The Node.js Update - #Week 9 - 1 March, 2019

Below you can find a collection of the most important Node.js updates, tutorials & announcements from this week - curated by RisingStack's Node.js Developers.

February 2019 Node.js Security Releases

Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. The original announcement is included below.

Downloads are available for the following versions. Details of code changes can also be found on each release page.

Node.js Developer Roadmap

In this repo you can find a chart demonstrating the paths that you can take and the libraries that you would want to learn to become a Node.js developer.


The repo also contains resources for the topics mentioned on the chart.

ReDoS vulnerabilities in npm spikes by 143% and XSS continues to grow

Snyk just released its annual State of Open Source Security report.


Path and directory traversal vulnerabilities fiercely stand out in the npm ecosystem with record numbers of 146 and 143 disclosures in 2017 and 2018, respectively.

You can download the whole report here.

Node.js task runners: Are they right for you?

This post covers the following topics:

  • The history and philosophy behind Node.js
  • Why task runners were developed for Node.js
  • Different approaches taken by popular task runners
  • How bash may be used as a simpler alternative

Node.js Logging Made Right

"What’s nagging you the most when you think about logging in Node.js? If you ask me I’m gonna say lack of of industry standards for creating trace IDs. Within this article we’ll overview how we can create these trace IDs (meaning we’re going to briefly examine how continuation local storage a.k.a CLS works) and dig deep into how we can utilize Proxy to make it work with ANY logger." - writes Andrey Goncharov.

How, in general, does Node.js handle 10,000 concurrent requests?

This insightful StackOwerflow Q&A helps you to understand how single-threading and multi-threading works in Node.js.


A continuously-evolving compendium of javascript tips based on common areas of confusion or misunderstanding.


Zero is a web framework to simplify modern web development. It allows you to build your application without worrying about package management or routing. It's as simple as writing your code in a mix of Node.js, React, HTML, MDX, and static files and putting them all in a folder. Zero will serve them all. Zero abstracts the usual project configuration for routing, bundling, and transpiling to make it easier to get started.

An example project with different types of pages, all in one folder:


Previous Weekly Node.js Updates:

  • #Week 8 of 2019. 22 February
    • Node.js Selected by Google for .dev Top Level Domain
    • npm on the Security Risks of Changing Package Owners
    • 10 npm Security Best Practices
  • #Week 7 of 2019. 15 February
    • What security guidance would be most useful for Node.js developers?
    • Node.js v11.10.0 Current Released
    • Processing large volumes of data safely and fast using Node.js and PostgreSQL
  • #Week 6 of 2019. 8 February
    • V8 release v7.3
    • React v16.8: The One With Hooks
    • ES2019 Features