Node.js Weekly Update - 5 May, 2017

Below you can find RisingStack's collection of the most important Node.js news, projects, updates & security leaks from this week:

1. Node.js 8.0.0 has been delayed and will ship on or around May 30th

This post is brought to you by Myles Borins who is a @nodejs ctc member / developer advocate for @googlecloud. Now with that background, let’s dive into the “why” of the delay around Node.js 8.0.0.

Node.js v8 Later or Now

Why? The short version: We want to give ourselves the option to ship the Node.js 8.x release line with the TurboFan + Ignition pipeline, which will become the default in V8 5.9. This would allow our next LTS release line to run on a more modern compiler + jit pipeline, making backporting easier and giving us a longer support contract from the V8 team.

2. Mastering the Node.js Core Modules - The File System & fs Module

In this article, we'll take a look at the File System core module, File Streams and some fs module alternatives.

The Async Node.js API

In this new Mastering the Node.js Core Modules series you can learn what hidden/barely known features the core modules have, and how you can use them. We will also mention modules that extend their behaviors and are great additions to your daily development flow.

3. Put your Electron app on a diet with Electrino

Meet the 99.9% weight loss plan for desktop apps built with web technologies.

Electrino - an light Electron App

So, each Electron app essentially carries an operating system with it. The “Hello World” app for Electron weighs 115 MB. For small apps, there would be another way. Instead of bundling the web runtime with each app, they could use the system-provided web runtime instead.

4. Q&A with Snyk on security, npm and the Node.js Foundation

The Node.js Foundation recently sat down with co-founder and CEO of Snyk, Guy Podjarny, to talk to him a bit more about Snyk, creating better security for the larger Node.js package ecosystem, and why Snyk joined the Foundation.

Node.js Security

Q: Why is security in the package ecosystem so important?

A: The transformation npm and other package managers are bringing to the world of development is both amazing and complicated.

5. Zeit/PKG: Package your Node.js project into an executable

This command line interface enables you to package your Node.js project into an executable that can be run even on devices without Node.js installed.

Zeit/PKG - a Node.js Packager

6. Build Microservices with Node.js - 22-23 June, 2017

Two days of hands-on training to master microservices with Node.js in San Francisco, CA - held by the co-founder and CTO of RisingStack, Peter Marton.

Microservices training with RisingStack

This course is for you if

  • you are considering microservices for your organization,
  • you want to better understand microservices,
  • you want to migrate to microservices,
  • you want hands-on experience in building microservices with Node.js.

Recent Node.js Releases:

○ Node v6.10.3 (LTS)

  • module: The module loading global fallback to the Node executable's directory now works correctly on Windows.
  • src: fix base64 decoding in rare edgecase
  • tls: fix rare segmentation faults when using TLS

○ Node v7.10.0 (Current)

  • crypto: add randomFill and randomFillSync
  • meta: Added new collaborators
  • add lucamaraschi to collaborators
  • add DavidCai1993 to collaborators
  • add jkrems to collaborators
  • add AnnaMag to collaborators
  • process: fix crash when Promise rejection is a Symbol
  • url: make WHATWG URL more spec compliant
  • v8:
  • fix stack overflow in recursive method
  • fix build errors with g++ 7

○ Node v4.8.3 (Maintenance)

  • module: The module loading global fallback to the Node executable's directory now works correctly on Windows.
  • src: fix base64 decoding in rare edgecase
  • tls: fix rare segmentation faults when using TLS

Vulnerable npm Packages Discovered:

High severity

Medium severity

Previously in the Node.js Weekly

In the previous Node.js Weekly Update we read about Node + Robotics, a detailed Debugging Tool Collection, making RESTful Web Services, and so on..

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!