2022.03.21 - Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine

Title: 2022.03.21 - Alert: peacenotwar module sabotages npm developers in the node‑ipc package to protest the invasion of Ukraine

This Week’s Highlights

Alert: peacenotwar module sabotages npm developers in the node‑ipc package to protest the invasion of Ukraine https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ https://mp.weixin.qq.com/s/6gbuBytsehzaMYwx-PxJ9w
On March 15 2022, users of the popular Vue.js front‑end JavaScript framework began experiencing what can only be described as a supply‑chain attack on the npm ecosystem. The nested dependencies node‑ipc and peacenotwar were sabotaged as a protest by the maintainer of the node‑ipc package.

Making WebViews work for the Web https://www.w3.org/blog/2022/03/making-webviews-work-for-the-web/
I live and breathe the Web every day, and I’m responsible for positioning W3C technologies for the widest possible developer adoption. Yet I didn’t realize until a few months ago that the cumulative usage of WebViews—what I’m referring to here as a source of that usage—has become a key mechanism for delivering Web content.

Making the world’s fastest website, and other mistakes https://dev.to/tigt/making-the-worlds-fastest-website-and-other-mistakes-56na
This is a story about a lot of things:

• Fitting a Fortune 20 site into 20 kB
• Diving into site speed so deep we’ll see “fangly” fish
• React thwarting my goal of serving users as they are
• Burning out trying to do the right thing
• And, at the end, some code I dare you to try.

Related: Ten years of page bloat: What have we learned?

Migrations Done Well: Typical Migration Approaches https://blog.pragmaticengineer.com/typical-migration-approaches/
Migrations are one of the most overlooked topics in software engineering, especially at high‑growth startups and companies. As a company’s operations expand, new systems and approaches are adopted to handle extra load, more use cases, or tighter constraints. From time to time, engineers need to migrate from an old system or approach to a new one. That’s where things can get interesting, unexpected… and even ugly.

Related: The platform two‑step

From Death to Life: Designing for Failure – Methods, Techniques, Skills https://mp.weixin.qq.com/s/a-RA9hP400qUjcdsXxjSbg
Where do programmers of different experience levels truly differ? In my view, beyond architecture design, project management, technical planning, and leadership, the ability to design for failure is an essential piece. New developers sometimes have a mysterious confidence, thinking their code isn’t that different from senior engineers’. In reality, most developers write similar “happy‑path” code; the real distinction shows up in how they handle exceptions, edge cases, and uncertainty. Seasoned engineers have, through long‑term practice, built a repertoire of muscle memory that surfaces design‑for‑failure considerations whenever a problem arises, resulting in highly available business code. Learning the methodology of failure‑aware design and gradually forming your own muscle memory is the highway for novices to become veterans. With that in mind, I wrote this article to summarize my own experiences and lessons, hoping to spark discussion and encourage more veterans to share their knowledge for mutual growth.

Deep Reads

Delightful React File/Directory Structure https://www.joshwcomeau.com/react/file-structure/
React is famously unopinionated about file and directory layout. How should you organize your code? There’s no single “right” way, but after 7 + years of trying many approaches, I’ve settled on a structure I’m happy with. In this post I share the layout I use across all my current projects, including this blog and my custom course platform.

Remix vs Next.js https://bejamas.io/blog/remix-vs-nextjs/
Remix, an edge‑first, React‑based full‑stack framework created by the original react‑router team, was recently open‑sourced—giving Next.js a strong new competitor. Honestly, that’s never a bad thing!

网易云音乐低代码体系建设思考与实践 https://mp.weixin.qq.com/s/9yo-Au3wwsWErBJfFjhxUg
This article discusses the NetEase Cloud Music front‑end team’s thinking and practice around building a low‑code system for pattern‑driven development scenarios. Starting from the current business development challenges we face, we explore our ideas for constructing a low‑code development framework and introduce the online rapid‑development capability we’re building that supports both LowCode and ProCode workflows.

Aligning Content In Different Wrappers https://ishadeed.com/article/aligning-content-different-wrappers/
This post covers design, validation, and release decisions made while building the new camera‑uploads feature for Android, released to all users in summer 2021. The project shipped smoothly, with no outages or major issues; error rates dropped and upload performance improved dramatically.

Making camera uploads for Android faster and more reliable https://dropbox.tech/mobile/making-camera-uploads-for-android-faster-and-more-reliable

How To Do Less https://alexturek.com/2022-03-07-How-to-do-less/
You probably need to do fewer things right now.

Fresh Finds

New WebKit Features in Safari 15.4  Deno 1.20 Release Notes ReactNative: An update on the New Architecture Rollout Go 1.18 is released! 6 .NET Myths Dispelled — Celebrating 21 Years of .NET CSS‑Tricks is joining DigitalOcean! N|Solid SaaS is now FREE!✨ Prepare for the future with Google Analytics 4 Welcome to AWS Pi Day 2022

Fluent Icons: Open source icons by Microsoft Peaks.js: JavaScript UI component for interacting with audio waveforms Wave.js: Audio visualizer library for JavaScript Faker 6.0: Generate massive amounts of fake data in the browser and Node.js Taiko: A Node.js library for testing modern web applications pino: super‑fast, all‑native JSON logger Prettier 2.6 Released Shader Park: an open‑source web‑based platform and community for creating real‑time 3D graphics and animations with code

Lapce: Lightning‑fast and Powerful Code Editor Awesome TUIs: List of projects that provide terminal user interfaces A brief tour of the PDP‑11, the most influential minicomputer of all time A non‑standard book list for software developers A study guide for software engineering students Python Design Patterns Awesome Falsehood: A falsehood is an idea you initially believed true but later proved false. Huawei “Genius Teen” builds a cute robot: 5‑hour open‑source project, 317 GitHub stars!

Products & Others

Don’t Alienate Your User: A Primer for Internationalis

(content truncated)

---

Originally written by Ping Xia (平侠) and published in Chinese on Web技术周刊 (Web Tech Weekly). Translated and adapted for DriftSeas with permission.