Memory Leaks, Vulnerabilities, State of JS 2022, and other Adventures in Nodeland

Hi Folks!

This edition of Adventures in Nodeland is packed! The most exciting piece is the live stream I did with Kent C. Dodds on fixing the memory leaks on his website, check it out. I’m also announcing a new Fastify course at JSDay 2023. There are also a lot of releases, including a security vulnerability in mercurius.

Videos

This week I helped my friend Kent debug the memory leak to his website. You can read the full article at https://kentcdodds.com/blog/fixing-a-memory-leak-in-a-production-node-js-app, as well as watch our debugging session live on YouTube: https://www.youtube.com/watch?v=vkys6Wk-jYk.

Kent and Matteo Debugging things

I’m also continuing the development of the Unscalable Queue System in public, the latest video is Part 3:

You can subscribe to my twitch channel.

Fastify Course @ JSDay 2023

I’m proud to announce that on April 12th I will be doing a Fastify course at JSDay!

State of JS 2022

The good news of the #StateOfJS 2022: is that 9% of respondents use Fastify, which is excellent!

The bad news is that we have lost the year-over-year data that happened in the previous years.

I’m also the 35th in the list of people

Releases

platformatic v0.13.0 implements a new way to configure CORS, improves the SQL mapping of Platformatic DB, and includes a few bugfixes in create-platformatic.
mercurius v11.5.0 adds a missing .catch() leading to an unwanted crash (CVE-2023-22477), it replaces subscription client with the standalone package, and it adds support for whole AST as parameters. This fix was also backported to v8.13.2.
@fastify/websocket v7.1.2 removes the FSTDEP014 deprecation warning.
secure-json-parse v2.7.0 improve performance on error path in JSON.parse.
fastify-plugin v4.5.0 supports environments where Error.stackTraceLimit has been lowered.
undici v5.15.0 is out with a spec-compliant WebSocket implementation, utilities to parse cookies from Headers objects, …and many other bugfixes!
@fastify/autoload v5.7.0 adds the matchFilter and ignoreFilter options; v5.7.1 actually make them work.
hyperid v3.1.0 improves the performance of the module.
async-cache-dedupe v1.7.0 adds TypeScript definitions.
@fastify/view v7.4.0 set nunjucks environment globals on load not per request.
@fastify/multipart v7.4.0 supports saveRequestFiles option with attachFieldsToBody option set true.
fastify-cli v5.7.1 uses address 0.0.0.0 in Kubernetes by default.
pino-syslog v3.0.0 updates to latest versions of pino and Node.js.
@fastify/secure-session v6.0.0 fixes a problem when using the module with an Alpine image.
@fastify/swagger v8.3.0 passes JSON Schema keywords into OpenAPI Header Spec.
@mercuriusjs/gateway v0.2.0 is now on par with Mercurius v11.x.

Interesting Articles

Why Fosstodon Is English Only - or how English is the language we use to collaborate on Open Source Software (as you may know, I’m tooting at @mcollina@fossdoton.org).
Sick Systems: How to Keep Someone With You Forever | Issendai.com - I’ve found this article a must-read for everybody, as you can be trapped in a sick system without even noticing.
$415k Pre-Release Launch of a Developer Education Product. This article tells the story of how Matt Pocock‘s “Total TypeScript” course came to be. It’s amazing.
The state of HTTP in 2022 shows all the advancements HTTP made in 2022. Do you know all the novelties that were standardized in 2022? Check it out!
The End of Programming - do you think AI will supersede software development? I’m afraid I have to disagree. We will see a further explosion in demand for software developers as AI will enable us to develop even more software.
WebAssembly Performance in 2023 - I’m stunned that Node.js is a good competitor in the WebAssembly performance race!
What is a micro-frontend? - Read up on all the knowledge Natalia Venditto prepared for you.
What can go wrong if your CI gets hacked during the holidays? Read the CircleCI incident report for January 4, 2023 security incident.

Upcoming Events

Global Summit for Node.js‘23 - remote - 25-26th of January
CityJS - London, UK - 31st of March
JSDay 2023 - Verona, Italy - 12-14th of April
Open Source Summit / OpenJS World / OpenJS Collaborators’ Summit - Vancouver, Canada - 9-12th of May

Jan. 16, 2023, 5:30 p.m.