The Node.js Update #Week 14 of 2019. 5 April

Below you can find a collection of the most important Node.js updates, tutorials & announcements from this week - curated by RisingStack's Node.js Developers.

Node v11.13.0 (Current) Released

Changelog:

  • crypto:
    • Allow deriving public from private keys
  • events:
    • Added a once function to use EventEmitter with promises
  • tty:
    • Added a hasColors method to WriteStream
    • Added NO_COLOR and FORCE_COLOR support
  • v8:
    • Added v8.getHeapSnapshot and v8.writeHeapSnapshot to generate snapshots in the format used by tools such as Chrome DevTools
  • worker:
    • Added worker.moveMessagePortToContext. This enables using MessagePorts in different vm.Contexts, aiding with the isolation that the vm module seeks to provide
  • C++ API:
    • AddPromiseHook is now deprecated. This API was added to fill a use case that is served by async_hooks, since that has Promise support
    • Added a Stop API to shut down Node.js while it is running

Node v6.17.1 (LTS) Released

Node 6 is due to go End-of-Life on 2019-04-30 - see the Release Schedule.

Nodejs-release-schedule--1-

Notable Changes:

  • http: fix error check in Execute()

The request module goes into Maintenance Mode!

The most valuable thing request can do for the JavaScript ecosystem is to go into maintenance mode and stop considering new features or major releases. - Mikeal Rogers

request was one of the first modules added to the npm registry. As npm grew so did dependence on request. Request remains one of the most depended on modules in the registry.

The place request has in the Node.js ecosystem is no longer one of an innovator but of an incumbent.

It’s much harder for new libraries accomplishing similar tasks to gain adoption because of the incumbent position request holds over the ecosystem. It’s also very hard to change request in any meaningful way.

The best thing for these new modules is for request to slowly fade away, eventually becoming just another memory of that legacy stack. Taking the position request has now and leveraging it for a bigger share of the next generation of developers would be a disservice to those developers as it would drive them away from better modules that don’t have the burden of request’s history.

Plan for request to go into maintanence mode:

  • request will stop accepting new features.
  • request will stop considering breaking changes.
  • The committers that are still active will try to merge fixes in a timely fashion, no promises though.
  • Releases will be fully automated, any merge into master will be published. I’ve already built this for some other projects using GitHub Actions.
    • We’re going to have to remove inactive collaborators and enforce 2fa, because commit rights will effectively become npm publish rights.

Easily identify problems in Node.js applications with Diagnostic Report

The Diagnostic Report utility was recently brought into the Node.js core to help developers identify almost all scenarios of Node.js application anomalies in production. The scenarios include abnormal termination such as a crash, slow performance, memory leak, high CPU, unexpected errors, incorrect output, and more.

While the report does not pinpoint the exact problem or specific fixes, its content-rich diagnostic data offers vital hints about the issue and accelerates the diagnostic process.

Node.js Event Loop Architecture

The idea of this article is to clarify your notion of Node.js core, how it is implemented and how it works.

Node.js Event Loop

Because Node.js is more than just “JavaScript on the server,”. Even more, about 30% of it is C++, and not JS! And we are going to discover here what that C++ part actually does in Node.js

Node.js Application Security Guide

In this article, we will focus on some of the best practices of Node.js, and how to make your app much more secured. ToC:

  • Crypto
  • Keeping your dependencies up to date
  • HTTP response headers
  • Using cookies securely
  • Cross-Origin Resource Sharing
  • Cross-Site Request Forgery
  • Error Handling
  • Node.js API Authentication of JWT Tokens
  • Tools to check the security risk of open-source dependencies

Automate your Deployment on Heroku

In this blog post, we will be using Heroku to deploy our small Node.js project through Travis CI. The most important thing in the DevOps field is defining the architecture of all the operations as it determines which operations will get execute first and feed as an input to another operation.

Deployment Train

As it is quite a small project with only three major tools/services, its architecture is small and straightforward.

Build a real-time chat app with vuejs, socket.IO and Node.js

In this article, I will be showing you how I build a real time chat app with Vue.js, Node.js and Express and Socket.io

Running up Elasticsearch on Amazon Web Service (AWS) with Node.JS

Elasticsearch is a distributed restful search and analytical engine which built on top of Apache Lucene. It’s easy to use, scalable, support full-text search and use document based index rather than table or schema. So it has no transaction, like any other database, no relations, no constrains, and it also schema free.

ElasticSearch Node.js

I have made some Node.js application code which consists of connection to Elasticsearch itself, seeding the data by indexing a dummy data, and search endpoint so we able to search seeded data which indexed while initiate the application.

Trool: a spreadsheet rule engine for NodeJS/TypeScript

Trool is a simple npm library for NodeJS which allows you to create rules for your program in a spreadsheet-style format. Engineering time for businesses can be expensive: you want to keep that to a minimum. The problem is your program may need lots of small updates over time depending on business needs.

Trool

It’s a waste of money to call on programmers every time a small change needs to be made. Instead of hard-coding these small changes in your code, why not move them to a spreadsheet, so you or non-engineers on your team can quickly make the changes.