Adventures in Nodeland - Issue #9 - Open Source Vampires, Undici@4 is almost ready and many more stories!

Undici v4 is coming… and we have fix a really hard bug! This week newsletter is focused on a few key bugs I fixed along the way and a few relevant articles that popped up in my twitter feed.

I almost dropped out of the Open Source community because of the entitlement that user feels, and how bad they treat their maintainers. I call them “Open Source Vampires” and I’m extremely aware of their danger to all the communities we old dear.

In the following blog post Bret explores the topic in great length, take a read:

The social contract of open source

Even though I gave a keynote with an accompanying blog post all about setting expectations for open source participation, I felt it was time to do another blog post to directly address the issue of entitlement by some open source users which is hurting open source, both for themselves and

snarky.ca

One of the things I miss the most about conferences is meeting with my friend Benedikt, where he would tell me the most amazing stories about V8 optimization (I indeed learned a lot from, thanks!). You should really check out his latest blog post on how he sped up DevTools stack traces by 10x!

New things to try out

I don’t get usually excited by a new AWS product launch, but CloudFront Functions caught my attention. I call it the missing .htaccess and mod_rewrite of AWS. A similar product is CloudFlare Workers. Anyway, read up as they cost very little while they enable new possibilities and use case on top of other AWS services (such as S3).

Introducing CloudFront Functions – Run Your Code at the Edge with Low Latency at Any Scale | Amazon Web Services

With Amazon CloudFront, you can securely deliver data, videos, applications, and APIs to your customers globally with low latency and high transfer speeds. To offer a customized experience and the lowest possible latency, many modern applications execute some form of logic at the edge. The use cases for applying logic at the edge can be […]

aws.amazon.com

Undici

Last Monday I spent most of my day (and Open Source sponsored time) for the week in fixing a bad bug Ethan found in Undici when integrating with the Github REST API. The problem seemed simple but in reality it was quite complex to fix, let’s examine it in details.

Undici required HTTP/1.1 responses to have either a Content-Length or a Transfer-Encoding header. However, it is HTTP/1.1 compliant to close the connection instead (ref: https://tools.ietf.org/html/rfc2616#section-4.4). The Github API closed the connection abruptly which resulted in an ECONNRESET error in Node.js. In Undici we were sending this error back to the user, instead of consuming the full payload. Fedor pointed us to use llhttp_finish in this case, which fixed the problem completely for us!

fix: end message on connection close by ronag · Pull Request #784 · nodejs/undici · GitHub

If response is not keep alive and socket ends then consider it as end of message. I’m not sure whether this is spec compliant but I believe it would resolve the issue @Ethan-Arrowood encountered. Refs: #782

github.com

We have also shipped undici@4.0.0-rc.2 and -rc.3. We are aiming for a release this week - if we do not find any more hard bugs!

Fastify

Turns out I have still so much to learn from the community: the fastify-basic-auth module was wrongly implemented. As the Fastify co-contributor Manuel Spigolon said, https://tools.ietf.org/html/rfc7235 requires the WWW-Authenticate header to present in 401 Unauthorize resposes. fastify-basic-auth@1 included that header everywhere. Then, I made things worse by only returning it with a successful authentication (https://github.com/fastify/fastify-basic-auth/pull/39). Manuel spot this immediately, and I reverted the change for v1, and implemented a proper fix which became v2.

Only send www-authenticate for 401. Make realm dynamic. by mcollina · Pull Request #40 · fastify/fastify-basic-auth · GitHub

Following up from #39 (comment), I refactored a good part of the library. Checklist

run npm run test and npm run benchmark tests and/or benchmarks are included documentation is changed or added commit message and code follows the Developer’s Certification of Origin and the Code of conduct

github.com

Conferences

One of the conferences I hold dear is JSDay which used to happen every year in Verona. 2021 is still virtual and they are looking for speakers.

Thanks

Thanks for keeping up reading this! Your feedback motivate me in keeping up documenting my work as I go. I hope to have some news next as I have a few project that are almost ready for a semver-major release!