Hi Everyone! Thanks for keep reading this weekly newsletter on my open source endeavors. This week edition is centered on a new supply chain vulnerability affecting a lot of languages/compilers/runtimes, a new feature coming in Fastify v4 and some docs for pino.
A new week start and a new supply chain attack become possible. This one is a tricky, subtle one that attacks humans by making the code they read different from the code it is excuted. Read up the paper at:
Then the GitHub response to it:
And finally what is the Node.js stance in all of this. If you do not bother to read all of this, there is a link with a script included that you should be including in your security scans:
Here is the script you can use to sanitize/check your codebase.
This week I’m so proud to announce that Fastify v4 will finally solve the number one feature requested by typescript users: the ability to automatically derive the JSON schemas from types (and viceversa) and have it all wired up automatically to reduce the boilerplate to a minimum.
The following PR brings the dream of every TypeScript fan close to reality: request parameters, query and body validated and typed correctly, just by writing TypeScript. Check it out, it will be part of Fastify v4:
This amazing work was done by @sinclairzx81, the amazing developer behind typebox, check it out if you want to use TypeScript and Fastify together for awesome data validation.
Check out Manuel Spigolon blog post on how to handle multipart uploads with Fastify:
A few people have been opening issues about how to fix the prettyPrint deprecation in pino@7. I have been working hard on the the docs to improve this.
Here is an oldish article from Shawn about REST vs GraphQL that I set aside some time back.. I would call it a classic, take a look.
What would be needed to get an interview at a big tech company? Apparently a lot of buzzword. This twitter thread explains why it’s normal and you should not be surprised.