#404 — September 9, 2021 | Read on the Web | Node v16.9.0 (Current) Released with Experimental Package Manager Manager — A big addition this time out is Corepack, a new experimental tool for managing package managers directly within the Node distribution itself (as already used to occur with npm but could now be Yarn or pnpm instead). V8 also moves up to V8 9.3 with error cause support and Object.hasOwn . Michaël Zasso | How an npm Package with 3M Weekly Downloads Had a Severe Vulnerability — It’s not every day a publication as mainstream as Ars Technica covers Node news, but security researcher Ax Sharma has put together a good story about a significant vulnerability in pac-resolver . Ars Technica | Fauna: A Modern Serverless Data API for Node.js Apps — Fauna combines the schema flexibility that’s provided by document databases with ACID compliant transactions. Quickly integrate Fauna into your applications with our Data API and leave scaling, sharding and all other operations to Fauna. Fauna sponsor | Common npm Mistakes Every Developer Should Avoid — Learn how to avoid common mistakes when managing dependencies, publishing packages, and more. Bhagya Vithana | GitHub Security Update: Vulnerabilities in tar and @npmcli/arborist — GitHub has received reports via a private security bug bounty program about code execution vulnerabilities in tar (the npm package) and @npmcli/arborist so they’re strongly recommending upgrading both npm to 6.14.15 or 7.21.0 or newer and tar , if you use it in your projects. Mike Hanley (GitHub) | An Intro to Web Scraping with JavaScript and Node — Leans on Axios (to fetch HTML over HTTP), Cheerio (a jQuery-a-like for querying Web documents), and Playwright (to automate a browser). Ander Rodriguez | Simple Concurrency in Go for Fans of JavaScript's Promise.all — If Go is a language that interests you, you can both see how a common JavaScript concept translates over and.. you can check out our Go newsletter ;-) Nate Anderson | Stream Video in Your Node App in Two API Calls Mux sponsor | Trace-Based Testing with OpenTelemetry: Meet Malabi — An introduction to Malabi, a new OpenTelemetry-based test framework that lets you do what they’re calling trace-based testing for verifying interconnectivity issues between distributed services. Michael Haberman | Why Electron Apps Are Fine — While Niels agrees with many common criticisms of Electron, his users don’t care, and he says you shouldn’t care either. Niels Leenheer | 🛠 Code & Tools bundle: A Quick npm Package Size Checker — Enter a package name, then hit the “run” button and this tool will give you the minified, bundled, and gzipped size of the package. Okiki Ojo | Renamer 4.0: Rename Files in Bulk — A Node powered CLI tool but with the interesting addition that you can write a replace function in JavaScript to perform more complex renames. Lloyd Brookes | is-reachable: Check If a Server Is Reachable — Another library from Sindre’s immense catalogue. This library simply does a TCP handshake with a specified target to see if a server is at least ‘reachable.’ Before that, maybe you can use is-online to work out if you’re even online in the first place? ;-) Sindre Sorhus | Auth Without Complexity Userfront sponsor | timefind: Search a Web Site's History — A Node-based tool (which you can use from the terminal) for quickly flipping through the Web Archive’s snapshots. Nathan Manceaux-Panot | cron-parser 4.0: Node Library for Parsing cron Rules — cron is a commonly used mechanism on Unix-based systems for running recurring tasks and such tasks are defined in a very specific format. This package lets you parse this format for your own ends. Harri Siirak | Boilerplate to Kickstart Creating an npm Package using TypeScript — The self descriptively named typescript-npm-package-template gives you a quick launchpad for creating your own TS powered npm package. Ryan Sonshine | ssh2 v1.4: Pure JavaScript SSH2 Client and Server Modules for Node Brian White | Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It's free for job-seekers. Hired | | |