Security releases all round
#401 — August 12, 2021
📋 Node Weekly is taking a little summer vacation next week so we’ll be back for the next time on Thursday, August 26. See you then! 🙂
Peter Cooper, editor
August 2021 Security Releases: Node 16.6.2, 14.17.5 and 12.22.5 — The Node team is always on the ball when it comes to security fixes and releases so now we have Node 16.6.2, 14.17.5 and 12.22.5, all fixing up the same three issues on their respective branches. The two ‘high’ level vulnerabilities relate to improper handling of unusual characters in Node’s DNS library and a memory freeing issue in http2.
V8 Release v9.3 — Recent V8 releases have been reasonably lean on new features, and so it goes with 9.3 which mostly gets faster compilation, Object.hasOwn (an alias for Object.prototype.hasOwnProperty.call), and the ability to attach error ‘causes’ to Error instances. It’s in beta until Chrome 93 (due in the coming weeks) and will appear in Node.js soon too.
Search Your Code. ALL of It, Everywhere — Sourcegraph is the one tool to find & fix things across all your code: any code host, any repo, any language. Easily construct complex queries to find & filter code in ways IDEs and code hosts can’t. Stay in flow & get your answers in milliseconds. Try it now.
A developer claims npm has indefinitely suspended its process for adopting ‘abandoned’ packages because he accidentally ended up with a package that wasn’t actually abandoned..
Tim Perry thinks that the lowest severity fix in this week’s security releases (above) is more serious than it looks at first as it can allow TLS certificate verification to be turned off in many HTTPS request scenarios.
It’s oriented around a commercial service, but it’s interesting to see the potential for distributing Node modules in a commercial way.
Deno 1.13 Released — Node’s cousin runtime has received a release with a ton of small enhancements, including its native HTTP server API going stable, language server improvements, more TLS customization options, and integrating V8 9.3.
The Deno Team
How to Publish Node.js Docker Images to Docker Hub Registry with GitHub Actions — Last month Liran covered publishing Docker images to GitHub Packages and moves on to a workflow for Docker Hub this time out.
Liran Tal (Snyk)
▶ Learning MongoDB by Building a Project — This was a livestream so is unedited and gently paced but it’s also thorough and honest as a nice look at how real developers approach building apps using Node, Next.js, and MongoDB’s hosted Atlas service.
Florin Pop and Jesse Hall
Testing Authenticated Routes in AdonisJS
🛠 Code & Tools
PureORM: A Node.js SQL Toolkit for Writing Native SQL Queries Yielding Pure Business Objects — Allows you to write regular native SQL and receive back properly structured (nested) pure business objects, as opposed to a more typical ORM where you build queries in other ways.
Keyv: Simple Key-Value Storage with Multi-Backend Support — Need either a TTL-based cache or persistent key-value store for your Node app with total flexibility over the backend store? This supports MySQL, PostgreSQL, SQLite, Redis, Mongo, DynamoDB, Memcached, and, amazingly, more.
Caterpillar 6.8: The ‘Ultimate’ Logging System — Log levels are implemented to RFC 3164 standards. Entries can be filtered and piped to various streams, including colorized output to the terminal, the browser console, and debug files. You can also write your own transforms. It supports Deno too.
Slonik v24: A Sophisticated Node Postgres Client Library — A ‘battle tested’ framework that abstracts repeating code patterns, protects against unsafe behavior, and provides a rich debugging experience.
Awilix: An Inversion of Control (IoC) Container for Node — There’s also a tutorial (from 2016) explaining how it works and why it exists.
Octokit.js 1.4.0: The All-Batteries-Included GitHub SDK — Supports browsers, Deno, and of course, Node.
negative-array 3.0: Negative Array Index Support using Proxies — For example, array[-1]. Even if you wouldn’t use this (and on Node 16.6+ you can now use Array#at() anyway), the source is worth reading to learn how it works if proxies remain a mystery to you.
Senior Fullstack JS Engineer? Come Solve Challenges at Matterway — We’re looking for experienced engineers to help us build an innovative web automation platform.
Senior Software Architect — As a Sr Software Architect you’ll be at the center of building the platform that enables us to redefine this industry.
Berkadia a Berkshire Hathaway and Jefferies Financial Group company
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.