The Node.js Update #Week 31 of 2019. 2 August

Below you can find a collection of the most important Node.js updates, tutorials & announcements from this week - curated by RisingStack's Node.js Developers.

Node v12.7.0 (Current) Released

  • deps:
    • Updated nghttp2 to 1.39.1 (gengjiawen) #28448.
    • Updated npm to 6.10.0 (isaacs) #28525.
  • esm:
    • Implemented experimental "pkg-exports" proposal. A new "exports" field can be added to a module's package.json file to provide custom subpath aliasing. See proposal-pkg-exports for more information
  • http:
    • Added response.writableFinished (Robert Nagy) #28681.
    • Exposed headers, rawHeaders and other fields on an http.ClientRequest "information" event
  • inspector:
    • Added inspector.waitForDebugger()
  • policy:
    • Added --policy-integrity=sri CLI option to mitigate policy tampering. If a policy integrity is specified and the policy does not have that integrity, Node.js will error prior to running any code
  • readline,tty:
    Exposed stream API from various methods which write characters
  • report:
    • Modify process.report.getReport() to return an Object instead of a JSON string
  • src:
    • Use cgroups to get memory limits. This improves the way we set the memory ceiling for a Node.js process. Previously we would use the physical memory size to estimate the necessary V8 heap sizes. The physical memory size is not necessarily the correct limit, e.g. if the process is running inside a docker container or is otherwise constrained. This change adds the ability to get a memory limit set by linux cgroups, which is used by docker containers to set resource constraints.

Node v10.16.1 (LTS) Released

  • deps: upgrade openssl sources to 1.1.1c
  • stream: do not unconditionally call _read() on resume()
  • worker: fix nullptr deref after MessagePort deser failure

Staying Ahead of Security Vulnerabilities with Security Patches

When maintainers are unable to release new versions with security fixes quickly enough or in worse cases, maintainers are no longer involved in projects any longer and are completely unresponsive, the risk of security vulnerabilities existing for longer time periods further increases. For these reasons, surgical security patches are a crucial tool to help you stay ahead of un-remediated security vulnerabilities

Top 4 Tactics To Keep Node.js Rockin’ in Docker

There’s a ton of info out there on using Node.js with Docker, but so much of it is years out of date, and I’m here to help you optimize your setups for Node.js 10+ and Docker 18.09+.

  • Stick With Your Current Base Distro
  • Use The Node User, Go Least Privilege
  • Don’t Use Process Managers In Production
  • Start Node Directly in Dockerfiles

From managing a legacy platform to handling Node.js in production

About 2 years ago we shifted to Node.js and MongoDB from PHP and MySQL because of the problem of scaling and infrastructure. Our aim was to make the website work in a more asynchronous form. The performance boost of Node.js was incredible and also at the same time we wanted to make it easy for us to ship changes every week. This decision turned out to be very great for us.

Running Multiple Versions of Node.js with Node Version Manager

If you work on multiple Node.js projects, you’ve probably run into this one time or another. You have the latest and greatest version of Node.js installed, and the project you’re about to work on requires an older version. In those situations, the Node Version Manager (nvm) has your back, allowing you to install multiple versions of Node.js and switch between them as you see fit.

Node.js on Android [Root]

I created this guide to explain some things about running Node on Android. We will go over how to get up and running with Javascript and Node on Android. When I originally tried to find information on this I found it hard to come up with anything solid so I thought I would share my findings here!

Control Chrome from Node.js with Puppeteer

Puppeteer is Google's official npm module for controlling Chrome from Node.js. Using Puppeteer, you can open up a Chrome browser, navigate to an arbitrary page, and interact with the page by executing arbitrary JavaScript. Here's a short list of what you can do with Puppeteer:

  • Automated testing
  • Automatically generate screenshots of your app on different mobile devices
  • Convert single page apps to static sites
  • Scrape web pages

Node.js Chat App to SMS

Summary: This is a how-to Node.js socket.io chat app to SMS using Twilio API.