ISSUE #177

Lodash Vulnarabilities, V8 New Release, JS Getters, and more


Rambda.js: Functional Done Right

I run a screencast series exploring the JavaScript language, frameworks and libraries. A new video comes out every weekend. This week's video is devoted to one of the greatest functional libraries out there. We talk about its distinct features and try some examples. đź‘‹ For the WeekendJS subscribers, this link will give you 22% off.


Snyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodash

The popular npm library is used by 4.35 million projects on GitHub alone. Just shy of 40k GitHub project stars, the library is downloaded over 80 million times each month. Needless to say, a high severity vulnerability in a library as popular as lodash affects a large proportion of npm users.

NPM Inc settles union-busting complaints on third try – after CEO trolled for ordering internal mole hunt

JavaScript package registry NPM Inc and three fired employees locked in a labor rights battle reached a settlement on Friday, The Register has learned. The deal was brokered during a third round at negotiations after a second series of talks broke down earlier last week. The trio of former staffers – Graham Carlson, Audrey Eschright, and Frédéric Harper – had formally accused NPM Inc of union busting in a complaint to the US National Labor Relations Board.

V8 release v7.6

Today we’re pleased to announce our newest branch, V8 version 7.6, which is in beta until its release in coordination with Chrome 76 Stable in several weeks. V8 v7.6 is filled with all sorts of developer-facing goodies. This post provides a preview of some of the highlights in anticipation of the release.


TypeScript & JavaScript Getters and Setters: Are they useless? | Khalil Stemmler

In this blog post, we talk about the utility of getters and setters in modern web development. Are they useless? When does it make sense to use them?

ES proposal: public class fields

This blog post is first in a series of posts on fields in classes. Fields are about creating properties and similar constructs from inside the bodies of classes.


Functional JavaScript: What are higher-order functions, and why should anyone care?

“Higher-order function” is one of those phrases people throw around a lot. But it's rare for anyone to stop to explain what that means. Perhaps you already know what a higher-order function is. But how do we use them in the real world? What are some practical examples of when and how they're useful? Can we use them for manipulating the DOM? Or, are people who use higher-order functions showing off? Are they over-complicating code for no good reason?


Build A Decentralized Chat Using JavaScript & Rust (WebAssembly) | Kenta Iwasaki

Countless hours have to be spent worrying about malicious users, secure p2p networking, security, and even governance when it comes towards building a Dapp. To combat this, we at Perlin have created…

Randomness and Entropy in Node and Electron | Qvault

Randomness is a hard problem for computers. For this reason most functions that generate randomness are not considered cryptographically secure. That means that it is possible that an attacker can take a good guess at what number a non-secure randomness generator generated.

Building a Realtime Multiplayer Game with Deepstream | Moriz BĂĽsing

Back in 2016, we were tasked with showcasing the newest Chrome version that supports the WebVR spec. WebVR is a technology that allows you to connect VR devices to your Browser and experience VR…

Improving Redux state transfer performance with JSON.parse(), a quick case study

TLDR: Turning Redux state into a JavaScript string you can parse with JSON.parse() instead of an object literal, or inert script tag, appears to be significantly faster than other approaches for sending Redux store state to the browser.


Setting Up Visual Studio Code For Front_End_Development!! | Akash Rajvanshi

Visual Studio Code (Vs-Code) is a source code editor developed by Microsoft that can be run on all major OS’s in the world (Windows, MacOS, and Linux). It is free, open-source, and provides support for debugging as well as built-in Git version control, syntax highlights, snippets, and so on. The UI of Vs-code is highly customizable, as users can switch to different themes, keyboard shortcuts, and preferences.

Weekend JavaScript

Hey! I'm Ianis. And this is a curated list of JavaScript news and articles (sending every Friday). No spam. Just fresh write-ups on the language features, frameworks, testing practices and beyond.
1093 have already subscribed.