#356 — September 17, 2020

Read on the Web

Node Weekly

Node.js September 2020 Security Releases — New versions of all supported release lines are out to fix three security issues, so pick up Node 10.22.1, 12.18.4 or 14.11.0 today.

Prior Node 12 and 14 releases are suspectible to an HTTP request smuggling vulnerability caused by carriage return to hyphen conversion in request headers. Prior Node 14 releases are suspectible to a DoS through unfinished HTTP/1.1 requests. And all prior releases are susceptible to buffer overflows through certain situations with fs.realpath.native.

Michael Dawson

Redis 6.0 on RedisGreen — SSL encryption, key size tracking, memory mapping, online upgrades, and more.

RedisGreen sponsor

Playwright 1.4: Fast and Reliable Cross-Browser Testing — Despite being 1.4, this is a pretty big release for the Puppeteer alternative. It now includes a CLI playwright-cli with which you can record user interactions and generate Playwright scripts, generate page screenshots, and more. Plus there’s experimental support for recording videos of what your scripts do with the browser.


Telegraf: A Modern Telegram Bot Framework for Node — I’ve not used this library yet, but Telegram is a pretty good messaging system to write bots or automated clients for as it has a solid API, and this project seems incredibly thorough.

Vitaly Domnikov et al.

How I Built a Serverless Recipe App with FaunaDB and Vue.js — If you tend to turn to Express.js and a more traditional database for building CRUD apps, this post will present an interesting alternative approach to you. And if you ever get hooked on serverless approaches, we have a newsletter for that! 😁

Tom Doe

💻 Jobs

Node.js Developer at X-Team (Remote) — Join the most energizing community for developers and work on projects for Riot Games, FOX, Sony, Coinbase, and more.


Find Your Next Job Through Vettery — Create a profile on Vettery to connect with hiring managers at startups and Fortune 500 companies. It's free for job-seekers.


🧑‍💻 Interested in running a job listing in this newsletter? There's more info here.

📗 Tutorials and Stories

▶  What I Didn’t Do and Why: A Node Story with Dan Shaw — Dan Shaw is a well known name in the Node world as a founder of the Node.js Foundation, The Node Firm, and then NodeSource – plus co-host of NodeUp. In this hour long talk he covers his long history with Node and how the community and ecosystem have grown.

Dan Shaw

Performance Best Practices When Using Express in Production — Split into sections about what to do in your code and what to do on the ops side of things.


When the Bits Hit the Fan: AppSignal — AppSignal provides insights into errors, performance, servers and more - all in one clear and easy interface.

AppSignal sponsor

Running a Serverless OAuth Proxy with GrantGrant is a JavaScript-powered OAuth proxy that, till now, has needed to be run in a typical HTTP servery way, but.. it now supports AWS Lambda, Azure Functions, Cloud Functions and Vercel out of the box.

Simon Vlachkov

Working with OAuth in Node.js CLI Apps — This is useful because it’s not the most obvious of things to do.

Valeri Karpov

How to Debug a Node App Deployed with Jenkins X using Rookout — Note that this refers to Jenkins X, a Jenkins variant focused on CD on Kubernetes.

Josh Hendrick

🛠 Tools, Resources and Libraries

npm v7.0.0 Beta 11 Released — Beta 10 was meant to be the last beta before RC but a few things came up.. 😄

Isaac Z. Schlueter

chrome-aws-lambda: A Chromium Binary for AWS Lambda — A project to make it easy to use a headless Chrome instance from your AWS Lambda serverless functions. Sees frequent updates.

Alix Axel

Access Your C/C++ Code From Node.js. We'll Create Your Custom Binding


Gemini 4: A 'Currently Playing' Viewer for Spotify — A basic Electron app that offers an ‘easy on the eyes’ way to see what’s currently playing in Spotify.

Gabe Haarberg

The Braintree Node.js Library 3.0 — If you use Braintree’s payment services, this is the first major update to their Node client library in a long while.