The NodeSource Blog

Need to Node – Volume 50

In this volume of Need to Node, you can find the latest updates on the Node v12.8.1 (current) release, Promises API in Node.js core, August 2019 Security Releases and a comparison on 6 Popular Node.js Web Frameworks.

Check out this week’s Need to Node to keep up to date with the latest news on the Node.js project, events, and awesome articles. You are always welcome to collaborate and participate!

What’s New in the Node.js Project

  • Node v12.8.1 (current) Released, no blog posts or other releases as yet.
  • Promises API in Node.js core: where we are and where we’ll get . Only a few areas of Node core have (experimental) promise-based APIs for now, but work is underway to improve the situation - by Joe Sepi
  • August 2019 Security Releases. This release is updating all supported release lines and some of the vulnerabilities fixed include:
    • Data Dribble: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
    • Ping Flood: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
    • Resource Loop: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
  • Also you can use N|Solid 3.5.1, which includes these security updates ✅
  • An Intro to Node.js That You May Have Missed. Understanding Node.js runtime and knowing specifics of built-in APIs may help to avoid many common mistakes. - by Andrey Pechkurov
  • Web APIs in Node.js Core: Past, Present, and Future. A look at the story of Web APIs in Node.js core - what Node.js has implemented, what is being discussed, what is blocking more APIs from being implemented, and what we can do to improve the developer experience of the JavaScript ecosystem. - by Joyee Cheung

Awesome Articles, Links, and Resources

One Last Thing...

If you find any awesome Node.js or JavaScript things over the next week (or beyond!), never hesitate to reach out to us on Twitter at @NodeSource to share and get it included in Need to Node - our DMs are open if you don’t want to share publicly!

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free