Introducing “safe npm”, an npm wrapper by Socket
“Safe npm” by Socket transparently wraps the
npm command and protects users when they execute
npm install, from “malware, typosquats, install scripts, protestware, telemetry, and more – 11 issues in all”.
- Support env variables replacement in HTML files
- Sourcemaps improvements
- ESM subpath imports
- TypeScript 5 support
- esbuild 0.17
- Use Rollup types from the vite package
Turbowatch: fast file change detector and task orchestrator for Node.js
Turbowatch is similar to Nodemon, but provides a few additional features such as a Node.js API. It is written in TypeScript.
Quoting the project’s readme:
If you are working on a very simple project, i.e. just one build step or just one watch operation, then you don't need Turbowatch.
Turbowatch is designed for monorepos or otherwise complex workspaces where you have dozens or hundreds of build steps that depend on each other (e.g. building and re-building dependencies, building/starting/stopping Docker containers, populating data, sending notifications, etc).
Defendify is an award-winning, all-in-one cybersecurity platform developer, looking for a senior full stack engineer to join full-time. This is a unique and exciting opportunity as Defendify continues to rapidly expand its groundbreaking platform, especially designed for the non-enterprise.
Node.js security progress report: permission model merged
Quote: “February included several major steps forward in improving Node.js security. We merged the Permission Model which we built over the past 8 months. This will make Node.js more secure by allowing the user to restrict machine resources, such as file system. More information will be provided on Node.js v19.9.0 release.”