This week we’ve got NPM getting help with its hygiene, React Native vs. Flutter, and one surefire way to not learn TypeScript. Welcome to #90.
Old-school hygiene interventions
A hygiene intervention for NPM
NPM turned 12 years old in January — and like most other tweens, its hygiene can be pretty questionable at times. (Take one look into your
So like any good friend, Feross Aboukhadijeh and his team staged an intervention for NPM last week when they launched Socket.dev — a new security tool that improves your
How it works: Socket monitors updates to your NPM packages and identifies malicious package updates. This type of vulnerability is called a supply chain attack (log4j made them famous), which typically happen for the following reasons:
(Check out Socket’s article for the full story.)
This stuff can get pretty scary, considering that ~90% of the code in your app comes from open source, so it’s nice to know there’s a modern solution for avoiding these issues. Fortunately, Socket is free for all open-source projects and can be installed as a GitHub app.
Bottom Line: I guess this makes Socket.dev the Axe Body Spray for all of NPM’s hygiene issues (except it actually works). Now they just need to name their new releases after scents like Phoenix and Essence to really drive the metaphor home.
Just ship it [sponsored]
We finally used Retool. And it’s better than we thought.
Story time: Two weeks ago, we decided it was time to start paying attention to a few stats — like how many new people subscribed to Bytes, how they found us, etc. (It only took us 88 issues lol.)
So like any good developers, we spent a few hours
But then I remembered Retool.
So we signed up for a free trial — and it took me literally one afternoon to connect to all of our third-party data sources and to set up all the charts, tables, and graphs we could ever want.
It’s easily saved us 20+ hours of engineering time already. And since our free trial is about to run out, we’re actually going to (gulp) start paying for it. (Truly the highest praise I can give.)
Thankfully, startups can apply to receive one year for free — so I’ll try that out first 🙏
Might as well enjoy it
Battle Royale: React Native vs. Flutter
Let’s get ready to rumble… cross-platform style.
There’s been a lot of buzz about Flutter vs. React Native lately, so we wanted in on the drama too. *Ding ding*
In the red corner we’ve got React Native. It burst onto the scene back in 2015 to save our souls from
React Native started off with a big lead, but Flutter has flipped the script over the last couple years — catching up to RN and even surpassing it in popularity (depending on who you believe) for three main reasons:
React Native has addressed some of these issues in recent months by making substantial improvements to its docs and its core. And RN can still bank on its strong ecosystem and the all-powerful Atwood’s Law to drive it forward. There’s a reason that there are a lot more world-class React Native apps than Flutter apps today.
Bottom Line: It’s clear that both Google and Meta have strong financial incentives to continue investing in these projects, so there probably won’t be a definitive winner. The good news is we’ll probably all benefit as the “write once, run anywhere” revolution keeps moving forward.