Node.js Weekly Update — 16 June, 2017

Below you can find RisingStack’s collection of the most important Node.js updates, projects, tutorials & Node related conferences from this week:

Two-Factor Authentication with Node.js

Passwords can be guessed, phone numbers can be spoofed, but using two-factor authentication essentially requires that user be in possession of a physical device with an app like Google Authenticator, loaded with a secret key for the given app, which provides an extra layer of security.

Since I use 2FA so often, I wanted to see how the process is managed by a developer for its users. That would include generating the secret key, creating its QR code representation, scanning the code into Google Authenticator (done by the user), and then validating that GA-given code against the user’s key. I found an easy to use Node.js library, speakeasy, to do so!

Habits of a Happy Node Hacker 2017

Here are 8 habits for happy Node hackers updated for 2017. They’re specifically for app developers, rather than module authors, since those groups have different goals and constraints.

Build a “Serverless” Twilio SMS + Call Forwarding Bot in 7 Minutes using Node.js + StdLib

Learn how you can build a Twilio Messaging Hub in only 7 Minutes with StdLib!

What You’ll Need Beforehand:

• 1x Twilio Account
• 1x Command Line Terminal
• 7x Minutes (or 420x Seconds)

Survey: Node.js Developers Struggle with Debugging & Downtimes

In this article we summarize the insights we learned from our latest survey on developers problems with Node.js Debugging, Downtimes, Microservices & other pain-points.

Key Findings of the Node.js Survey:

• 29,27% of Node.js developers experience downtimes in production systems at least once a week, 54,02% at least once a month.
• 27,50% of Node developers responding to the survey never experience downtimes.
• 42,82% of the respondents spend more than 2 hours a week with debugging their Node.js applications, including the 17,09% who spends more than 5 hours.
• The developers building a microservices architecture with Node spend more time with debugging. The advantage of microservices + Node manifests in the form of fewer downtimes.

Free Webinar on Digital Transformation with Node.js

Interested in learning how Node.js can help streamline your digital processes and the latest trends with this application platform?

In this interactive online seminar, we’ll reveal how companies like Capital One, Slack, Skycatch, and NASA benefit from using Node.js, from enabling rapid data experimentation to building innovative experiences on connected devices.

In the live Q & A session, you will have the chance to ask questions about specific use cases and learn why Node.js is the platform of choice for building digital experiences.

Nodevember 2017 Tickets are available

Nodevember is a two-day conference touching on all aspects of Node and JavaScript. The conference includes seminars, workshops, tutorials, code sprints, and lightning talks.

The fourth annual conference will be held November 27th and 28th, 2017 in Nashville, TN.

Node Core Changes:

⬢ Node v8.1.1 (Current)

• Child processes
• stdout and stderr are now available on the error output of a failed call to the util.promisify()ed version of child_process.exec.
• HTTP
• A regression that broke certain scenarios in which HTTP is used together with the cluster module has been fixed.
• HTTPS
• The rejectUnauthorized option now works properly for unix sockets.
• Readline
• A change that broke npm init and other code which uses readline multiple times on the same input stream is reverted.

⬢ Node v8.1.2 (Current)

Fix broken process.release properties in 8.1.1 causing failure to compile native add-ons on platforms other than Windows. This is a fix in the Node.js build process so there are no additional code commits included on top of 8.1.1.

Open CFP’s

• NodeFest Tokyo, Hosei University, Tokyo, Japan
• Node Summit, San Francisco (CA), United States
• dot Conferences, Paris, France

Upcoming Events

• JS Kongress Munich, Munich, Germany (June 18)
• Write/Speak/Code, Portland (OR), United States (June 20)
• NodeConf EU, Kilkenny, Ireland (June 30)
• Open Source Summit Europe, Prague, Czech Republic (July 8)
• Non Binary in Tech, London, UK (July 15 )
• CloudNativeCon + KubeCon North America 2017, Austin (TX), United States (August 21)
• CubaConf, Havana, Cuba ( August 31)

Source: The Node Foundation Newsletter

Vulnerable npm Packages Discovered:

Cross-Site Scripting (XSS)

• next package, versions <2.4.3

Directory Traversal

• citypredict.whauwiller package, ALL versions
• dmmcquay.lab6 package, ALL versions
• byucslabsix package, ALL versions
• jikes package, ALL versions
• scott-blanch-weather-app package, ALL versions
• node-simple-router package, ALL versions
• wffserve package, ALL versions
• elding package, ALL versions
• next package, versions <2.4.1 || >=3.0.0-beta1 ❤.0.0-beta7
• serve package, versions <5.2.0 || =5.2.1

Previously in the Node.js Weekly Update

In the previous Node.js Weekly Update we read about Node 8’s util.promisify(), handling 100 gigabytes of data with MySQL & Node.js, understanding lock files in npm 5 and a comaprison of Node 6 & 8.

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!

Originally published at community.risingstack.com on June 16, 2017.