#291 — June 6, 2019

Read on the Web

Node Weekly

How the npm Security Team Foiled a Criminal Plot — Several months ago, the event-stream package was compromised in an attempt to attack people’s cryptocurrency wallets and the potential loot proved too tempting to the latest set of crooks who have been thwarted by the npm, Inc. security team.

The npm Blog

npm Passes The 1 Million Package Milestone — Not only is Node.js 10 years old, there are now also, quite coincidentally, 1 million npm packages (though npm’s own 10th birthday is next year). Rumors suggest only about 23% of the packages belong to Sindre Sorhus.

Liran Tal

Measure the Health and Performance of Your Node Applications with Datadog APM — Get detailed performance data from your Node.js apps and the underlying infrastructure with Datadog. Try Datadog free.

Datadog sponsor

Node v12.4.0 (Current) Released — The continuing velocity of Node releases continues to impress. This time, you can now override the default HTTP server socket timeout (of 2 minutes) using the --http-server-default-timeout flag, Node’s JSON-based documentation (example) is now considered stable, and you can now use the --heap-prof flag to run the V8 heap profiler and write the results to disk on exit.

Node.js Foundation

node-libcurl 2.0: libcurl Bindings for Nodelibcurl is a very powerful and well established way to fetch data from URLs across numerous protocols. In version 2.0.0, support for Node 4 and 6 is dropped, Node 12 is added, along with lots of fixes and increased support for libcurl’s features.

Jonathan Cardoso Machado

Switch From Medium to Your Own Blog in a Few Minutes — This is a Node project, but I’m mostly featuring it because I would love if more people we linked to were using their own blog instead of the nightmare that is Medium. Here’s an example of the end result, but you can tune it to your own tastes.

Mathieu Dutour

Node.js's 10 Year History on a Timeline — Last week we celebrated Node’s tenth birthday, and the RisingStack folks have now updated their Node.js history timeline too. How far we’ve come!

Gergely Nemeth

💻 Jobs

Node.js Developer at X-Team (Remote) — Join the most energizing community for developers. Work from anywhere with the world's leading brands.


Land a New Dev Job on Vettery — Vettery specializes in tech roles and is completely free for job seekers.


📚 Tutorials

How to Mock Services Using Mountebank and Node — A service mock is code that simulates a service that is not yet available (or is otherwise inconvenient to call frequently) in order to test an application. Mountebank is a powerful way to create them.

Dustin Ewers

A Guide to Rolling Your Own Node Authentication — The real title is “You don’t need passport.js” but while it’s a good exercise to implement your own authentication system to understand the details, middleware like Passport does make the process easier.

Santiago Quinteros

Webinar: Node.js and Serverless (June 11)

NodeSource sponsor

How to 'Notarize' Your Electron Application for macOS — If you want Electron apps you create to run on macOS without any complaints, this is a must read.

Kilian Valkhof

How to Write End-to-End Tests for Next.js AppsNext.js is popular React framework for PWAs and server-rendered apps.


My Opinionated git Cheat Sheet — Not Node specific but we came across this several weeks ago and have been saving it up for a quiet week as it’s quite useful.

Ben Nadel

🛠 Code and Tools

AVA 2.0: A Powerful Test Runner for Node — AVA is a popular choice for testing with its concise API, process isolation and detailed error output. 2.0 has several breaking changes but feature wise is a gentle evolution on 1.0.


Express Rate Limit: Basic Rate-Limiting Middleware for Express.js — Limit repeated requests to public APIs or sensitive endpoints such as password resets.

Nathan Friedly

Safely Roll Out New Features in Node with Optimizely Rollouts
Ship faster with less risk. Get free feature flags to instantly turn on or off features without deploys.

Optimizely Rollouts sponsor

A Serverless Component to Transcribe Audio Stored in an S3 Bucket — A template and function for turning an S3 bucket of audio into an S3 bucket of transcriptions via AWS Lambda and Amazon Transcribe.

Alexander Simovic

MQTT.js: An MQTT Client for Node and the BrowserMQTT is a messaging protocol commonly associated with IoT. A new release this week adds support for MQTT 5.


node-gitlab: A GitLab API Library with Complete API Support

Justin Dalrymple

Code to Scrape Subreddits using Puppeteer — You don’t need to do this as Reddit has a generous API (including publicly accessible JSON versions of most pages) but this repo could help if you want a Puppeteer example to learn from.

Petros Kyriakou