Bun.sh and other Adventures in Nodeland - Issue #67

                            July 12, 2022

                Bun.sh and other Adventures in Nodeland - Issue #67

                        Hi Folks, how are you doing? I’m starting to plan the launch of some new OSS in the fall… I can’t wait to share it all with you. Anyway, here are my notes for last week!

      Fastify

mercurius v10.1.0 adds support for receiving headers from subgraphs and updates several dependencies.

fastify-cli v4.3.0 adds support for JavaScript config files.

@fastify/deepmerge v1.1.0 improves the module’s performance and adds an arrayMerge option.

fastity-type-provider-typebox v2.1.0 adds a a new extremely fast validator built on top of TypeBox which boasts on average a +50% validations/s than Ajv.

@fastify/csrf v5.1.0 brings improved performance and better typings.

csrf-protection v5.1.0 updates to latest @fastify/csrf and moves to use the synchronous random bytes generators as it’s faster.

fastify-cli v4.4.0 adds support for server options via ESM

fast-json-stringify v5.1.0 replaces deepmerge with @fastify/deepmerge for additional performance and it fixes some validation issues for date/time as well as arrays.

avvio v8.2.0 fixes a tricky bug that could cause a forked promise chain to wait for a loaded plugin. See this issue for the full context.

      Node.js

readable-stream v4.1.0 makes abort-controller lazy-required.

Security updates are now available for the v18.x, v16.x, and v14.x Node.js release lines for the following issues:

HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in –inspect via invalid IP addresses (High)(CVE-2022-32212)
DLL Hijacking on Windows (High)(CVE-2022-32223)
Attempt to read openssl.cnf from /home/iojs/build/ upon startup (Medium)(CVE-2022-32222)
OpenSSL - AES OCB fails to encrypt some bytes (Medium)(CVE-2022-2097)

      News

I’ve been following Jarred journey in building Bun for the last year or so. Bun is a delight.. and it plans to have Node.js and NPM compatibility! I can’t wait to see what you all will build with it.

Bun is a fast all-in-one JavaScript runtime
Bundle, transpile, install and run JavaScript & TypeScript
        projects – all in Bun. Bun is a new JavaScript runtime with
        a native bundler, transpiler, task runner and npm client built-in.

bun.sh

Bun is a fast all-in-one JavaScript runtime
Bundle, transpile, install and run JavaScript & TypeScript
        projects – all in Bun. Bun is a new JavaScript runtime with
        a native bundler, transpiler, task runner and npm client built-in.

bun.sh

My ex-colleague Paolo Insogna wrote a great piece on readable-stream@4, summing up all the updates and improvements we shipped in Node.js streams in the last few years. Check it out.

Introducing readable-stream 4.0.0 - NearForm
readable-stream is an NPM package which aims to make the latest Node.js stream module available to users regardless of the installed browser or Node.js version. It is one of the most depended-upon modules on npm with 20M daily downloads.

www.nearform.com

What if you could run the VS Code UI locally but develop remotely? I’m really excited for all the possibility that VS Code Server will bring! 

The VS Code Server
July 7, 2022 by Brigit Murtaugh, @BrigitMurtaugh A remote present and future# In 2019, we released the Remote Development extensions, which let you use VS Code locally to develop applications “remotely” on the Windows Subsystem for Linux (WSL), in Docker containers, and on remote physical or virtual machines you manage over SSH.

code.visualstudio.com

                            Don't miss what's next. Subscribe to Adventures in Nodeland: