Below you can find RisingStack's collection of the most important Node.js news, projects, updates, insecure npm packages & Node related CFP's from this week:
1. Node v8.0.0 (Current) Released
This article contains a summary of the most significant changes and features in the next major release of Node.js.
2. The Important Features and Fixes of Node.js 8
With the release of Node.js Version 8 (on 30 May), we got the latest LTS (long-term support) variant with a bunch of new features and performance improvements.
In this post, we'll go through the most important features and fixes of the new Node.js 8 release.
3. npm v5.0.0 arrived
[email protected] takes npm a pretty big step forward, significantly improving its performance in almost all common situations, fixing a bunch of old errors due to the architecture, and just generally making it more robust and fault-tolerant.
It comes with changes to make life easier for people doing monorepos, for users who want consistency/security guarantees, and brings semver support to git dependencies.
4. Mikeal Rogers: Thank You. Good Bye. But Not Really.
I’m incredibly proud of what we’ve been able to accomplish the last few years of Node.js. While I’ll forever be a part of this community, I’m ready to move on from the Foundation to the next challenge.
The project is as strong as it has ever been with plenty of new project leaders who will surely fill whatever void I leave behind, and the project will end up even stronger for it.
5. N-API: Next generation Node.js APIs for native modules
Existing native modules are written in C/C++ and directly depend on V8 and/or NAN APIs. The result of this dependency is a lack of API/ABI stability guarantees, requiring native addons to be updated or recompiled for every major Node.js release.
The next generation, ABI-stable Node.js API for native modules or N-API aims to solve this problem, by providing an ABI-stable abstraction layer for native APIs in JavaScript VMs.
6. Announcement: On-premises Node.js Monitoring Tool is Now Available
Trace, RisingStack's Node.js Monitoring Tool helps developers and operation teams to debug & monitor Node.js infrastructures with ease.
We are happy to announce that Trace is now also available as an on-premises solution. To learn more, check out our On-premises Node.js Monitoring Page.
7. Publishing a Maintainable NPM Module with Continuous Integration
In this two-part series, you will learn how to build, test, and publish a JavaScript module to NPM, as well as how to update it using continuous integration that will automatically test and publish new versions.
This post will focus on testing, building, and publishing a module, while Part II will focus on setting up continuous integration for updating the module.
8. Win a FREE ticket to Node Interactive North America
The Node.js Foundation wants you to design the official Node.js Interactive t-shirt this year!
The details:
- The Foundation will collect t-shirt art submissions until Monday, June 12.
- The winning design will be announced on Monday, July 10.
- The winner of the t-shirt design contest will be awarded a full access pass to Node.js Interactive.
9. Training: Build Microservices with Node.js - 29-30 June
Two days of hands-on training to master microservices with Node.js with the CTO of RisingStack, Peter Marton.
This course is for you if
- you are considering microservices for your organization,
- you want to better understand microservices,
- you want to migrate to microservices,
- you want hands-on experience in building microservices with Node.js.
Vulnerable npm Packages Discovered this Week:
Medium severity
- Cross-site Scripting (XSS) - rendr-handlebars package, versions <1.0.0
- Cross-site Scripting (XSS) - octotree package, versions <2.0.11
- Cross-site Scripting (XSS) - octotree package, versions <1.1
- Cross-site Scripting (XSS) - ghost package, versions <0.11.4 >=0.8.0
- Cross-site Scripting (XSS) - ghost package, versions <1.0.0-alpha.5 >=1.0.0-alpha.1 || >=0.8.0 < 0.11.2
- Cross-site Scripting (XSS) - ghost package, versions <0.5.9
- Cross-site Scripting (XSS) - easyxdm package, versions <2.4.19
- Cross-site Scripting (XSS) - bootstrap-markdown package, ALL versions
- Authentication Bypass - ghost package, versions <0.5.9
- Authentication Bypass - ghost package, versions <0.5.9
- Man in the Middle (MitM) - hotel package, ALL versions
- Open Redirect - ghost package, versions <0.10.0
- Information Disclosure - ghost package, versions <0.5.9
- Denial of Service - ghost package, versions <0.5.9
- Identity Spoofing - ghost package, versions <0.5.9
Open Node.js CFP's
- NodeFest, Tokyo
- Node Summit, San Francisco (CA)
- dot Conferences, Paris
- Nordic.js, Stockholm
- Wonder Women Tech 2017, Long Beach (CA)
Previously in the Node.js Weekly
In the previous Node.js Weekly Update we read about npm auth becoming limited, a great Node.js Streams Guide, an AWS Lambda & Nod Tutorial & about the upcoming Node conferences.
We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!