node-ffi-napi
rfcs
Our great sponsors
node-ffi-napi | rfcs | |
---|---|---|
3 | 35 | |
949 | 718 | |
1.9% | 0.8% | |
0.0 | 5.7 | |
26 days ago | 7 days ago | |
JavaScript | JavaScript | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
node-ffi-napi
-
The unexpected return of JavaScript for Automation
I actually came from AutoHotKey as well, specifically for the cross platform support!
I've found the dev experience with nut.js to be worlds ahead of AutoHotKey as well. You get to use a real programming language with proper modules, data structures, first-class functions, asynchrony, and have access to a vast ecosystem of third party libraries and tooling.
Some Windows specific APIs are easier to work with on AHK due to the collection of built-in functions specifically tailored for automation, but everything AHK is still possible with nut.js since you're just writing a node.js script and have access to libraries like https://github.com/node-ffi-napi/node-ffi-napi that can call native system libraries, with a bit more work involved.
-
NPM package ‘ua-parser-JS’ with more than 7M weekly download is compromised
> check out the Web X-Ray repo <https://github.com/mozilla/goggles.mozilla.org/>.
Thanks for example. Peeking a bit under the hood, it appears to be due to transitive dependencies referencing github urls (and transient ones at that) instead of semver, which admittedly is neither standard nor good practice...
FWIW, simply removing `"grunt-contrib-jshint": "~0.4.3",` from package.json and related jshint-related code from Gruntfile was sufficient to get `npm install` to complete successfully. The debugging just took me a few minutes grepping package-lock.json for the 404 URL in question (https://github.com/ariya/esprima/tarball/master) and tracing that back to a top-level dependency via recursively grepping for dependent packages. I imagine that upgrading relevant dependencies might also do the trick, seeing as jshint no longer depends on esprima[0].
I'm not sure how representative this particular case is to the sort of issues you run into, but I'll tell that reproducibility issues can get a lot worse in ways that committing deps doesn't help (for example, issues like this one[1] are nasty to narrow down).
But assuming that installation in your link just happens to have a simple fix and that others are not as forgiving, how is committing node_modules supposed to help here if you're saying you can't even get it to a working state in the first place? DO you own the repo in order to be able to make the change? Or are you mostly just saying that hindsight is 20-20?
[0] https://github.com/jshint/jshint/blob/master/package.json#L4...
[1] https://github.com/node-ffi-napi/node-ffi-napi/issues/143
-
how can c++ code be made available in JavaScript?
NodeJS also has an FFI, where you can build a shared library (not limited to c++) and import it. Node-ffi-addon
rfcs
-
Yarn 4.0
npm workspaces plus Wireit works far better than Lerna, in my experience.
https://github.com/google/wireit
Wireit's ability to specify actual script dependencies, do caching (and on Github actions), and it's long-running service script support make it much more useful and comprehensive than Lerna.
I agree that this should be built into npm. There's an RRFC for it here: https://github.com/npm/rfcs/issues/706
-
NPM vs Yarn?
It's coming https://github.com/npm/rfcs/blob/main/accepted/0042-isolated-mode.md
-
How do you know that the .exe or .apk file for an open source software on github is actually compiled from the viewable source code?
This just got accepted as a proposal in NPM: https://github.com/npm/rfcs/pull/626
-
Why aren't Node.js package managers interoperable?
npm also plans to support pnpm-style node_modules
-
Axios shipped a buggy version and it broke many productions apps. Let this be a lesson to pin your dependencies!
(I usually end up removing npm ci from CI/CD since I think it is way too slow and want to cache node_modules from previous builds; I'm waiting for https://github.com/npm/rfcs/issues/415 to land to make this fail-safe npm install --from-lockfile. Yarn does support this already)
- How to run multiple NPM commands simultaneously using concurrently
- [RRFC] Parallel script execution when value is set to an array of text. · Issue #610 · npm/rfcs
- Lerna has gone. Which Monorepo is right for a Node.js BACKEND now?
- NPM introduces a new Dependency Selector Syntax
-
How to respond to growing supply chain security risks?
I started following this problem from the discussion at npm about making install scripts opt-in. But install scripts are not the only threat, there are more ways for malicious actors:
What are some alternatives?
libnut - An Node-API addon for desktop automation
vm2 - Advanced vm/sandbox for Node.js
JSHint - JSHint is a tool that helps to detect errors and potential problems in your JavaScript code
pnpm - Fast, disk space efficient package manager
npm-package-repro
corepack - Zero-runtime-dependency package acting as bridge between Node projects and their package managers
node-jxa - Use your favorite node.js modules (and JS editor) for your Javascript OSX automation scripts
Cargo - The Rust package manager
deno - A modern runtime for JavaScript and TypeScript.
GHSA-g2q5-5433-rhrf
feedback - Public feedback discussions for npm