An Active Typosquatting Campaign Targeting npm Users — Security supply chain company Phylum detected a campaign to ‘typosquat’ against a variety of high profile packages. The idea behind typosquatting is that you claim package names similar to others, such as ‘expresss’ for express or ‘ignroe’ for ignore. The discovered packages were removed from the npm registry but this is an issue to keep an eye out for.
Louis Lang (Phylum)
Axios 1.0: A Reasonably Popular HTTP Client Library — We thought you’d like an understatement.. 😁 With 96k GitHub stars and a presence in many thousands of apps, Axios is very popular and it’s amazing it’s just now reached 1.0. The Fetch API has taken much of its thunder, but like jQuery, it wraps up a lot of functionality into a broadly liked API. v1.0 has lots of minor tweaks and enhancements, but is mostly business as usual. (Official homepage.)
Axios Project
Announcing TypeScript 4.9 Beta — This is a very ‘satisfy’-ing update that introduces the satisfies operator for when you want to validate a type of an expression matches some type but without changing the actual resulting type. The in operator also becomes more powerful when narrowing types with unlisted properties.
Daniel Rosenwasser (Microsoft)
🛠 Code & Tools
zx 7.1: Google’s Tool for Easier Scripting with Node.js — The idea is simple: use JavaScript instead of bash or similar shell scripting. zx smoothes off the rough edges (see the README for examples). v7.1 introduces a new --install option that will detect and install all required/imported packages for a script making it even easier to use.
Google
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers. Hired
