LTS and stable release the Node.js project has released.

Now let’s talk about how a new release is created.

Process – How is a new release in Node.js created

There are two processes involved when releasing a new version of Node.

The first comes from the node project itself.
The second is from the nodes or Node.js binaries distributions for the Linux operating system.

So it’s helpful to understand how the release lines work. All the releases are scheduled and planned. There are three stages on a Node version: Current, LTS, and the end of life.

Current NodeJS release line in the graph is colored green, as we can see here. And this space lasts for six months, from April to October.

LTS is an acronym for long-term support and is applied to release lines that will be supported and maintained by the Node.js project for an extensive period. LTS divides into two active and maintenance; Active is the blue, as we can see here. Maintenance is gray. Active is the one that lasts for 18 months. Maintenance is a release line that is the end of life. That means it will no longer be maintained and will not be patched with any known security vulnerability. When the version reaches the end of its life, it is very affectable to upgrade. The whole process lasts for three years.

Also, there are three types of releases:

Major release that is for incompatible API changes from version to version. A major release can also include changes that would normally be included in minor or patch releases.

Minor releases there include backward-compatible functionality changes.

Patch releases include nonbreaking bug fixes and security patches.

So every new LTS is a major release. This is the process for delivering a new version of Node.js.

How the release happens inside NodeSource

We already understand how a version is created. So, every time a new version is released, everything starts from Nodesource Slack. We already have an integration that notifies in a unique channel that a new version is available, so we have to get to work and update to a recent version. We also have some automation that makes our life easier: We have a bot, or infrastructure bot, called __Control Tower__. It’s something we use internally for all everything in our infrastructure.

Control Tower allows us to run a single command to generate a new version that will communicate with different pipelines we have in AWS called pipelines. And that will use AWS code build to build the package and all the packaging, generating all the different binaries we need to distribute Debian, rpm, and other formats.

After building those, it will push to Amazon’s S3 bucket, and from there, we will have an origin server that will serve all these packages for everybody in the world. That’s how it works.

It’s a semi-automated process with a lot of automation involved! Now, let’s see some fascinating statistics involved in this project.

Node by Numbers 2021 & 2022

NodeSource NodeJS binary execution was downloaded over 98,420,550 million times worldwide last year (2021), and the total download from this year from January to October is 80,442,890 million (2022).

This graph is a monthly download in terabytes 1TB. This year it was 2,135 TB of binaries distributions from January to October.

There is a noticeable increase in the tendency of downloads, and this year the downloads are even more remarkable. In just one year, the increase was about 4,7% in downloads.

2021 – 2,088.73 TB

2022 – 2,135.98 TB

Again, this is a lot of data, and we expect these numbers to keep increasing as the Node project expands.

Now we are going to analyze the numbers by version. This is very important. Let’s take a look.

As you can see, people are still getting old versions like V6, which was deprecated. Then we have V8 and V10 with a few people; others are using V12 and V14, and some are using V15 and V16. Now let’s go to analyze the current status.

So this is 2022, and as you can see, many people still use V12. But the good news is that most people are using V14 and v16. We can expect V18 to start growing, as it became LTS at the end of October, and it’s the latest LTS we support.

If you want to try these things on production, it’s really good to use stable versions; we always recommend using in production the latest LTS. Please read this article to understand why it is important and useful to try Node.js V18 LTS.

Now let’s see where those downloads are happening worldwide and where people consume Node.js most.

The top five countries consuming Node.js binary distributions between 2021 and 2022 were the US, Germany, France, the UK, Ireland, and the Netherlands.

In 2022 the top five countries were:
– United States 60.9%
– Germany 9.3%
– France 3.6%
– United Kingdom & Ireland 3.3%
– Netherlands 2.0%

Many South American countries consume binaries, including Brazil, Mexico, Argentina, and Colombia. The only African country on the list is South Africa. Let’s hope more countries keep using the amazing Node.js project! 💪

Traffic Peaks

As we can see in this image, at the end of October of this year, 2022, there was a release, reaching Oct 25 with Node 18 12,185 downloads, and every time there’s a new release in Node.js, there is a peak in downloads of binaries distributions.

October 18th – Node V19

October 25th – Node V18 LTS

For Node V19 we started having downloads on October 19 with 1,594 downloads that day.

__Note__: If you want to be aware of the important dates of the project, here you can consult the: Node.js Project Calendar

Recent distributions supported by NodeSource

Two types of deprecations could happen in our channels:

__When a Node version reaches the End Of Life__, which means you will not receive any security updates or book patches in the future. We always recommend that you stay in the currently supported version. One important thing to note is that we do not remove the old packages. Even if you use a pre-owned node version, you can still use NodeSource binaries distribution.

__When Linux Distribution goes End Of Life__, be aware that this is not a good practice because your Linux distribution, your operating system, is no longer receiving any security updates or support. So we always recommend keeping a proper maintenance version of your operating system (We do not remove the old packages).

Note: Check the ‘End-of-Life Releases’ HERE.

Please update your Node.js, or you will see this thing when you’re installing the Node.js version that you are trying to install. We always present this Deprecation warning, and we make you wait 20 seconds so you can read the message and realize that maybe you should be updating your Node.js version.

Today, many people are using no longer supported versions. About 46% of downloads of Node.js versions were no longer supported. We want to launch a campaign encouraging developers to upgrade their node version. #UpgradeYourNodeVersion

Behind the Data

There is still a surprising amount of downloads of outdated versions in 2021 (39%) and in 2022 (46%) – People should upgrade!

The downloads are focused mostly in the Americas and Europe (86,9%) in 2021 and were the same in 2022, and some regions are severely underrepresented, for example, Africa. The Middle East in 2022 is increasing the downloads.

The most downloaded versions in 2022 were version 14 for rpm and for deb (32% of Downloads). Followed by V12 with 26% of the downloads. Node V16 was downloaded 20%.

deb distributions are more consumed than rpm, as is expected.

In 2022, an exciting milestone was an increase of 13,6% in downloads of NodeSource Node.js Binaries Distributions. We expect continued growth in 2023.

Getting Involved

So, how can you get involved in this project? There are many ways to contribute.

First, you can go to this link: https://github.com/nodesource/distributions

In that link is the repository where the project is hosted, and you can submit an issue, comment, or pull request. And it’s related chiefly to supporting new distributions to upgrade a distribution or to create an update script to download a particular distribution.

Another way is to keep updated documentation. If a new version over distribution changes, it should also be updated on the docs. When you submit an issue or a pull request, suggestions could be made to keep it compatible with the rest of the distribution, and submissions are always working.

If you collaborate with this project for a few months, you can ask and be included in this repo as a collaborator 💪.

Conclusions

Using NodeSource Node.js distributions is the best and most recommended way to install Node.js in Linux for production environments.

NodeSource has delivered Node.js fresh to your Linux system via your package manager within hours, minutes, days, or weeks. For NodeSource, sustaining the community is essential because we want to support more people using Linux to have Node.js in production.

Also, we are looking for more community involvement in the project. So most of our scripts are open source, and as you can see, there’s a lot of activity in the report that we just mentioned in this article. Help will be appreciated! So if you have ideas or solutions or want to help us continue supporting open source, you can contribute to this GitHub Repo.

Please join us and be part of this magnificent project. Also, here are our channels to follow us and continue the conversation:

Twitter
LinkedIn
Github

As always, the best place to contact us is via our website or [email protected]

_Ready for more? _

If you are looking for NodeSource’s Enterprise-grade Node.js platform, N|Solid, please visit https://downloads.nodesource.com/, and for detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.

We We also know that as a start-up, you want ‘Enterprise-grade’ at a startup price, this is why we extend our product to small and medium-sized companies, startups, and non-profit organizations with N|Solid SaaS.

Please help us to reach more people and support use cases in Node.js. We care about the Node.js community! 💚You’re welcome to explore, read, and participate in this project.

Useful Links / References

Octoverse 2022
2022 Developer Survey Stack Overflow

N|Solid v4.8.3 is now available

NodeSource is excited to announce N|Solid v4.8.3 which contains the following changes:

Node.js v18.12.0 (LTS): Rebase of N|Solid on Node.js v18.12.0 (LTS)(see details below).

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide..

Changes

NodeSource is excited to announce N|Solid v4.8.3 which contains the following changes:

Rebase of N|Solid on Node.js v18.12.0 (LTS). This version of Node.js contains the following changes (see here for more details).

There are three available LTS Node.js versions for you to use with N|Solid, Node.js 16 Gallium, Node.js 14 Fermium and Node.js 18 Hydrogen.

N|Solid v4.8.3 Fermium ships with Node.js v14.20.1.

N|Solid v4.8.3 Gallium ships with Node.js v16.18.0.

N|Solid v4.8.3 Hydrogen ships with Node.js v18.12.0.

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.

The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.

The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:

Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008

macOS:
macOS 10.11 and newer

RPM based 64-bit Linux distributions (x86_64):

Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer

DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):

Ubuntu 16.04 and newer
Debian 9 (stretch) and newer

Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click here to start!

As always, we’re happy to hear your thoughts – feel free to get in touch with our team or reach out to us on Twitter at @nodesource.

Vite 4.0 released

#​618 — December 9, 2022

Read on the Web

JavaScript Weekly

Vite 4.0 Released — From the same creator as Vue.js, Vite is an exciting piece of frontend tooling offering lots of goodies out of the box: fast hot module replacement, instant server starts, optimized builds with Rollup, TypeScript and JSX support (more on why to use Vite here). You can even give it a quick spin online via vite.new.

Evan You and Vite Contributors

Anjana Vakil on the JavaScript Fundamentals — This video course covers the core skills needed to become a professional JavaScript programmer, including writing reusable code with functions, conditionals, fetching data from APIs, and more. It’s everything you need to continue your journey to become effective at JavaScript.

Frontend Masters sponsor

npm Gains New Security Features — GitHub continues its work in making the npm ecosystem safer. Two new things: granular access tokens so package owners can better control access to publishing workflows, and a new code explorer to look directly at the contents of packages from the official npm site.

Monish Mohan (GitHub)

Console Ninja: console.log Output Right Next to Your Code — A VS Code extension that displays console.log output and runtime errors next to your code. Jack Herrington recorded ▶️ a neat 6 minute intro showing it off recently.

Wallaby.js Team

IN BRIEF:

There’s a React documentary in production – ▶️ here’s the trailer.

AWS has unveiled Step Functions Distributed Map, a way you can run hugely parallel (up to 10,000 simultaneous executions) operations (written in JavaScript, perhaps) over data and documents stored on S3.

A quick look back 27 years to the launch of JavaScript in 1995.

📊 D3 7.7, the latest version of the popular data visualization framework, is out and I wanted to recommend looking at co-creator Mike Bostock’s notebooks if you want inspiration on using D3, a look at new features, etc. He posts interesting stuff.

The JS debugger in the latest VS Code release now supports console.profile for CPU profiling code, as well as nested sourcemaps.

RELEASES:

Rome 11Linter in urbe novissima sunt.

Storybook 7.0 beta 0

Rollup 3.7 – ES module bundler.

xv 2.0 – Zero-config Node test runner.

Nx 15.3 (A huge news update post.)

Ember 4.9

Bun 0.3 – The challenger JS runtime.

📒 Articles & Tutorials

Sandboxing with PartytownPartytown provides a way to run third party scripts within a Web Worker rather than on the main thread. Could this be used for sandboxing? Weston tried it out and concluded it’s not quite there.

Weston Ruter

Build a Mobile-Responsive Telehealth Pager App Using Stream’s Chat API — Build a responsive chat app with emojis/reactions, built-in GIF support, ability to edit/delete messages, direct & group chat, and more.

Stream sponsor

Is Prisma Better Than Your ‘Traditional’ ORM?Prisma has become a very popular ORM option in the Node space in recent years. The creator of the Practica Node starter app considers if Prisma makes sense as a universal ‘go to’ ORM. No, but..

Yoni Goldberg

When to Use gRPC vs GraphQL — A balanced comparison of two popular API protocols to see where each works best.

Loren Sands-Ramshaw

Breakpoints and console.log is the Past, Time Travel is the Future — 15x faster JavaScript debugging than with breakpoints and console.log, now with support for Vitest.

Wallaby.js sponsor

▶  A Discussion on Optimizing Your JavaScript with Rust — A chat with Vercel’s Lee Robinson at the recent Next.js conference.

Ben Popper podcast

🛠 Code & Tools

Codux: A Visual IDE for React — One of the co-founders of Wix introduces a new standalone tool to accelerate the React development process. It currently only supports Chromium-based browsers but you can take it for a test drive or learn more from its homepage.

Nadav Abrahami (Wix)

Harlem 3.0: Simple Extensible State Management for Vue 3 — Provides a simple functional API for creating, reading, and mutating state.

Andrew Courtice

Open Source Firebase Alternative for Web, Mobile, and Flutter Devs

Appwrite sponsor

JS Image Carver: Content-Aware Image Resizer and Object Remover — Uses the seam carving approach (if you’ve used ‘Content Aware Scale’ in Photoshop, you’ve seen it). The live demo on this one is fun to watch.

Oleksii Trekhleb

Civet: The CoffeeScript of TypeScript? — If you liked CoffeeScript back in the day, here’s the same idea in a modern TypeScript-oriented form.

Daniel Moore

Maska 2.1: Zero-Dependency Input Mask — Happy in vanilla situations, but can also integrate with Vue 2/3. GitHub repo.

Alexander Shabunevich

node-calls-python: Call Python from Node — One use case the author mentions is plugging into Python’s rich ecosystem of machine learning tools.

Menyhért Hegedűs

reduced.to: Open Source URL Shortening App Built with Qwik — The app itself is live at reduced.to but you might find it interesting as an example of a frontend built using the Qwik framework.

Ori Granot

📺 Yesterday, This Dot Media published Qwik’s creator Misko Hevery giving ▶️ a live coding introduction to Qwik – a useful way to get up to speed.

💻 Jobs

Software EngineerStimulus is a social platform started by Sticker Mule to show what’s possible if your mission is to increase human happiness. Join our engineering team.

Stimulus

Senior UI Dev — Join us and innovate with MicroFrontends, custom Node tools, build systems (Webpack/Github Actions), TypeScript, React, and more with a11y and DX in mind.

Vertex Inc

Find JavaScript Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.

Hired

Spacetime 7.3
↳ Lightweight JavaScript timezone library.

Partytown 0.7.3
↳ Run intensive third-party scripts in a worker.

Splitter 1.4
↳ React component for split views.

reveal-md 5.4
↳ Reveal.js presentations from Markdown files.

Mongoose 6.8
↳ MongoDB object modeling library.

React Tooltip 5.0

A new jQuery release for Xmas

#​619 — December 16, 2022

Read on the Web

🎄 This is the final issue of the year – we’ll be back on January 6, 2023. We hope you have a fantastic holiday season, whether or not you are celebrating, and we’ll see you for a look back at 2022 in the first week of January 🙂
__
Peter Cooper and the Cooperpress team

JavaScript Weekly

Announcing SvelteKit 1.0Svelte is a virtual DOM-free, compiled ahead of time, frontend UI framework with many fans. SvelteKit introduces a framework and tooling around Svelte to build complete webapps. This release post explains some of its approach and how it differs to other systems.

The Svelte Team

Dr. Axel Tackles Two Proposals: Iterator Helpers and Set Methods — Here’s something to get your teeth into! Dr. Axel takes on two promising ECMAScript proposals and breaks down what they’re about and why they’ll (hopefully) become useful to JavaScript developers. The first tackles iterator helpers (new utility methods for working with iterable data) and the second tackles Set methods which will extend ES6’s Set object.

Dr. Axel Rauschmayer

🧈 Retire your Legacy CMS with ButterCMS — ButterCMS is your new content backend. We’re SaaS so we host, maintain, and scale the CMS. Enable your marketing team to update website + app content without needing you. Try the #1 rated SaaS Headless CMS for your JS app today. Free for 30 days.

🧈 ButterCMS sponsor

🏆  The Best of Node Weekly in 2022 — In this week’s issue of Node Weekly (our Node.js-focused sister newsletter) we looked back at the most popular items of the year, including the Tao of Node, an array of JavaScript testing best practices, and the most popular Node.js frameworks in 2022.

Node Weekly Newsletter

jQuery 3.6.2 Released — Humor me. You might not be using jQuery anymore, but it’s (still) the most widely deployed JavaScript library and it’s fantastic to see it being maintained.

jQuery Foundation

IN BRIEF:

Node 19.3.0 (Current) has been released to bring npm up to v9.2. Breaking changes in v9.x warrant this update and the release post explains the current policy around npm’s ongoing inclusion in Node.

ƛ The Glasgow Haskell Compiler (GHC) has gained a new JavaScript backend meaning the reference Haskell compiler can now emit JavaScript and be used more easily to build front-end apps.

GitHub is rolling out secrets scanning to all public repos for free.

The New Stack reflects on 2022 as a ‘golden year’ for JavaScript and some of the developments we’ve seen. We’ll be doing our own such roundup in the next issue.

RELEASES:

Node.js 16.19.0 (LTS) and 14.21.2 (LTS)

Chart.js 4
↳ Canvas-based chart library. (Samples.)

PouchDB 8.0
↳ CouchDB-inspired syncing database.

SWR 2.0 – React data-fetching library.

📒 Articles & Tutorials

Why Cypress v12 is a Big Deal — A practical example-led love letter of sorts to how the latest version of the popular Cypress ‘test anything that runs in a browser’ library makes testing frontend apps smoother than before.

Gleb Bahmutov

Five Challenges to Building an Isomorphic JS Library — When it comes to JavaScript, “isomorphic” means code or libraries that run both on client and server runtimes with minimal adaptations.

Nick Fahrenkrog (Doordash)

▶  A Podcast for Candid Chats on Product, Business & Leadership — Join Postlight leaders & guests as they discuss topics like running great meetings & creating solid product launches.

The Postlight Podcast sponsor

Next, Nest, Nuxt… Nust?“This blog post is for everyone looking for their new favorite JavaScript backend framework.” If the names of frameworks are all starting to blur together in your head, this is for you. Marius explains just what systems like Next and Gatsby do and touches on a few differences.

Marius Obert (Twilio)

Calculating the Maximum Diagonal Distance in a Given Collection of GeoJSON Features using Turf.js — This is cool. Turf.js is a geospatial analysis library, by the way.

Piotr Jaworski

Optimize Interaction to Next Paint — How to optimize for the experimental Interaction to Next Paint (INP) metric — a way to assess a page’s overall responsiveness to user interactions.

Jeremy Wagner & Philip Walton (Google)

Need to Upgrade to React 18.2? Don’t Have Time? Our Experts Can Help — Stuck in dependency hell? We’ve been there. Hire our team of experts to upgrade deps, gradually paying off tech debt.

UpgradeJS.com – JavaScript Upgrade Services by OmbuLabs sponsor

How We Configured pnpm and Turborepo for Our Monorepo

Pierre-Louis Mercereau (NHost)

Rendering Emails with Svelte

Gautier Ben Aim

🛠 Code & Tools

Wretch 2.3: A Wrapper Around fetch with an Intuitive Syntax — A long standing, mature library that makes fetch a little more extensible with a fluent API. Check the examples.

Julien Elbaz

SWR 2.0: Improved React Hooks for Data Fetching — The second major release of SWR (Stale-While-Revalidate) includes new mutation APIs, new developer tools, as well as improved support for concurrent rendering.

Ding, Liu, Kobayashi, and Xu

Don’t Let Your Issue Tracker Be a Four-Letter Word. Use Shortcut

Shortcut (formerly Clubhouse.io) sponsor

vanilla-tilt.js 1.8: A Smooth 3D Tilting Effect Library — No dependencies and simple to use and customize. GitHub repo.

Șandor Sergiu

visx: Airbnb’s Low Level Visualization React Components — Bring your own state management, animation library, or CSS-in-JS.. visx can slot into any React setup. Demos.

Airbnb

Scene.js 1.7: A CSS Timeline-Based Animation Library — Plenty of examples on the site. Has components for React, Vue and Svelte.

Daybrush

PortalVue 3.0
↳ Feature-rich portal plugin for Vue 3.

Kea 3.1
↳ Composable state management for React.

jest-puppeteer 6.2
↳ Run tests using Jest + Puppeteer.

NodeBB 2.7 – Node.js based forum software.

Pino 8.8 – Fast JSON-oriented logger.

💻 Jobs

Software Engineer — Join our “kick ass” team. Our software team operates from 17 countries and we’re always looking for more exceptional engineers.

Stickermule

Developer Relations Manager — Join the CKEditor team to build community around an Open Source project used by millions of users around the world 🚀

CKEditor

Find JavaScript Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.

Hired

🎁 And one for fun

Snow.js: Add a Snow Effect to a Web Page — Well, it’s that time of the year (in some parts of the world!) If you’re more interested in how the effect is made, it’s inspired by this CodePen example built around some fancy CSS.

Or if you’re a bit more childish, you could always put Fart.js on your site.. 🙈

Merry Christmas to you all and we’ll see you again in 2023!

N|Solid v4.8.4 is now available

IMPORTANT: This release of N|Solid v4.8.4 contains a Node.js security release!

NodeSource is excited to announce N|Solid v4.8.4 which contains the following changes:

Node.js v14.21.1 (LTS): Includes a Node.js security release captured in Node.js v14.21.1 (LTS).
Node.js v16.18.1 (LTS): Includes a Node.js security release captured in – Node.js v16.18.1 (LTS).
Node.js v18.12.1 (LTS): Includes a Node.js security release captured in Node.js v18.12.1 (LTS).

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide..

Changes

NodeSource is excited to announce N|Solid v4.8.4 which contains the following changes:

This release includes patches for these vulnerabilities:

CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
CVE-2022-43548: DNS rebinding in –inspect via invalid octal IP address (Medium)

There are three available LTS Node.js versions for you to use with N|Solid, Node.js 16 Gallium, Node.js 14 Fermium and Node.js 18 Hydrogen.

N|Solid v4.8.4 Fermium ships with Node.js v14.21.1.

N|Solid v4.8.4 Gallium ships with Node.js v16.18.1.

N|Solid v4.8.4 Hydrogen ships with Node.js v18.12.1.

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.

The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.

The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:

Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008

macOS:
macOS 10.11 and newer

RPM based 64-bit Linux distributions (x86_64):

Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer

DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):

Ubuntu 16.04 and newer
Debian 9 (stretch) and newer

Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click here to start!

As always, we’re happy to hear your thoughts – feel free to get in touch with our team or reach out to us on Twitter at @nodesource.

N|Solid v4.9.0 is now available

NodeSource is excited to announce N|Solid v4.9.0 which contains the following changes:

This version of N|Solid contains amazing features like M__achine Learning support__ and SBOM support (Software Bill of Materials) , it also contains the latest Node.js versions: v14.21.1 (LTS), v16.18.1 (LTS) and v18.12.1 (LTS), few updates and stability improvements.

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide..

Changes

NodeSource is excited to announce N|Solid v4.9.0 which contains the following changes:

Machine Learning support: this feature contains common Node.js issues detection powered by machine learning analysis, also allows the users to train custom models to be used to detect similar patterns in your applications metrics, the machine learning detection is also integrated with the global notification system and the events logs.

SBOM support (Software Bill of Materials): N|Solid has added support for SBOM reporting in all applications connected to the N|Solid console, the report is offered in two formats: JSON and PDF, it contains the information for the dependency inventory of an specific application; it includes valuable information lik licensing and the security status for each dependency used.

There are three available LTS Node.js versions for you to use with N|Solid, Node.js 16 Gallium, Node.js 14 Fermium and Node.js 18 Hydrogen.

N|Solid

N|Solid v4.9.0 Fermium ships with Node.js v14.21.1.

N|Solid v4.9.0 Gallium ships with Node.js v16.18.1.

N|Solid v4.9.0 Hydrogen ships with Node.js v18.12.1.

Node.js

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.
The Node.js 16 Gallium LTS release line will continue to be supported until September 11, 2023.
The Node.js 18 Hydrogen LTS release line will continue to be supported until April 30, 2025.

Supported Operating Systems for N|Solid Runtime and N|Solid Console

Please note that The N|Solid Runtime is supported on the following operating systems:

Windows:

Windows 10
Microsoft Windows Server 1909 Core
Microsoft Windows Server 2012
Microsoft Windows Server 2008

macOS:
macOS 10.11 and newer

RPM based 64-bit Linux distributions (x86_64):

Amazon Linux AMI release 2015.09 and newer
RHEL7 / CentOS 7 and newer
Fedora 32 and newer

DEB based 64-bit Linux distributions (x86_64, arm64 and armhf):

Ubuntu 16.04 and newer
Debian 9 (stretch) and newer

Alpine
Alpine 3.3 and newer

Download the latest version of N|Solid

You can download the latest version of N|Solid via http://accounts.nodesource.com or visit https://downloads.nodesource.com/directly.

New to N|Solid?

If you’ve never tried N|Solid, this is a great time to do so. N|Solid is a fully compatible Node.js runtime that has been enhanced to address the needs of the Enterprise. N|Solid provides meaningful insights into the runtime process and the underlying systems. Click [here]