JavaScript trademark; Babel 7.19.0; Rome Tools 0.9.0; npm supply chain security; package scripts

ES.nextNews: the latest in JavaScript and cross-platform tools
Curated by Dr. Axel Rauschmayer and Johannes Weber.

ES.next News

The latest in JavaScript and cross-platform tools

Dear Oracle, please release the JavaScript trademark
tinyclouds.org github/ry

JavaScript was announced on 4 December 1995. The company Sun (where Java was created) filed a trademark for “JavaScript” on 1 December 1995. Since then, Oracle bought Sun and now owns the trademark.

Ryan Dahl, the creator of Node.js and Deno, argues: “The trademark has no commercial value. [...] Nevertheless [it] is a dark cloud looming over the world’s most popular programming language. Careful law abiding engineers bend over backwards to avoid its use - leading to confusing terms like ECMAScript. [...] Oracle, please release the JavaScript trademark.”

Babel 7.19.0: Stage 3 decorators and more RegExp features
babeljs.io @babeljs

Highlights of this release:

New default values reflect the stabilization of the proposals for decorators and Records/Tuples.
A new version of @babel/plugin-proposal-decorators tracks the changes that were made to the decorators proposal when it advanced to stage 3.
Babel now supports the proposal “RegExp duplicate named capturing groups”, which allows re-using the same group name in alternative RegExp branches.

Rome Tools 0.9.0
github.com @rometools

Highlights of this release:

Better formatting for JSX, TypeScript and JavaScript
Format via CLI using standard input
New lint rules and various fixes for the existing ones
New core architecture
Better Visual Studio Code support

npm best practices for the supply chain
openssf.org @MylesBorins, @ljharb, @jeffmendoza, @erezrokah, @lsim99, @liran_tal, @theopenssf

“The guide provides an overview of supply chain security features available in npm, describes the risks associated with using dependencies, and lays out best practices to reduce those risks at different project stages. The guidelines cover, for example, how to set up a secure CI configuration, how to avoid dependency confusion, and how to limit the consequences of a hijacked dependency. Developers who follow this guide will proactively harden their npm packages against the most common supply chain attacks.”

Running cross-platform tasks via npm package scripts
2ality.com @2ality

package.json has the property "scripts" which lets us define package scripts, small shell scripts that perform package-related tasks such as compiling artifacts or running tests:

{
  ···
  "scripts": {
    "tsc": "tsc",
    "tscwatch": "tsc --watch",
    "tscclean": "shx rm -rf ./dist/*"
  },
  ···
}

Package scripts are executed via npm run – for example, we can execute the first script via npm run tsc.

This blog post explains package scripts and how we can write them so that they work on both Windows and Unixes (macOS, Linux, etc.).

Looking for deeply qualified employees or customers? Advertise on ES.next News!
ES.next News reaches over 14,000 highly skilled and motivated developers. We take their trust seriously and have high editorial standards.
Check out our media data and get directly in touch with us.

Follow on Twitter

This email was sent to {{ email | default }}. Want to change how you receive these emails?
You can unsubscribe from this list