Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
babel-preset-node5
Advanced tools
Node 5.x brings ~59% native ES6/ES2015 coverage. This preset for Babel 6 attempts to bridge the gap for the much of the remaining 41% using Babel plug-ins.
Babel 6.x is awesome, but simply including the ES2015 preset means you're transpiling features that your Node 5.x installation can already do faster and natively, replacing them with inferior / old code.
This preset complements existing V8-native functionality - it doesn't work around it.
The end result is nearly always a faster build and script execution time.
let
(via babel-plugin-transform-strict-mode)Note: This package originally shipped with the React preset, but to avoid bloat, doesn't any longer. If you want to add that, please install babel-preset-react too
Install via NPM the usual way:
npm i babel-preset-node5
.babelrc
(recommended)Create a .babelrc
file in your project root, and include 'node5' in your preset path:
{
"presets": [
"node5"
]
}
Now whenever you run babel-node
, it will polyfill your app with the ES2015 features that Node 5 is missing.
$ babel script.js --presets node5
require("babel-core").transform("code", {
presets: ["node5"]
});
Follow vendor instructions and include node5
in your babel "preset" list.
Babel has a ready-made preset for React, and you now need to install it separately.
Just grab it via NPM:
npm i babel-preset-react
And then add it to your "presets" list in .babelrc
:
{
"presets": [
"node5",
"react"
]
}
The async/await proposal allows you to wait on a Promise, and write asynchronous code that looks synchronous.
Here's an example:
async function getUsers(howMany) {
try {
const response = await fetch(`http://jsonplaceholder.typicode.com/users/${howMany}`); // <-- a Promise
return response.json(); // <-- Another promise.
} catch(e) {
console.log('some kind of error occurred: ', e)
}
}
getUsers.then(body => {
// "body" contains the result of `response.json()`. Async functions *always*
// return a promise, even if that means wrapping a non-Promise in Promise.resolve
})
In the above example, fetch
returns a promise. By prefixing the function with async
and prefixing every Promise with await
, we avoid the typical .then()
chain inside of the function block and can reason about the flow of the application a little more clearly.
We can also wrap promises in try/catch
blocks, instead of bolting on .catch()
chains.
The necessary babel plug-ins to use async/await are included in this package, so you can use this syntax right away.
This package originally tracked Babel 6.x versioning. The problem is, many of the plug-ins and transforms provided by Babel don't always track the the babel-core
version, so updating one dependency can throw the versioning schema off.
This package will instead now follow its own semver, starting (arbitrarily) at v10.0.0.
I'm using this repo in production, so you can be assured that I'm making it a priority to update Babel 6 deps regularly and track the latest plug-in versions.
FAQs
Babel preset for Node 5.x (ECMAScript stage 0 and up)
The npm package babel-preset-node5 receives a total of 193 weekly downloads. As such, babel-preset-node5 popularity was classified as not popular.
We found that babel-preset-node5 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.