Adventures in Nodeland logo

Adventures in Nodeland

Subscribe
Archives
October 10, 2022

NodeConf.eu, Fastify security release and other Adventures in Nodeland - Issue #79

Hey Folks! I’ve just landed home 🛬 from an amazing trip to Ireland for the OpenJS Collaborator Summit and NodeConf.eu. While traveling, I skipped editing an edition last week - this edition has quite a few more releases than I would normally do! As usual, feel free to ping me for questions.

Launching Platformatic DB 🚀 with Matteo Collina & Luca Maraschi (JS Party #245)
Launching Platformatic DB 🚀 with Matteo Collina & Luca Maraschi (JS Party #245)
Patformatic co-founders Matteo Collina & Luca Maraschi join Amal & Chris to discuss their just-announced (and we mean just announced) open source database tool: Platformatic DB!
It’s a daemon that can turn any PostgreSQL, MySQL, MariaDB, or SQLite database into a REST and GraphQL endpoint. What makes it special is that it allows massive customization thanks to the flexibility of Fastify plugins.
changelog.com

NodeConf.eu

If you are interested in watching the morning talks of NodeConf.eu, you can watch the full-day recording of Day 1, Day 2, and Day 3. The NodeConf.eu team is already processing the videos, and individual recordings will be shared soon.

The Platformatic delegation at NodeConf.eu (Luca Maraschi, Marco Piraccini, Leonardo Rossi, and myself) delivered an amazing workshop to build a movie quotes application, check it out at https://platformatic.dev/db-workshop/.

Releases

Deny of service via malicious Content-Type · Advisory · fastify/fastify · GitHub
Deny of service via malicious Content-Type · Advisory · fastify/fastify · GitHub
This HIGH impact vulnerability impacts both the v4.x line. We have also issued a security release: v4.8.1. Read up for more details and a workaround.
github.com
Deny of service via malicious Content-Type · Advisory · fastify/fastify · GitHub
Deny of service via malicious Content-Type · Advisory · fastify/fastify · GitHub
This HIGH impact vulnerability impacts both the v4.x line. We have also issued a security release: v4.8.1. Read up for more details and a workaround.
github.com
  • env-schema v5.1.0 will use stricter types for JSON schema
  • fastify v4.7.0 adds parsing the request body for http SEARCH requests, adds routeSchema and routeConfig, and switches context handling to use a Proxy object. Moreover it fixes plenty of bugs! v4.8.0 introduces support for asynchronous route constraints, and it exports error codes.
  • fastify-oauth v6.1.0 introduce option to set additional getToken parameter.
  • fastify-redis v6.0.1 ships a few fixes.
  • fastify-http-proxy v8.2.3 add request argument to rewriteHeaders.
  • find-my-way v7.2.1 throws a relevant error when the wildcard is not the latest character in the URL.
  • mercurius v11.0.1 makes the gateway resolver key to handling digits in the names.
  • platformatic v0.2.0 was released including typescript support for plugins, rollback migrations, and count support! v0.3.0 disables auto applying of migrations during reloads.
  • fluent-json-schema v4.0.0 sets $id after clone.
  • @fastify/restartable v1.3.0 adds a restarted property.
  • pino-pretty v9.1.1 updates dependencies to fix some bugs.
  • pino-webpack-plugin v1.3.0 updates support for the latest pino-pretty.
  • find-my-way v7.3.0 adds support for asynchronous constraints. v7.3.1 fixes double colon escaping in multi-parametrical node.
  • @fastify/websocket v7.1.0 added SchemaCompiler, TypeProvider, and Logger to types.
  • @fastify/rate-limit v7.5.0 allows function allowList and keyGenerator to be async.

Articles I found interesting

The biggest news of the last few weeks is the release of workerd, the OSS version of Cloudflare Workers! workerd joins Deno, Bun, and of course Node.js in the list of server-side JavaScript runtimes.

Introducing workerd: the Open Source Workers runtime
Introducing workerd: the Open Source Workers runtime
27/09/2022 September 27, 2022 2:00PM • workerd is Open Source under the Apache License version 2.0. workerd shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more portable to other environments. The name “workerd” (pronounced “worker dee”) comes from the Unix tradition of naming servers with a “-d” suffix standing for “daemon”. The name is not capitalized because it is a program name, which are traditionally lower-case in Unix-like environments.
blog.cloudflare.com
Introducing workerd: the Open Source Workers runtime
Introducing workerd: the Open Source Workers runtime
27/09/2022 September 27, 2022 2:00PM • workerd is Open Source under the Apache License version 2.0. workerd shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more portable to other environments. The name “workerd” (pronounced “worker dee”) comes from the Unix tradition of naming servers with a “-d” suffix standing for “daemon”. The name is not capitalized because it is a program name, which are traditionally lower-case in Unix-like environments.
blog.cloudflare.com

At NodeConf.eu, I delivered a talk on “why I would never use a ORM”: if you are looking for more data and evidence, read the following article:

Node.js ORMs and why you shouldn't use them - LogRocket Blog
Node.js ORMs and why you shouldn't use them - LogRocket Blog
ORM is a powerful tool, but it adds a layer of complexity that can cause some hiccups. Here’s why you may want to avoid ORM in your next project.
blog.logrocket.com

Read the story of Lyra, a fast, in-memory, full-text search engine that you can deploy on the edge. Check it out:

Lyra: Fast, In-memory, Full-text Search Engine — Decibel
This interview is part of our OSS Spotlight series where we showcase founders of fast-growing open-source projects that are solving really unique problems and experiencing strong community adoption.
Sudip Chakrabarti spoke to Michele Riva, creator of Lyra, a fast, in-memory, typo-tolerant, full-text search engine.
Michele shared with us his motivation behind creating Lyra and how he is keeping up with all the fast growth of the project.
www.decibel.vc

I have never been a fan of prettier - since the beginning multiple people kept try to reformat the source code of my Open Source projects. I guess I’m not the only one. Read this article from Anthony on the topic:

Why I don't use Prettier
I have started writing this post multiple times but never ended up posting it. I wasn’t able to figure out a proper way to express my position about Prettier. But this time, I think I should try harder to explain that for future reference.
antfu.me
Don't miss what's next. Subscribe to Adventures in Nodeland:
GitHub X YouTube LinkedIn