Playing in the sandbox

zx 7.2: A Tool for Writing Better Shell Scripts — Always a popular tool when we link it! zx is an alternative way to run Node that makes it more useful for shell scripting by bringing along a variety of niceties like process management, argument handling, and including useful packages like Chalk for text coloring. v7.2 adds retry and spinner helpers (for retrying callbacks and showing a spinner UI element, respectively).

Google

Sandbox Security Concerns with Node’s vm Module — node:vm lets you compile and run code within separate contexts of the underlying V8 engine. Great for sandboxing, right? Not so fast. Even the docs say it’s not for running untrusted code. Liran looks at the implications.

Liran Tal

Experiments in Mitigating Serverless Cold Start Delays — If you’re using Node for serverless functions on Vercel or Netlify, is a ‘cold start’ delay still a thing, and would frequently pinging a function mitigate against it? Due to how Vercel and Netlify specifically work, those pings may not be as useful as you’d suspect..

Punit Sethi

Sandboxing JavaScript Code — Val Town is an interesting, rather minimalist platform for running JavaScript in the cloud, and if you’re going to let folks run JavaScript on your server, good sandboxing is a must – they use Node and vm2 (well, for now anyway.) Andrew’s route to V8 sandboxing bliss, however, was Deno rather than Node, as he demonstrates here.

Andrew Healey

Remult: A CRUD Framework for Full-Stack TypeScript — Promises a ‘zero-boilerplate’ CRUD API experience by using your TypeScript entities as a single source of truth for your API, frontend type-safe API client and backend ORM. There are tutorials for using it alongside React, Angular, Vue and Next.js.

Remult Team