#305 — September 12, 2019

Read on the Web

Node Weekly

Worker Threads Now Considered 'Stable' in Node — There’s not a lot to see in this commit, but the worker_threads module (which lets you use threads to execute JavaScript in parallel) is no longer considered ‘experimental’. Not played with them yet? Here’s what they are and why they matter, and here’s a guide to using them.


⚠️ Sequelize ORM Found Vulnerable to SQL Injection Attacks — The good news is the problem is solved and you just need to update if you're using Sequelize. But if you want to learn about how the vulnerability was discovered and how it could be abused, read on.

Liran Tal

🔩 Digging into Node.js with Kyle Simpson — Learn Node.js piece-by-piece, from building command line scripts, to reading and writing files, to web servers and more...all while using very few libraries and abstractions.

Frontend Masters sponsor

js-fire: Generate CLIs from JavaScript ObjectsPython Fire is a Google tool for creating CLIs from Python objects.. this JavaScript clone brings the same thing to our world.

Craig Mulligan

Proxying npm Packages with GitHub Package Registry — GitHub has introduced the ability to proxy packages from the main npm registry through its GitHub Package Registry service (which is still in beta).

Alex Mullans (GitHub)

Possible Node Security Releases Due to OpenSSL Security Updates — This sits as a low priority item for now, but a security update to OpenSSL came out earlier this week to fix two low severity issues which may trigger Node updates in kind this week. No movement yet, however.

Node.js Foundation

💻 Jobs

Can you help our client migrate to Node? (Docklands, London) — Do you have experience and strong opinions on Node best practices? Come and share your advice with an engaged, friendly team of excellent software engineers.


Find a Node job through Vettery — Make a free profile, name your salary, and connect with hiring managers from top employers.


📚 Articles and Tutorials

The ABCs of Node.js: A Node Glossary — Basically a glossary of sixty-one different terms you might come across in the Node world, such as ‘middleware’, ‘LTS’, and ‘streams’.

Liz Parody

What's New in Mongoose 5.7Mongoose is perhaps the most popular way to use MongoDB from Node and 5.7 introduces support for MongoDB 4.2, as well as conditionally immutable properties and faster document arrays.

Valeri Karpov

Score SOC 2 Compliance Quick Wins Using Git: A Developer's Guide — A practical list of Git best practices to help you get SOC 2 quick wins, while improving developer productivity.

Datree.io sponsor

▶  'I Teach My Spouse Node.js' — It’s entry level but I found the format of this video interesting. Teaching an absolute beginner is an interesting way to learn.

Caleb Curry

▶  Building a Custom Github Action for a Node.js Project — A 50 minute livestream.

Tim Ermilov

Better Package Selection with npm Enterprise — npm Enterprise lets customers specify policies over which packages can be used and downloaded, and it now lets users look at these more easily.

The npm Blog

🛠 Code and Tools

Mercury Parser: Extract Content From Web Pages — Extracts the ‘useful’ parts from Web pages, such as titles, authors, the main content, etc.


📱 node-apn: Apple Push Notification Module for Node — A way to interface with the Apple Push Notification service. Version 3.0 has just been released.


Route Your Data to Any Analytics Service from Your Node Code

Segment sponsor

📺 CEC-Controller: Control HDMI Devices from Node — This requires some work to set up, but is a Node interface to HDMI’s CEC feature which lets you control devices like TVs over their HDMI connection.


collect.js: 109 Convenience Methods for Arrays and Objects — A similar API to Laravel Collections: chunk, flatten, shuffle, firstWhere, mapWithKeys, etc. GitHub repo..

Daniel Eckermann

async-ratelimiter: A Simple, Redis-Backed, Async Rate Limiter