Node.js Weekly Update - 12 May, 2017

Below you can find RisingStack's collection of the most important Node.js news, projects, updates & security leaks from this week:

1. Writing Secure Node.js Code (presentation & full transcript /w slides)

In his presentation, Danny Grander walked us through hacking a vulnerable Node.js application, as well as looking in-depth into three different vulnerabilities in popular npm packages.

Node.js hacking - repeat for success

It is a good learning opportunity to see a real-world software, written by experienced developers that had security issues that later got fixed, and hopefully we can learn something from that.

2. Project Glimpse - Full-stack Node.js web diagnostics

Glimpse is an experimental npm package that gives you in-depth insights about the client and server sides of your Node.js apps.


More efficient debugging means faster development. Best of all, it’s free.

3. Node.js Post-Mortem Diagnostics & Debugging

Post-mortem diagnostics & debugging comes into the picture when you want to figure out what went wrong with your Node.js application in production

Node Report

We will take a look at node-report, a core project which aims to help you to do post-mortem diagnostics & debugging.

4. Using Docker Compose for Node.js Development

Docker is an amazing tool for developers. It allows us to build and replicate images on any host, removing the inconsistencies of dev environments and reducing onboarding timelines considerably.

Docker Node.js Todo

To provide an example of how you might move to containerized development, I built a simple todo API using NodeJS, Express, and PostgreSQL using Docker Compose for development, testing, and eventually in my CI/CD pipeline.

Node Core Changes:

⬢ util.promisify is now in the Node Core

Now that util.promisify is in the Node Core, we don't have to use the es6-promisify module anymore.

⬢ Async Hooks - Initial Implementation

AsyncWrap is two things. One is a class abstraction that provides an internal mechanism for handling asynchronous tasks, such as calling a callback.

The other part is an API for setting up hooks and allows one to get structural tracing information about the life of handle objects. In the context of tracing the latter is usually what is meant.

Vulnerable npm Packages Discovered:

Medium severity

Low severity

Previously in the Node.js Weekly

In the previous Node.js Weekly Update we read about why Node 8 got delayed, how to use the fs module effectively, how to make Electron apps with 99.9% weight loss & 3 recent Node.js releases: v6.10.3 (LTS); v7.10.0 (Current) & v4.8.3 (Maintenance).

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!