Need to Node – Volume 50
In this volume of Need to Node, you can find the latest updates on the Node v12.8.1 (current) release, Promises API in Node.js core, August 2019 Security Releases and a comparison on 6 Popular Node.js Web Frameworks.
Check out this week’s Need to Node to keep up to date with the latest news on the Node.js project, events, and awesome articles. You are always welcome to collaborate and participate!
What’s New in the Node.js Project
- Node v12.8.1 (current) Released, no blog posts or other releases as yet.
- Promises API in Node.js core: where we are and where we’ll get . Only a few areas of Node core have (experimental) promise-based APIs for now, but work is underway to improve the situation - by Joe Sepi
- August 2019 Security Releases. This release is updating all supported release lines and some of the vulnerabilities fixed include:
- Data Dribble: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
- Ping Flood: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
- Resource Loop: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
- Also you can use N|Solid 3.5.1, which includes these security updates ✅
- An Intro to Node.js That You May Have Missed. Understanding Node.js runtime and knowing specifics of built-in APIs may help to avoid many common mistakes. - by Andrey Pechkurov
- Web APIs in Node.js Core: Past, Present, and Future. A look at the story of Web APIs in Node.js core - what Node.js has implemented, what is being discussed, what is blocking more APIs from being implemented, and what we can do to improve the developer experience of the JavaScript ecosystem. - by Joyee Cheung
Awesome Articles, Links, and Resources
- Explain like I'm 5: Microservices in Node.js discover how microservices work in Node.js with fun examples! - by Liz Parody
- JavaScript and Node.js Testing Best Practices. Comprehensive and exhaustive JavaScript & Node.js testing best practices - by Yoni Goldberg
- npm CLI Roadmap - Summer 2019 This blog post outlines what’s in store for the remainder of the npm v6 line, and what to expect in v7 and v8.
- A Beginner’s Guide to AWS AppSync AppSync can be a way to replace the API Gateway + AWS Lambda pattern for connecting clients to your serverless backends - by Ran Ribenzaft
- Finding the Right Fit: Comparing 6 Popular Node.js Web Frameworks this guide looks specifically at six Node.js web frameworks: Express, Koa, Hapi, Restify, Loopback, and Fastify.
- 5 Interesting Uses of JavaScript Destructuring this blog post describes 5 interesting uses of destructuring in JavaScript, beyond the basic usage - by Dmitri Pavlutin
One Last Thing...
If you find any awesome Node.js or JavaScript things over the next week (or beyond!), never hesitate to reach out to us on Twitter at @NodeSource to share and get it included in Need to Node - our DMs are open if you don’t want to share publicly!