While there are many details that still need to worked through, and likely many issues that need to be fixed… this initial implementation provides enough functionality to get started, including:
- Push Stream Support
respondWithFD()APIs that allow extremely efficient sending of raw file data that bypasses the Streams API.
- TLS and Plain-text connections
- Full support for stream multiplexing
- HTTP/2 Prioritization and Flow Control
- Support for HTTP/2 trailers
- HPACK header compression support
- A compatibility API layer that operates as close as possible to the existing HTTP/1 API
You might have heard about the high impact security vulnerability issue recently fixed and announced by nodeJS team. This post will attempt to explain the issue, how and why it happened.
The vulnerability roots from HashTables, so lets start with a quick recap on HashTables, just in case you missed your computer science classes.
In this article, you’ll learn why Mac Heller-Ogden decided—on his own—to build a proof of concept for Node.js at Cars.com.
You’ll also learn how long it took, what leadership at Cars.com said when they saw his work (spoiler: they loved it), and what happened next.
Node.js is an event-based platform. This means that everything that happens in Node is the reaction to an event. A transaction passing through Node traverses a cascade of callbacks. Abstracted away from the developer, this is all handled by a library called libuv which provides a mechanism called an event loop.
The event loop is maybe the most misunderstood concept of the platform. The article covers Dynatrace’s learnings about how the event loop really works and how to monitor it properly.
- Add –link filter option to npm ls.
- 4 new languages – Czech, Italian, Turkish, and Chinese (Traditional)! This means npx is available in 14 different languages!
- New –node-arg option lets you pass CLI arguments directly to node when the target binary is found to be a Node.js script.
- As mentioned before, we’re continuing to do relatively rapid, smaller releases as we keep working on stomping out npm@5 issues! We’ve made a lot of progress since 5.0 already, and this release is no exception.
The Code of Conduct calls out the following as specific examples of unacceptable behavior:
- The use of sexualized language or imagery and unwelcome sexual attention or advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others’ private information, such as a physical or electronic address, without explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
We are happy to announce that starting from September, three instructors from RisingStack will be traveling Europe to hold trainings on Node.js, Microservices, and Security.
The trainings will be available in Vienna, Dublin, Amsterdam, Paris, Barcelona, Berlin, Zurich, London, Lisbon.
Node Summit is the largest conference focused exclusively on Node.js and “The Ecosystem of Node”.
You can still register for the chance to attend Day Zero on July 25th. Day Zero provides a limited set of attendees (based on order of registration) invite-only access to additional talks, workshops and educational sessions, as well as more opportunities to network with the Node.js community and thought leaders.
Node Core Changes:
- http: Writes no longer abort if the Socket is missing.
- process, async_hooks: Avoid problems when triggerAsyncId is undefined.
- zlib: Streams no longer attempt to process data when destroyed.
- Async Hooks
- Multiple improvements to Promise support in async_hooks have been made.
- The compiler version requirement to build Node with GCC has been raised to GCC 4.9.4.
- Users now have more fine-grained control over the inspector port used by individual cluster workers. Previously, cluster workers were restricted to incrementing from the master’s debug port.
- The server used for DNS queries can now use a custom port.
- Support for dns.resolveAny() has been added.
- The npm CLI has been updated to version 5.3.0. In particular, it now comes with the npx binary, which is also shipped with Node.