Below you can find RisingStack ’s collection of the most important Node.js news, projects, updates, insecure npm packages & Node related CFP’s from this week: 1. Node v8.0.0 (Current) Released This article contains a summary of the most significant changes and features in the next major release of Node.js. 2. The Important Features and Fixes of Node.js 8 With the release of Node.js Version 8 (on 30 May), we got the latest LTS (long-term support) variant with a bunch of new features and performance improvements. In this post, we’ll go through the most important features and fixes of the new Node.js 8 release. 3. npm v5.0.0 arrived v5 takes npm a pretty big step forward, significantly improving its performance in almost all common situations, fixing a bunch of old errors due to the architecture, and just generally making it more robust and fault-tolerant. It comes with changes to make life easier for people doing monorepos, for users who want consistency/security guarantees, and brings semver support to git dependencies. 4. Mikeal Rogers: Thank You. Good Bye. But Not Really. I’m incredibly proud of what we’ve been able to accomplish the last few years of Node.js. While I’ll forever be a part of this community, I’m ready to move on from the Foundation to the next challenge. The project is as strong as it has ever been with plenty of new project leaders who will surely fill whatever void I leave behind, and the project will end up even stronger for it. 5. N-API: Next generation Node.js APIs for native modules Existing native modules are written in C/C++ and directly depend on V8 and/or NAN APIs. The result of this dependency is a lack of API/ABI stability guarantees, requiring native addons to be updated or recompiled for every major Node.js release. The next generation, ABI-stable Node.js API for native modules or N-API aims to solve this problem, by providing an ABI-stable abstraction layer for native APIs in JavaScript VMs. 6. Announcement: On-premises Node.js Monitoring Tool is Now Available Trace, RisingStack’s Node.js Monitoring Tool helps developers and operation teams to debug & monitor Node.js infrastructures with ease. We are happy to announce that Trace is now also available as an on-premises solution. To learn more, check out our On-premises Node.js Monitoring Page. 7. Publishing a Maintainable NPM Module with Continuous Integration In this two-part series, you will learn how to build, test, and publish a JavaScript module to NPM, as well as how to update it using continuous integration that will automatically test and publish new versions. This post will focus on testing, building, and publishing a module, while Part II will focus on setting up continuous integration for updating the module. 8. Win a FREE ticket to Node Interactive North America The Node.js Foundation wants you to design the official Node.js Interactive t-shirt this year! The details: The Foundation will collect t-shirt art submissions until Monday, June 12. The winning design will be announced on Monday, July 10. The winner of the t-shirt design contest will be awarded a full access pass to Node.js Interactive. 9. Training: Build Microservices with Node.js — 29–30 June Two days of hands-on training to master microservices with Node.js with the CTO of RisingStack, Peter Marton. This course is for you if you are considering microservices for your organization, you want to better understand microservices, you want to migrate to microservices, you want hands-on experience in building microservices with Node.js. Vulnerable npm Packages Discovered this Week: Medium severity — package, versions <1.0.0 Cross-site Scripting (XSS) rendr-handlebars — package, versions <2.0.11 Cross-site Scripting (XSS) octotree — package, versions <1.1 Cross-site Scripting (XSS) octotree — package, versions <0.11.4 >=0.8.0 Cross-site Scripting (XSS) ghost — package, versions <1.0.0-alpha.5 >=1.0.0-alpha.1 || >=0.8.0 < 0.11.2 Cross-site Scripting (XSS) ghost — package, versions <0.5.9 Cross-site Scripting (XSS) ghost — package, versions <2.4.19 Cross-site Scripting (XSS) easyxdm — package, ALL versions Cross-site Scripting (XSS) bootstrap-markdown — package, versions <0.5.9 Authentication Bypass ghost — package, versions <0.5.9 Authentication Bypass ghost — package, ALL versions Man in the Middle (MitM) hotel — package, versions <0.10.0 Open Redirect ghost — package, versions <0.5.9 Information Disclosure ghost — package, versions <0.5.9 Denial of Service ghost — package, versions <0.5.9 Identity Spoofing ghost Open Node.js CFP’s , Tokyo NodeFest , San Francisco (CA) Node Summit , Paris dot Conferences , Stockholm Nordic.js , Long Beach (CA) Wonder Women Tech 2017 Previously in the Node.js Weekly In the previous we read about npm auth becoming limited, a great Node.js Streams Guide, an AWS Lambda & Nod Tutorial & about the upcoming Node conferences. Node.js Weekly Update We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed ! Originally published at community.risingstack.com on June 2, 2017.
