Node.js Weekly Update - 13 Jan, 2017

Read the most important Node.js weekly news & updates:

Computer vision with OpenCV, MongoDB & the importance of secure defaults, the state of package managers, transpiling ES5 code to ES6, npm security and many more..

Also, if you'd like to stay up-to-date on a daily basis, I recommend to check out our hand-curated Node.js news page and its Twitter feed!

The 7 must-read Node.js articles/projects of this Week:

○ OpenCV tutorial: Computer vision with Node.js

With this OpenCV tutorial, you can learn how to work with computer vision in Node.js. The article explains the basic principles with real-life use cases.

Who knew you can do face detection with Node?!

○ The MongoDB hack and the importance of secure defaults

There's a widespread attack on insecure MongoDB installs that has resulted in over 28,000 databases being held ransom. This post explains the hack, how to protect yourself and what can we learn from it.

○ Yarn vs npm - The State of Node.js Package Managers

Let's take a look at the state of Node.js package managers, what they can do for you, and when you should pick which one!

○ Lebab: Modernizing JavaScript Code

Lebab transpiles your ES5 code to ES6/ES7. It does exactly the opposite of what Babel does.

Lebab it!

○ 10 tips to become a better Node.js developer in 2017

This post outlines ten tips to help you become a better Node developer in 2017.

Here’s what it covers:

  • Avoid complexity - Organize your code into the smallest chunks possible
  • Use asynchronous code & avoid synchronous code like the plague.
  • Avoid blocking require - Put ALL your require statements at the top of the file.
  • Know that require is cached - This could be a feature or a bug in your code.
  • Always check for errors - Never throw errors and never skip the error check.
  • Use try…catch only in sync code - it is useless for async code, plus V8 can’t optimize code in try...catch as well as plain code.
  • Return callbacks or use if … else - Return a callback to prevent execution from continuing.
  • Listen to the error events - Almost all Node classes/objects extend the event emitter (observer pattern) and emit the error event. Be sure to listen to that.
  • Know your npm - Install modules with -S or -D instead of --save or --save-dev
  • Use exact versions in package.json: Never trust semver in your apps, but do so in open-source modules.
  • Use different dependencies. The more un-required dependencies you have, the greater the risk of vulnerability.

More details in the article.

○ Who Bears the Burden of Ensuring NPM Module Security?

In the new episode of The New Stack Makers podcast, Guy Podjarny, CEO of Snyk and Gergely Nemeth, CEO of Trace (the Node.js Debugging Tool) discussed Node.js module security during the latest Node Interactive conference.

Who is ultimately responsible for the security around these third-party modules?

Is it the original module creator? Or, if a project is open source, and since these contributions are created out of sheer goodwill for the betterment of the community, some argue that the burden of ensuring their security falls upon those using them.

○ Interview: What’s It Like Being on the Node.js Foundation Board of Directors?

Todd Moore, who is the Vice President of Open Technology at IBM and a member of the Node.js Foundation Board of Directors provides his perspective of the Node.js Foundation board and how it compares to others.

Previously in the Node.js Weekly Update

Last week we read fantastic articles about Node.js interview questions & answers for 2017, Supercharging Express Microservices with Hydra, Natural Language processing in JavaScript, and more..