The Node.js Update #Week 36 of 2019. 2 Sept

Below you can find a collection of the most important Node.js updates, tutorials & announcements from this week - curated by RisingStack's Node.js Developers.

Node v12.10.0 (Current) Released

  • deps:
    • Update npm to 6.10.3
  • fs:
    • Add recursive option to rmdir()
    • Allow passing true to emitClose option
    • Add *timeNs properties to BigInt Stats objects
  • net:
    • Allow reading data into a static buffer

AppSec POV on Dependency Management from npm

As a developer, it’s your responsibility to take due care in choosing your dependencies.

  • Use the package rating metrics and social cues available on the npm package page. High scores for popularity, quality, and maintenance are strong signals that a package is suitable for use.
  • Review the version history of the package to ensure a healthy release cadence has been established by the package maintainers. A slowing or stalled release cadence or a shift in project personnel may be a sign of maintainer fatigue.
  • Use npm audit to check the vulnerability status of your candidate dependency set.
  • Pin dependencies as narrowly as possible. Also, commit your package-lock.json file to source control. This will ensure that all transitive dependencies are pinned, as well.
  • As your project matures, establish a steady tempo of updating your dependencies. If you update too slowly, you may miss important security updates and expose yourself to a widening window of vulnerability. If you update too aggressively, you don’t give the ecosystem’s immune system time to react to potential malware.
  • Report vulnerabilities at https://www.npmjs.com/advisories/report or by emailing [email protected]

How to CI and CD a Node.js Application Using GitHub Actions

This article will cover the following:

  • Use Docker instead of bare metal deployment
  • Use GitHub actions for continuous integration of your app
  • Use GitHub actions for continuous deployment by pushing the Docker image to a Docker registry (Docker Hub)

Our workflow will look like this:

cicd-nodejs

The only introduction to Redux (and React-Redux) you’ll ever need

This article aims to explain the basic concepts of Redux and React Redux as simply and as clearly as possible, both through theory and examples by building two very simple applications.

react-redux

It is divided into two parts — Redux alone and React-Redux (implementing Redux in React):

  • In the first part, we’re going to take a look at Actions, Reducers and Store in Redux.
  • Then, we are going to implement Redux in a simple, vanilla JavaScript application.
  • Finally, we’ll talk about initializing our application state and wiring our application with the Redux DevTools browser extension.
  • In the second part, we are going to implement the same Redux application in React and learn about React-Redux, the package that lets us connect with Redux from our React components.

🐕 Announcing NodeGUI and React NodeGUI - Build native desktop apps with Javascript and CSS 🎉

NodeGUI is an open source library for building cross platform native desktop applications with JavaScript and CSS like styling. NodeGui apps can run on Mac, Windows, and Linux from a single codebase.

NodeGUI is powered by Qt5 💚 which makes it CPU and memory efficient as compared to other chromium based solutions like electron. Don’t get me wrong 🤷🏽‍♂️, Electron is a great framework for building cross platform apps but suffers from performance and energy related issues due to heavy reliance on Chromium. NodeGui wants to incorporate everything that is good about Electron: The ease of development, freedom of styling, Native APIs, great documentation, etc. At the same time NodeGui aims to be memory and CPU efficient.

Data Scraping in Node.js 101

Web scraping is a great way to create dynamic websites without having to contact a database for information. This tutorials shows how you can do it with Node.js and Puppeteer - a ‘headless Chrome node API’ written by Google (basically, it allows you to write DOM JavaScript code on a server).

Light Authentication with Node.js, express and external authentication provider

How many times you were asked to ‘create a tool’ or to ‘automate a process’? probably many, and from those times, how did you managed your authentication ? This guide can help you easily add authentication to you application.

Creating a light authentication service with Node.js and external authentication provider will allow you to avoid using any kind of storage/DB component, you will not need to mess around with group and permission logic, tokenization and other “boring” security features.

Design patterns in Node.js: a Practical Guide

Design patterns, simply put, are a way for you to structure your solution’s code in a way that allows you to gain some kind of benefit. Such as faster development speed, code reusability, and so on.

All patterns lend themselves quite easily to the OOP paradigm. Although given JavaScript’s flexibility, you can implement these concepts in non-OOP projects as well.

Patterns discussed in this article:

  • Immediately Invoked Function Expressions (IIFE)
  • Factory method pattern
  • Singleton pattern
  • Observer pattern
  • Chain of responsibility pattern