Node.js Weekly Update - 21 July

Below you can find RisingStack's collection of the most important Node.js updates, projects, tutorials & Node related conferences from this week:

Say hello to HTTP/2 for Node.js Core

While there are many details that still need to worked through, and likely many issues that need to be fixed… this initial implementation provides enough functionality to get started, including:

  • Push Stream Support
  • respondWithFile() and respondWithFD() APIs that allow extremely efficient sending of raw file data that bypasses the Streams API.
  • TLS and Plain-text connections
  • Full support for stream multiplexing
  • HTTP/2 Prioritization and Flow Control
  • Support for HTTP/2 trailers
  • HPACK header compression support
  • A compatibility API layer that operates as close as possible to the existing HTTP/1 API

Node.js HTTP 2

Node.js: Constant HashTable Seeds Vulnerability

You might have heard about the high impact security vulnerability issue recently fixed and announced by nodeJS team. This post will attempt to explain the issue, how and why it happened.

Node.js Security

The vulnerability roots from HashTables, so lets start with a quick recap on HashTables, just in case you missed your computer science classes.

How Developer Mac Heller-Ogden Convinced His Bosses to Adopt Node.js

In this article, you’ll learn why Mac Heller-Ogden decided—on his own—to build a proof of concept for Node.js at

Node.js at

You’ll also learn how long it took, what leadership at said when they saw his work (spoiler: they loved it), and what happened next.

What you should know to really understand the Node.js Event Loop

Node.js is an event-based platform. This means that everything that happens in Node is the reaction to an event. A transaction passing through Node traverses a cascade of callbacks. Abstracted away from the developer, this is all handled by a library called libuv which provides a mechanism called an event loop.

Node.js Event Loop

The event loop is maybe the most misunderstood concept of the platform. The article covers Dynatrace's learnings about how the event loop really works and how to monitor it properly.

npm v5.3.0 released

New features:

  • Add --link filter option to npm ls.
  • [email protected]:
  • 4 new languages - Czech, Italian, Turkish, and Chinese (Traditional)! This means npx is available in 14 different languages!
  • New –node-arg option lets you pass CLI arguments directly to node when the target binary is found to be a Node.js script.

As mentioned before, we’re continuing to do relatively rapid, smaller releases as we keep working on stomping out [email protected] issues! We’ve made a lot of progress since 5.0 already, and this release is no exception.

Node.js Adopts the Contributor Covenant Guidelines

The Code of Conduct calls out the following as specific examples of unacceptable behavior:

  • The use of sexualized language or imagery and unwelcome sexual attention or advances
  • Trolling, insulting/derogatory comments, and personal or political attacks
  • Public or private harassment
  • Publishing others' private information, such as a physical or electronic address, without explicit permission
  • Other conduct which could reasonably be considered inappropriate in a professional setting

Contributor Covenant

Our Pledge:

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.

Upcoming Node.js, Microservices & Security Trainings in Europe

We are happy to announce that starting from September, three instructors from RisingStack will be traveling Europe to hold trainings on Node.js, Microservices, and Security.

The trainings will be available in Vienna, Dublin, Amsterdam, Paris, Barcelona, Berlin, Zurich, London, Lisbon.

Node Summit, Next Week, San Francisco!

Node Summit is the largest conference focused exclusively on Node.js and “The Ecosystem of Node”.

Node Summit 2017

You can still register for the chance to attend Day Zero on July 25th. Day Zero provides a limited set of attendees (based on order of registration) invite-only access to additional talks, workshops and educational sessions, as well as more opportunities to network with the Node.js community and thought leaders.

Node Core Changes:

⬢ Node v8.2.1 (Current)

  • http: Writes no longer abort if the Socket is missing.
  • process, async_hooks: Avoid problems when triggerAsyncId is undefined.
  • zlib: Streams no longer attempt to process data when destroyed.

⬢ Node v8.2.0 (Current)

  • Async Hooks
  • Multiple improvements to Promise support in async_hooks have been made.
  • Build
  • The compiler version requirement to build Node with GCC has been raised to GCC 4.9.4.
  • Cluster
  • Users now have more fine-grained control over the inspector port used by individual cluster workers. Previously, cluster workers were restricted to incrementing from the master's debug port.
  • DNS
  • The server used for DNS queries can now use a custom port.
  • Support for dns.resolveAny() has been added.
  • npm
  • The npm CLI has been updated to version 5.3.0. In particular, it now comes with the npx binary, which is also shipped with Node.

Previously in the Node.js Weekly Update

In the previous Node.js Weekly Update we read about node security updates, 2FA for Node apps, npx - an npm package runner, distributed tracing & more...

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!