Below you can find RisingStack’s collection of the most important Node.js news, projects, updates & security leaks from this week:
1. Node.js 8.0.0 has been delayed and will ship on or around May 30th
This post is brought to you by Myles Borins who is a @nodejs ctc member / developer advocate for @googlecloud. Now with that background, let’s dive into the “why” of the delay around Node.js 8.0.0.
Why? The short version: We want to give ourselves the option to ship the Node.js 8.x release line with the TurboFan + Ignition pipeline, which will become the default in V8 5.9. This would allow our next LTS release line to run on a more modern compiler + jit pipeline, making backporting easier and giving us a longer support contract from the V8 team.
2. Mastering the Node.js Core Modules — The File System & fs Module
In this article, we’ll take a look at the File System core module, File Streams and some fs module alternatives.
In this new Mastering the Node.js Core Modules series you can learn what hidden/barely known features the core modules have, and how you can use them. We will also mention modules that extend their behaviors and are great additions to your daily development flow.
3. Put your Electron app on a diet with Electrino
Meet the 99.9% weight loss plan for desktop apps built with web technologies.
So, each Electron app essentially carries an operating system with it. The “Hello World” app for Electron weighs 115 MB. For small apps, there would be another way. Instead of bundling the web runtime with each app, they could use the system-provided web runtime instead.
4. Q&A with Snyk on security, npm and the Node.js Foundation
The Node.js Foundation recently sat down with co-founder and CEO of Snyk, Guy Podjarny, to talk to him a bit more about Snyk, creating better security for the larger Node.js package ecosystem, and why Snyk joined the Foundation.
Q: Why is security in the package ecosystem so important?
A: The transformation npm and other package managers are bringing to the world of development is both amazing and complicated.
5. Zeit/PKG: Package your Node.js project into an executable
This command line interface enables you to package your Node.js project into an executable that can be run even on devices without Node.js installed.
6. Build Microservices with Node.js — 22–23 June, 2017
Two days of hands-on training to master microservices with Node.js in San Francisco, CA — held by the co-founder and CTO of RisingStack, Peter Marton.
This course is for you if
- you are considering microservices for your organization,
- you want to better understand microservices,
- you want to migrate to microservices,
- you want hands-on experience in building microservices with Node.js.
Recent Node.js Releases:
○ Node v6.10.3 (LTS)
- module: The module loading global fallback to the Node executable’s directory now works correctly on Windows.
- src: fix base64 decoding in rare edgecase
- tls: fix rare segmentation faults when using TLS
○ Node v7.10.0 (Current)
- crypto: add randomFill and randomFillSync
-
meta: Added new collaboratorsadd lucamaraschi to collaboratorsadd DavidCai1993 to collaboratorsadd jkrems to collaboratorsadd AnnaMag to collaborators
- process: fix crash when Promise rejection is a Symbol
- url: make WHATWG URL more spec compliant
-
**v8:**fix stack overflow in recursive methodfix build errors with g++ 7
○ Node v4.8.3 (Maintenance)
- module: The module loading global fallback to the Node executable’s directory now works correctly on Windows.
- src: fix base64 decoding in rare edgecase
- tls: fix rare segmentation faults when using TLS
Vulnerable npm Packages Discovered:
High severity
- Downloads Resources over Insecure Protocol — ec2-price package, versions <0.5.0
Medium severity
- Directory Traversal — sencisho package, versions <0.3.3
- Directory Traversal — guaycuru package, versions <0.2.4
- Arbitrary Code Injection — growl package, versions <1.9.3
- Arbitrary Code Injection — protojs package, versions <1.0.6
- Arbitrary Code Injection — microservicebus.node package, versions <0.4.3
- Arbitrary Code Injection — mongo-parse package, ALL versions
- Arbitrary Code Injection — kmc package, ALL versions
- Arbitrary Code Injection — mongo-edit package, ALL versions
- Arbitrary Code Injection — mongui package, ALL versions
- Arbitrary Code Injection — mock2easy package, ALL versions
- Arbitrary Code Injection — mongoosemask package, ALL versions
- Arbitrary Code Injection — mongoosify package, versions <0.0.4
- Arbitrary Code Injection — modjs package, ALL versions
- Arbitrary Code Injection — m-log package, ALL versions
- Arbitrary Code Injection — modulify package, ALL versions
- Arbitrary Code Injection — nd-validator package, ALL versions
- Arbitrary Code Injection — nameless-cli package, ALL versions
- Arbitrary Code Injection — m2m-supervisor package, ALL versions
- Arbitrary Code Injection — mobile-icon-resizer package, versions <0.4.3
- Arbitrary Code Injection — mixin-pro package, versions <0.6.7
Previously in the Node.js Weekly
In the previous Node.js Weekly Update we read about Node + Robotics, a detailed Debugging Tool Collection, making RESTful Web Services, and so on..
Originally published at community.risingstack.com on May 5, 2017.