Below you can find RisingStack ’s collection of the most important Node.js news, projects, updates & security leaks from this week: 1. Node.js 8.0.0 has been delayed and will ship on or around May 30th This post is brought to you by Myles Borins who is a @nodejs ctc member / developer advocate for @googlecloud. Now with that background, let’s dive into the “why” of the delay around Node.js 8.0.0. Why? The short version: We want to give ourselves the option to ship the Node.js 8.x release line with the TurboFan + Ignition pipeline, which will become the default in V8 5.9. This would allow our next LTS release line to run on a more modern compiler + jit pipeline, making backporting easier and giving us a longer support contract from the V8 team. 2. Mastering the Node.js Core Modules — The File System & fs Module In this article, we’ll take a look at the File System core module, File Streams and some fs module alternatives. In this new Mastering the Node.js Core Modules series you can learn what hidden/barely known features the core modules have, and how you can use them. We will also mention modules that extend their behaviors and are great additions to your daily development flow. 3. Put your Electron app on a diet with Electrino Meet the 99.9% weight loss plan for desktop apps built with web technologies. So, each Electron app essentially carries an operating system with it. The “Hello World” app for Electron weighs 115 MB. For small apps, there would be another way. Instead of bundling the web runtime with each app, they could use the system-provided web runtime instead. 4. Q&A with Snyk on security, npm and the Node.js Foundation The Node.js Foundation recently sat down with co-founder and CEO of Snyk, Guy Podjarny, to talk to him a bit more about Snyk, creating better security for the larger Node.js package ecosystem, and why Snyk joined the Foundation. Q: Why is security in the package ecosystem so important? A: The transformation npm and other package managers are bringing to the world of development is both amazing and complicated. 5. Zeit/PKG: Package your Node.js project into an executable This command line interface enables you to package your Node.js project into an executable that can be run even on devices without Node.js installed. 6. Build Microservices with Node.js — 22–23 June, 2017 Two days of hands-on training to master microservices with Node.js in San Francisco, CA — held by the co-founder and CTO of RisingStack, Peter Marton. This course is for you if you are considering microservices for your organization, you want to better understand microservices, you want to migrate to microservices, you want hands-on experience in building microservices with Node.js. Recent Node.js Releases: ○ Node v6.10.3 (LTS) The module loading global fallback to the Node executable’s directory now works correctly on Windows. module: fix base64 decoding in rare edgecase src: fix rare segmentation faults when using TLS tls: ○ Node v7.10.0 (Current) add randomFill and randomFillSync crypto: Added new collaboratorsadd lucamaraschi to collaboratorsadd DavidCai1993 to collaboratorsadd jkrems to collaboratorsadd AnnaMag to collaborators meta: fix crash when Promise rejection is a Symbol process: make WHATWG URL more spec compliant url: **v8:**fix stack overflow in recursive methodfix build errors with g++ 7 ○ Node v4.8.3 (Maintenance) The module loading global fallback to the Node executable’s directory now works correctly on Windows. module: fix base64 decoding in rare edgecase src: fix rare segmentation faults when using TLS tls: Vulnerable npm Packages Discovered: High severity — package, versions <0.5.0 Downloads Resources over Insecure Protocol ec2-price Medium severity — package, versions <0.3.3 Directory Traversal sencisho — package, versions <0.2.4 Directory Traversal guaycuru — package, versions <1.9.3 Arbitrary Code Injection growl — package, versions <1.0.6 Arbitrary Code Injection protojs — package, versions <0.4.3 Arbitrary Code Injection microservicebus.node — package, ALL versions Arbitrary Code Injection mongo-parse — package, ALL versions Arbitrary Code Injection kmc — package, ALL versions Arbitrary Code Injection mongo-edit — , ALL versions Arbitrary Code Injection mongui package — package, ALL versions Arbitrary Code Injection mock2easy — package, ALL versions Arbitrary Code Injection mongoosemask — package, versions <0.0.4 Arbitrary Code Injection mongoosify — package, ALL versions Arbitrary Code Injection modjs — package, ALL versions Arbitrary Code Injection m-log — package, ALL versions Arbitrary Code Injection modulify — package, ALL versions Arbitrary Code Injection nd-validator — package, ALL versions Arbitrary Code Injection nameless-cli — package, ALL versions Arbitrary Code Injection m2m-supervisor — package, versions <0.4.3 Arbitrary Code Injection mobile-icon-resizer — package, versions <0.6.7 Arbitrary Code Injection mixin-pro Previously in the Node.js Weekly In the previous we read about Node + Robotics, a detailed Debugging Tool Collection, making RESTful Web Services, and so on.. Node.js Weekly Update Originally published at community.risingstack.com on May 5, 2017.
Share Your Thoughts