Node.js Weekly Update - 28 April, 2017

Below you can find RisingStack's collection of the most important Node.js news, projects, updates & security leaks from this week:

1. The Wonderful and Expanding World of Node.js and Robotics

NodeBots is a community of developers and makers that use JavaScript and Node.js to interface with different types of open source hardware and software involving mostly microcontrollers.

The result is essentially the ability to program “things” with JavaScript and Node.js. You can create a necklace that flashes when you talk into it or a cat feeder or anything that your mind can imagine.

2. How to Debug Node.js with the Best Tools Available

Debugging - the process of finding and fixing defects in software - can be a challenging task to do in all languages. Node.js is no exception.

We will dive into two different aspects of debugging Node.js applications - the first one will be logging, so you can keep an eye on production systems, and have events from there. After logging, we will take a look at how you can debug your applications in development environments.

3. Making RESTful Web Services the Easy Way with Node.js

Drivers make it easy to connect to and run statements against a database. That means they're perfect for creating RESTful APIs, right?

Well, you'll want to add some pagination capabilities, maybe sorting controls, and some generic filtering options too. You could do all that with the driver and some smart code, but there must be an easier way, right? Of course there is! In this session attendees learn about some of the challenges associated with manual API creation using drivers. Once those are understood, the discussion turns to several tools that offer similar functionality out of the box, including Loopback, Sails, and Oracle REST Data Services.

4. npm just passed 400.000.000 downloads/day

npm, the Node Package Manager passes 400 million downloads a day

5. Create a Continuous Deployment Pipeline with Node.js and Jenkins

Node.js is a very popular technology and a perfect candidate to be plugged into a continuous deployment pipeline using Jenkins.

Jenkins Node.js Source Control

We’re going to see how to continuously deploy a Node.js application with Jenkins based on changes made to a GitHub repository.

6. Node.js Monitoring & Debugging with Trace

Trace, our Node.js monitoring & debugging tool is now free for open-source projects.

Trace - a Node.js Monitoring & Debugging Tool

We know from experience that developing an open-source project is hard work, which requires a lot of knowledge and persistence. Trace will save a lot of time for those who use Node for their open-source projects.

7. SafetyCulture Joins the Node.js Foundation

The team recently joined the Node.js Foundation because they are dedicated to supporting the open source community that they are actively involved in and rely on.

We sat down with Brett Porter, who is head of architecture at SafetyCulture, to hear more about the company’s interesting history and offerings, how they are using Node.js, and how they contribute to — and are planning to contribute more to — open source.

Security Vulnerabilities Discovered:

High severity

Medium severity

  • ReDoS - brace-expansion package, versions <1.1.7
  • Directory Traversal - pooledwebsocket package, versions <0.0.18
  • Directory Traversal - list-n-stream package, versions <0.0.11
  • XSS - dompurify package, versions <0.8.6
  • XSS - dompurify package, versions <0.8.0 >=0.7.3
  • XSS - dompurify package, versions <0.6.1 >=0.4.0
  • XSS - dompurify package, versions <0.4.4
  • Insecure Defaults - dompurify package, versions <0.3

Previously in the Node.js Weekly Update

In the previous Node.js Weekly Update we read about lessons of 5 years with Node.js, Object Streams, Free Node.js Monitoring, Node v8 delay PSA & more..

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!