~nodeweekly | Issue 536 - A snapshot of what's new in Node (9)

Eicrud: A CRUD/Authorization Framework Based on NestJS — Extends NestJS / Fastify, and works with MikroORM, CASL and class-validator. GitHub repo.

super-regex: Timeout Long Running Regular Expressions — Many regular expression implementations suffer from so-called ReDoS vulnerabilities, where certain regexes can cause an excessively long evaluation time. super-regex introduces the ability to have regexes timeout when they take too long.

Electron 31.0.0: The Cross Platform Desktop App Framework — Chromium gets bumped to v126, V8 to v12.6, and Node.js to v20.14.0. WebSQL support finally gets removed.

Node v22.3.0 (Current) Released — One of those releases where lots of tiny things have occurred, but little of broad significance, except… for snapshot testing! Snapshot tests serialize arbitrary values into string values to be compared against a set of pre-built known ‘good’ values (stored as a ‘snapshot’ representing a desired state).

Researchers Uncover npm Registry Vulnerability to Cache Poisoning — The basic idea is that specific versions of target packages can be targeted to appear as if they are no longer available for brief periods of time. This isn’t a huge vulnerability, but still an important one that GitHub is fixing.

Dual Publishing ESM and CJS Modules with tsup and 'Are the Types Wrong' — tsup makes it easy to bundle TypeScript libraries, and Are the Types Wrong? is a tool to analyze packages for issues with their TypeScript types, particularly ESM-related module resolution issues.

What Happens When a Major npm Library Goes Commercial? — The ua-parser-js library is commonly used to parse user agent strings and gets over 12 million downloads a month, but it has recently switched to AGPL+commercial licensing.

WorkOS: Enterprise-Grade Auth You Can Implement in Minutes — Like an enterprise plan in a box: WorkOS provides flexible, easy-to-use APIs to integrate SSO, SCIM, Audit Logs, User Management, and RBAC. It's used by some of the hottest startups including Perplexity, Vercel, & Webflow. Future-proof your auth stack with WorkOS.

Transformational Auth & Identity | Userfront — "Compared to our previous experiences in the security/auth space, Userfront is an order of magnitude simpler to use."