Below you can find RisingStack's collection of the most important Node.js news, projects, updates & security leaks from this week:
Debugging - the process of finding and fixing defects in software - can be a challenging task to do in all languages. Node.js is no exception.
We will dive into two different aspects of debugging Node.js applications - the first one will be logging, so you can keep an eye on production systems, and have events from there. After logging, we will take a look at how you can debug your applications in development environments.
Drivers make it easy to connect to and run statements against a database. That means they're perfect for creating RESTful APIs, right?
Well, you'll want to add some pagination capabilities, maybe sorting controls, and some generic filtering options too. You could do all that with the driver and some smart code, but there must be an easier way, right? Of course there is! In this session attendees learn about some of the challenges associated with manual API creation using drivers. Once those are understood, the discussion turns to several tools that offer similar functionality out of the box, including Loopback, Sails, and Oracle REST Data Services.
Node.js is a very popular technology and a perfect candidate to be plugged into a continuous deployment pipeline using Jenkins.
We’re going to see how to continuously deploy a Node.js application with Jenkins based on changes made to a GitHub repository.
Trace, our Node.js monitoring & debugging tool is now free for open-source projects.
We know from experience that developing an open-source project is hard work, which requires a lot of knowledge and persistence. Trace will save a lot of time for those who use Node for their open-source projects.
The team recently joined the Node.js Foundation because they are dedicated to supporting the open source community that they are actively involved in and rely on.
We sat down with Brett Porter, who is head of architecture at SafetyCulture, to hear more about the company’s interesting history and offerings, how they are using Node.js, and how they contribute to — and are planning to contribute more to — open source.
Security Vulnerabilities Discovered:
- Resources Downloaded over Insecure Protocol - nodux-core package, versions <0.0.18
- ReDoS - brace-expansion package, versions <1.1.7
- Directory Traversal - pooledwebsocket package, versions <0.0.18
- Directory Traversal - list-n-stream package, versions <0.0.11
- XSS - dompurify package, versions <0.8.6
- XSS - dompurify package, versions <0.8.0 >=0.7.3
- XSS - dompurify package, versions <0.6.1 >=0.4.0
- XSS - dompurify package, versions <0.4.4
- Insecure Defaults - dompurify package, versions <0.3
Previously in the Node.js Weekly Update
In the previous Node.js Weekly Update we read about lessons of 5 years with Node.js, Object Streams, Free Node.js Monitoring, Node v8 delay PSA & more..