Node Weekly Issue 152: August 25, 2016

Node Weekly

August 25, 2016 #152

Guy Podjarny

Controlling The Security Risk of npm Dependencies

Using npm packages inevitably exposes you to certain security risks. Ask these 7 questions to improve your exposure to common issues.

npm, Inc.

'fs' Package Unpublished and Restored

Many packages accidentally include the ‘fs’ package as a dependency despite being a built-in Node module. This caused major issues when the npm package was deleted. It has since been restored.

Vladimir de Turckheim

One Easy Way to Inject Malicious Code in Any Node App

“The chain used to include instances of modules can be tampered to allow modification of required dependencies.” One to be aware of, rather than use, of course.

ROLLBAR Sponsor

Find and Fix Node.js Errors Faster (and have fun doing it)

Quickly pinpoint what’s broken and why. Get the context and insights to defeat all Node errors.

Alex Rudenko

Building A Server-Side App with Async Functions and Koa 2

A practical example of building a simple server-side app that tracks page views for static websites, using Koa, a leaner framework than Express.

Mikeal Rogers

Node.js Everywhere: How Node Is Continuing to Grow

At Node.js Live London, Mikeal Rogers gave a quick 15 minute talk on the growth of Node and where things are headed from the Node Foundation’s point of view.

Jobs

Sr. JavaScript / Ruby Developer
Sticker Mule is looking for passionate engineers to join our remote team. Come help us build the best e-commerce experience using Ruby, Rails, React, Node, Docker and more. Sticker Mule
Stop Applying to Jobs - Let Companies Come To You
On Hired, engineers typically get 5+ job offers in 1 week. Find that new opportunity you've been craving and get access to 4,000+ companies instantly. Hired.com

In Brief

The NodeSource CFP, Calling Node Speakers for 3 US Events news
Events in Los Angeles, Washington DC, and Seattle in the next several months.
Dan Shaw
Building Your First Atom Plugin tutorial
A step-by-step tutorial for building a simple plugin in JavaScript for the Atom text editor.
GitHub
Building and Securing a Modern Backend API tutorial
Note: Leans heavily on the Auth0 service.
Ado Kukic
Build a REST API for Your Mobile Apps using Node.js tutorial
Learn how to build a REST API to serve as a Node mobile backend then connect it to an Android/iOS app.
Stormpath Sponsor
The Promises FAQ: Addressing Common Questions About Promises tutorial
Sven Slootweg
Analyzing Node.js on GitHub with BigQuery tutorial
Justin Beckwith
Emulating a 6502 System in JavaScript video
Filmed at the GOTO Chicago 2016 conference. 45 minutes.
Matt Godbolt
slow-deps: CLI Tool to Measure Slow Installing Dependencies tools
Measure which dependencies in a project are slowest to npm install.
Nolan Lawson
NodeSource now offers Containerized N|Solid Deployment for Kubernetes tools
Production-ready continuous performance and security monitoring for Node.js within a Kubernetes cluster.
NodeSource Sponsor
Moin: A (Very) Simple Node Microservice Server code
Watches a ‘services’ directory and reloads modules when they change.
OpenMCT: Web-Based Mission Control Software by NASA code
Yep, Node is being used to keep those rovers trucking.
NASA
Microlock: A Simple Distributed Locking Library for Node and etcd code
Jobstart
Cloverjs: REST API Framework with TypeScript Decorators Built on Express code
Oussama Gammoudi
localstorage-polyfill: An In-Memory localStorage Polyfill for Node code
Jiri Spac
Nucleus: A Living Style Guide Generator for SCSS code
Nucleus
Ramme: An Unofficial Instagram Desktop App code
Built using Electron, looks good.
Terkel Gjervig
koa-monitor: Realtime Monitoring for Koa.js Apps code
A port of express-status-monitor for Koa.
Jiri Spac
Neuron: An Offline-First Starter Kit for Electron Apps code