Need to Node – Volume 50
In this volume of Need to Node, you can find the latest updates on the Node v12.8.1 (current) release, Promises API in Node.js core, August 2019 Security Releases and a comparison on 6 Popular Node.js Web Frameworks.
Check out this week’s Need to Node to keep up to date with the latest news on the Node.js project, events, and awesome articles. You are always welcome to collaborate and participate!
What’s New in the Node.js Project
- Node v12.8.1 (current) Released, no blog posts or other releases as yet.
- Promises API in Node.js core: where we are and where we’ll get . Only a few areas of Node core have (experimental) promise-based APIs for now, but work is underway to improve the situation - by Joe Sepi
- August 2019 Security Releases. This release is updating all supported release lines and some of the vulnerabilities fixed include:
- Data Dribble: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
- Ping Flood: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
- Resource Loop: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
- Also you can use N|Solid 3.5.1, which includes these security updates ✅
- An Intro to Node.js That You May Have Missed. Understanding Node.js runtime and knowing specifics of built-in APIs may help to avoid many common mistakes. - by Andrey Pechkurov
Awesome Articles, Links, and Resources
- Explain like I'm 5: Microservices in Node.js discover how microservices work in Node.js with fun examples! - by Liz Parody
- npm CLI Roadmap - Summer 2019 This blog post outlines what’s in store for the remainder of the npm v6 line, and what to expect in v7 and v8.
- A Beginner’s Guide to AWS AppSync AppSync can be a way to replace the API Gateway + AWS Lambda pattern for connecting clients to your serverless backends - by Ran Ribenzaft
- Finding the Right Fit: Comparing 6 Popular Node.js Web Frameworks this guide looks specifically at six Node.js web frameworks: Express, Koa, Hapi, Restify, Loopback, and Fastify.
One Last Thing...