Below you can find RisingStack’s collection of the most important Node.js updates, projects, tutorials & Node related conferences from this week:
Notable changes in the new release:
ares_parse_naptr_reply()
, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record.Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fixes for Node.js dependencies across the current release lines.
Downloads:
Note: The 0.10.x and 0.12.x release lines are also vulnerable to the Constant Hashtable Seeds vulnerability. We recommend that users of these release lines upgrade to one of the supported LTS release lines.
For more info on these flaws, read the article.
2FA relies on unique shared secrets we’ll give our users. Users can then take those shared secrets to generate time-based six-digit tokens on their phone or any other OTP device to log onto our site. This is more secure than plain password-based authentication: in addition to obtaining access to the user’s password, a malicious actor would also need the shared secret in order to compromise their account.
Let’s take a look at how we can quickly hash out a correct two-factor authentication (2FA) solution for our web applications. First off, let’s work out the required flow.
Those of you upgrading npm to its latest version, [email protected], might notice that it installs a new binary alongside the usual npm: npx.
npx is a tool intended to help round out the experience of using packages from the npm registry — the same way npm makes it super easy to install and manage dependencies hosted on the registry, npx makes it easy to use CLI tools and other executables hosted on the registry.
Microservices is a powerful architecture pattern with many advantages, but it also brings new challenges regarding debugging — as it’s a distributed architecture that moves the complexity to the network.
Distributed tracing (and OpenTracing) provides a solution by giving enough visibility and information about cross-process communication.
This article explains the basics of distributed tracing as well as shows an open-source solution to debug Node.js based microservices applications.
While everyone seems to agree about the fact that premature optimization could be detrimental, you must care about performances either way: in the most simplest case you may want to know how much memory a given Node.js process uses during its execution.
In this post we will see how to use a Node.js builtin method in order to gain knowledge about the memory usage of any given process.
What you will learn:
The conference (October 4–6 — Vancouver, Canada) features keynotes, presentations and workshops that are aimed to help Node.js users better understand how to work with Node.js and JavaScript as well as best practices in contributing to the project.
Keynotes announced so far:
The “Testing Node.js Applications” course takes four weeks, with 2-hour webinars (3 in total) and a 1-on-1 session tailored for your special needs.
During these four weeks, you will learn how to unit test your application, write integration and end-to-end tests. The webinars will be recorded and distributed to the attendees.
In the previous Node.js Weekly Update we read about performance monitoring with Prometheus, Building a sentiment analysis bot with IBM Watson and Raspberry Pi & Trading Cryptocurrencies, Forex, Commodities Stocks and More Using Node.js.
We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!
Originally published at community.risingstack.com on July 14, 2017.