📦 Broken packages

January 13, 2022 By Mark Otto 0

JavaScript Developer Breaks Two Popular npm Packages — The creator of Faker.js and colors.js, two packages we’ve mentioned quite often, made some unorthodox commits to his projects recently that caused them to either disappear or break in interesting ways which resulted in GitHub suspending his access at one point. To be blunt, you want to be finding alternatives. The Register’s writeup is, perhaps, one of the more colorful. Dependencies continue to be risky and this story will surely trundle on.

Thomas Claburn (The Register)

AppSignal Speaks Louder Than Words — AppSignal helps you inspect and improve the performance of your Node.js applications. Enhance your customer’s experience, and make sure your apps stay performant. We’ll tell you which piece of code to look at.


What npm Should Do Today to Stop a New Colors Attack Tomorrow“A misfeature in NPM’s design means that as soon as the sabotaged version of colors was published, fresh installs of command-line tools depending on colors immediately started using it, with no testing that it was in any way compatible with each tool. (Spoiler alert: it wasn’t!)” — Russ explains how Go’s approach could avert such an issue.

Russ Cox

NAPI-RS 2.0: A Minimal Library for Building Node Addons in Rust — A nifty way to ‘Rustify’ Node and build pre-compiled Node.js addons in the popular systems language. v2 introduces a new macro API for defining JS values in Rust and makes the Rust code far easier to write. Async functions are now also supported, which is dope. Neon explores similar ideas in this space.


Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.

🛠 Code & Tools

Robots Parser 3.0: A robots.txt Parser — If you’re scraping or otherwise making automated requests to other people’s sites, abiding by their robots.txt rules is a good practice, and this could help you figure it out.

Sam Clarke et al.

active-win 7.7.0: Get Metadata About the Active Window — You can use this to get the title, width, height, x and y of the currently active window. Maybe useful for building your own productivity tracker or something? Now supports Apple Silicon natively.

Sindre Sorhus

The Official MongoDB Node.js Driver v4.3.0 — Adds SOCKS5 support and key auto-completion support and type hinting on nested documents if you use TypeScript (all explained in these release notes).

MongoDB, Inc.

TypeScript Express Starter App 7.0 — A boilerplate app generator for getting a RESTful API up and running quickly on top of things like PM2, SWC, and Docker. You can choose from sub-templates covering the basics, using Sequelize, Mongoose, TypeORM, Prisma, or Knex too.