InfoQ Homepage JavaScript Content on InfoQ
-
Malicious PyPI Package Removes netstat, Tampers with SSH Config
A recent report by Sonatype security researcher Ax Sharma highlights newly discovered malicious packages on the PyPI registry, including aptx, which can install the Meterpreter trojan disguised as pip, delete the netstat system utility, and tamper with SSH authorized_keys file.
-
Software Security Report Finds JavaScript Applications Have Fewer Flaws Than Java and .NET
Veracode's State of Software Security report for 2023 found that there is a 27% chance within a given month that security flaws will be introduced into an application. The report also found that JavaScript applications on average have fewer flaws and faster flaw resolution than Java and .NET applications.
-
Vercel Launches Edge Functions to Provide Compute at the Edge
Recently, Vercel announced the general availability of Edge Functions, which are either JavaScript, TypeScript, or WebAssembly functions. According to the company, these functions are generally both less expensive and faster than traditional Serverless Functions.
-
Vite 4 Released, Replaces Babel with Faster Rust-Based SWC
The team behind the Vite frontend build tool recently released Vite 4.0, 5 months after Vite 3.0. The new version is motivated by the breaking upgrade from Rollup 2.0 to 3.0. Vite 4.0 also adds support for SWC, a Rust-based bundler that claims order-or-magnitude speed improvement over Babel.
-
Enhance, SSR for Web Components - Brian Leroux at QCon San Francisco 2022
Brian Leroux, CTO at Begin, recently introduced Enhance, a new HTML framework, at QCon San Francisco. Enhance heavily lies on web standards and progressive enhancement for future-proof web applications. Enhance provides file-based routing, reusable Custom Elements, a customizable utility CSS system, and mapped API data routes that get deployed to isolated, single-purpose cloud functions.
-
AWS Lambda Now Has Support for Node.js 18 Runtime
Recently AWS announced that Node.js version 18 supports its Function as a Service (FaaS) AWS Lambda and is in active LTS status (ready for general use).
-
Critical Vulnerability in VM2 Sandbox Found Affecting Spotify Portal Platform Backstage
Spotify Backstage, an open-source platform used to build developer portals and in use at a number of large companies, has been found vulnerable to a critical remote code execution vulnerability. Confirming that most vulnerabilities are found in indirect dependencies, the Backstage vulnerability is enabled by another vulnerability found in its JavaScript VM2 sandbox dependency.
-
JetBrains Previews Aqua, New Test Automation-Oriented IDE
JetBrains Aqua, now available in preview, is a new IDE focusing on test automation and integrating a number of distinct tools that are at the core of an automation engineer's daily routine, says JetBrains. Its features include multi-language support, an HTTP client and a Web inspector, database management, integrated Docker support, and more.
-
Vanilla Extract - a Modern CSS in JS Library
Vanilla Extract is a new "CSS in JS" library that offers type safety, good theming support, and plenty of extensions, making it an exciting alternative to existing solutions such as Styled Components.
-
Angular 15 - Standalone Components are Stable
Google recently released Angular 15, the latest version of their popular SPA framework. The update includes a stable API for standalone components alongside several other significant improvements.
-
All-in-One, Integrated Front-End Toolchain Rome Released V10, Dubbed First Stable Release
The Rome team recently announced Rome v10, dubbed the first stable release since a Rust rewrite. The new release includes a small part of the all-in-one toolchain that Rome envisions, namely the linter and formatter. The Rust-based tools according to first benchmarks provide between one and two orders of magnitude improvement vs. ESLint and Prettier. The tools are available as a VSCode extension.
-
Dynamic Web Apps without JavaScript - HTMX Showcase at DjangoCon and Devoxx
DjangoCon and Devoxx Belgium recently reported examples of interactive web applications developed without JavaScript developers. The showcased htmx HTML-first framework seems to target those applications that mainly propose a friendly interface to CRUD operations over remote resources. In one case, the team was able to remove the JavaScript developer.
-
Container Queries, Next Step Towards Truly Modular CSS - Maarten Van Hoof at Devoxx Belgium
Maarten Van Hoof, senior front-end developer at iO, recently explained at Devoxx Belgium how CSS container queries facilitate modular, component-based responsive web applications. With container queries, micro-front-end components can adjust their internal layout independently from the other components on the page.
-
Lessons Learned: Emotion Library Maintainer Explains Why Company No Longer Uses Runtime CSS-in-JS
Sam Magura, staff software engineer at Spot and active maintainer of the CSS-in-JS Emotion library, recently detailed why Spot abandoned the runtime CSS-in-JS library Emotion in favor of Sass modules: Runtime overhead, payload overhead, and server rendering issues contributed to a lesser user experience.
-
New Qwik JavaScript Framework Seeks Faster Web Apps with Unique Approach: Resumability
Misko Hevery, creator of AngularJS, recently announced the beta availability of Qwik, his new web framework. Qwik claims to build applications that feel fast regardless of application size. In most cases, Qwik first downloads only 1 KB of JavaScript. Event handlers and application code are lazy-loaded and prefetched as needed.