Below you can find a collection of the most important Node.js updates, tutorials & announcements from this week - curated by RisingStack's Node.js Developers.
- doc: The JSON variant of the API documentation is no longer experimental
- esm: JSON module support is always enabled under
--experimental-json-modulesflag has been removed.
- http,http2: A new flag has been added for overriding the default HTTP server socket timeout (which is two minutes). Pass
--http-server-default-timeout=0to respectively change or disable the timeout. Starting with Node.js 13.0.0, the timeout will be disabled by default
- inspector: Added an experimental
--heap-profflag to start the V8 heap profiler on startup and write the heap profile to disk before exit
- stream: The
readable.unshift()method now correctly converts strings to buffers. Additionally, a new optional argument is accepted to specify the string's encoding, such as
- v8: The object returned by
v8.getHeapStatistics()has two new properties:
We’ve been publishing articles on Node.js for over 5 years now, so we thought it’d be interesting to look back at what exactly happened to Node.js so far, from the point where it was born until Today.
The JS package commons is in the hands of a for-profit entity. We trust npm with our shared code, but we have no way to hold npm accountable for its behavior.
This series of articles about node.js authentication, are aimed to demystify concepts such as JSON Web Token (JWT), social login (OAuth2), user impersonation (an admin can log in as a specific user without password), common security pitfalls and attack vectors.
Table of contents:
- How to make the Sign-Up 🥇
- How to make the Sign-In 🥈
- JWT explained 👩🏫
- Generating JWTs 🏭
- Secured endpoints ⚔️
- User impersonation 🕵️
A service mock is code that simulates the service that you would use in the final product, but is lighter weight, less complex, and easier to control than the actual service you would use in production. You can set a mock service to return a default response or specific test data, then run the software you're interested in testing as if the dependent service were really there. Because of this, having a flexible way to mock services can make your workflow faster and more efficient.
The goal of the mentorship program is to bring more contributors to Node.js projects by mentoring people about the Node.js ecosystem, helping them contribute to Node.js, championing their PRs through code reviews, and providing guidance.
This round we have 10 brilliant mentors for a mentoring duration of 10 weeks. Mentoring topics are very diverse so make sure you pick your top 3 choices carefully.
You can read more about the mentorship program here: https://github.com/nodejs/mentorship
Dates to Remember:
- CFP Opens: Tuesday, May 7
- CFP Closes: Friday, June 14 at 11:59pm PST
- CFP Notifications: Wednesday, July 31
- Schedule Announcement: Week of August 5
- Slide Due Date: Monday, December 2
- Event Dates: Wednesday, December 11 – Thursday, December 12
The npm security team, in collaboration with Komodo, helped protect over $13 million USD in cryptocurrency assets as they found and responded to a malware threat targeting the users of a cryptocurrency wallet called Agama.
electron native notify publication timeline "1.0.0": "2019-03-06T23:54:33.625Z" "1.0.1": "2019-03-07T03:07:45.585Z" "1.0.2": "2019-03-07T03:10:00.491Z" "1.0.3": "2019-03-08T03:46:17.223Z" "1.1.0": "2019-03-08T04:04:55.489Z" "1.1.1": "2019-03-08T04:18:13.915Z" "1.1.2": "2019-03-08T04:29:26.857Z" "1.1.3": "2019-03-08T04:44:44.991Z" "1.1.4": "2019-03-08T04:47:23.483Z" "1.1.5": "2019-03-08T09:58:07.558Z" <- KomodoPlatform/EasyDEX-GUI installs package "1.1.6": "2019-03-23T09:28:57.679Z" <- Malicious payload introduced here "1.1.7": "2019-03-23T10:45:36.035Z" "1.2.0": "2019-04-16T02:09:56.904Z" <- Agama updated by sawlysawly to this version "1.2.1": "2019-05-11T11:44:21.933Z" "1.2.2": "2019-06-03T15:26:40.054Z"
This attack focused on getting a malicious package into the build chain for Agama and stealing the wallet seeds and other login passphrases used within the application.