November 22, 2021
A Node.js v17 bug and other Adventures in Nodeland - Issue #36
Hi Folks! These weeks are quite busy with the typical end-of-year work and I am not doing as much Open Source as I would like. However
I’m so happy to announce that I will be back speaking at an in-person event the next March! I’m still preparing the abstract… what would you like me to talk about?
Haven’t you listened to the “JS Party” about Fastify and Pino? If you haven’t you should definitely check it out, we had a lot of fun recording this!
I have been working to make Fastify fully support Node v17… and I found a bug in Node! This means that Fastify will support Node v17 once this is fixed. In case you are curious, here is the PR:
|
Fixes a regression introduced in Node v17 that made Fastify test fails.
The reason is that using finished() and pipeline() with the send module started to error with “premature close” even if the stream did not close prematurely.
|
|
Fixes a regression introduced in Node v17 that made Fastify test fails.
The reason is that using finished() and pipeline() with the send module started to error with “premature close” even if the stream did not close prematurely.
|
Here is the Fastify PR that is currently blocked by a new release of Node:
|
|
|
|
|
|
Last week we shipped a new release of Pino that added some missing options (mkdir and append) to pino.file(), as well as improving the debuggability of some tests.
|
🌲 super fast, all natural json logger. Contribute to pinojs/pino development by creating an account on GitHub.
|
|
🌲 super fast, all natural json logger. Contribute to pinojs/pino development by creating an account on GitHub.
|
My talk on GraphQL Caching is ready.. and a last minute fix to mercurius-cache was in order as I thought setting the Time-To-Live (TTL) of cached data kept only the deduplication behavior.. while in reality it cached data forever. It’s fixed in v0.10.0:
|
Contribute to mercurius-js/cache development by creating an account on GitHub.
|
|
Contribute to mercurius-js/cache development by creating an account on GitHub.
|
I keep finding amazing projects on NPM. Here is a certified OAuth 2.0 Authorization server. You can use this as the basis for your Authentication service - in case you prefer not to use an Authentication provider.
Have you ever wondered how to implement an OAuth 2.0 server? This has always been a topic that fascinated me, mainly due to the impressive amount of complexity that is involved to provide a secure and flexible solution today. Then I found this module by Filip and I got the wow effect: a full implementation ready to go. Check it out:
|
OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js - GitHub - panva/node-oidc-provider: OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js
|
|
OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js - GitHub - panva/node-oidc-provider: OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js
|
I’m so glad that NPM is finally going to enforce 2FA on the packages with the most reach. It’s paramount to improve the safety of our ecosystem:
|
The npm registry is central to all JavaScript development, and, as stewards of the registry, ensuring its security is a responsibility GitHub takes seriously. Transparency is key in maintaining the trust of our community.
|
|
The npm registry is central to all JavaScript development, and, as stewards of the registry, ensuring its security is a responsibility GitHub takes seriously. Transparency is key in maintaining the trust of our community.
|
OpenCollective has always been a very interesting social experiment: how could we fund Open Source work at scale?
|
|
|
|
|
|
Elastic changed the license of their database from Open Source to Source Available a few months ago? Have they been affected anyhow? Apparently not much:
Despite the mudslinging over its licensing change from open source, company growth indicates that customers are likely less concerned with source code.
|
How to create tech videos / tutorials that are memorable? What programs to use? Here it is all unpacked by Francesco:
How would you identify a good software architecture? What principle should you follow when creating one? How would it intersect with the team structure? Read up on this article:
|
The forces for architectural alignment vary on domain relationships.
|
|
The forces for architectural alignment vary on domain relationships.
|
If you have been following Adventures in Nodeland you’d have read about the new “Trojan Source” attack. This article explains how to mitigate it using eslint:
|
On November 1st, 2021, a public disclosure of a paper titled Trojan Source: Invisible Vulnerabilities described how malicious actors may employ unicode-based bidirectional control characters to slip malicious source code into an otherwise benign codebase.
|
|
On November 1st, 2021, a public disclosure of a paper titled Trojan Source: Invisible Vulnerabilities described how malicious actors may employ unicode-based bidirectional control characters to slip malicious source code into an otherwise benign codebase.
|
