Node.js Weekly Update - 10 Feb, 2017

Read the most important Node.js weekly news & updates: Dismissing garbage collection, exploiting Node.js deserialization, building microservices with Hydra, building a microblog and many more..

If you'd like to stay up-to-date on a daily basis, I recommend to check out our hand-curated Node.js news page and its Twitter feed!

The 6 best Node.js articles/projects of this Week:

○ Dismissing Garbage collection in Node.js - A failed experiment

The aim of this experiment is to fork a number of workers (2 x num.of cores) + 1 from a master/parent process which manages them. When the resident set size of a worker increases the defined throttle, master removes the worker from the cluster gracefully, shuts it down, spawn a new fork, adds it back to the cluster.

Why doing this at all? Blind curiosity, try to avoid the GC pauses and most importantly, inspiration from Instagram Engineering team’s article on dismissing garbage collection in python. This experiment is to try the same by disabling GC and relying on the above defined pattern and run the application.

○ Exploiting Node.js deserialization bug for Remote Code Execution

Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately invoked function expression (IIFE).

However I couldn’t find any resource that explained deserialization/object injection bugs in Node.js. I thought to do some research on this and after spending some time I was able to exploit a deserialization bug to achieve arbitrary code injection.

○ Building a Microservices Example Game with Distributed Messaging

In this article, Carlos Justiniano shows you how you can build a microservices example game and learn how Hydra helps to facilitate distributed messaging during this process.

Hydra is a NodeJS library that was open-sourced at the EmpireNode conference in New York City in late 2016. The Hydra project seeks to greatly simplify the building of distributed applications such as microservices. As an NPM package, Hydra has only one external infrastructure dependency - the use of a Redis server. Hydra leverages Redis to coordinate service presence, health, load balancing, discoverability and messaging.

○ Concurrency and Parallelism: Understanding I/O

In the first episode of the Concurrency and Parallelism series we dive deep into understanding how the OS schedules our applications I/O operations.

○ Building a Microblog Using Node.js, Git and Markdown

This article explores building a microblog with Node, Git, and a few dependencies. The purpose of this app will be to serve static content from files committed to a repository. You will learn how to build and test an app, and gain insight into the process of delivering a solution. By the end, you will have a minimalist working blog app that you can build on.

To build an awesome blog, first, you need a few ingredients:

  • A library to send HTTP messages
  • A repository to store blog posts
  • A unit test runner or library
  • A Markdown parser

○ Twitter migrates mobile web stack to Node

Twitter moves to Node.js

Previously in the Node.js Weekly Update

In the previous Node.js Weekly Update we read fantastic articles about CQRS, Node Interactive Europe, the NASA Case-Study, Cron job Microservices, and many more...