On January 10th, the team behind Node.js announced 4 security vulnerabilities that affected four versions of this JavaScript engine. Even though none of them was of high severity, it nevertheless is important to note that all maintained versions need to be upgraded. This is a bit problematic, since not always can one upgrade their production environments without a hiccup.
The Bottom Line
If you are running an old version of Node.js on your machine, or on your server, it is necessary to upgrade it to be safe. Find a download link for your OS, or installation instructions here.
The links to the reports:
Astro.js used to be purely a movement of individuals, who believed in a healthier internet, free from massive JavaScript bundles. Since last week, “The Astro Technology Company” is now leading the efforts, and took over the ownership of the repo of the promising tool.
The Bottom Line
The web, as we know it, is not in an ideal shape. Websites ship lots of JavaScript to users because it is the easy thing to do for the development teams. Even though search engines, such as Google, punish enormous downloads, it does not stop businesses from sending unnecessary code to users. Astro.js comes in, and eliminates all the unnecessary bloat by itself. One does not even need to learn React, Vue, or Svelte – you may use Astro components, which is HTML on steroids. A little side note: Astro does not support Angular.
January is a special month, where we still reflect upon what happened last year. Red Hat thinks so as well, as they shared their summary of their usage of Node.js last week.
There are a few points, that are worth bringing up.
The Bottom Line
The active participation in Node.js community life is important, as Red Hat has considerable resources to dedicate to the development of this important tool. Many big companies are already involved in the development of this JavaScript tool. It is important that equilibrium is maintained, and no company has a clear advantage.
The company also helps developers in professional development and attracting new developers to the area with their reference guides.
Docker SSO was massively requested by the clients. The company behind, e.g., Docker Hub, listened and introduced the feature for their “Business-tier” clients.
Thanks to this feature, companies may easily onboard new users, and manage their accounts, at a large scale. The requirement is using SAML, and Azure Single Directory Identity Provider.
The Bottom Line
Many large companies will likely be pleased about the feature. Making the feature widely available makes management at scale much easier. Another winner is Microsoft, as it is a requirement to use their cloud service.
.svg){kind=small}
