Hi Everyone! I’ve missed an edition because I took a week off at the beginning of December - I was exhausted, this has been a tough year. In case you wonder, I have been to Rome and Florence!
We are back with our regular schedule and I hope to keep up with the newsletter over the holidays as well. As usual, let me know what you think
Being off for a week often means that no releases are shipped. I learned the wrong way to always release when you have time to fix your mess. So.. a lot of projects I maintain shipped something new last week. Check them out.
The first release I’m going to talk about is Fastify! We are working hard to improve our documentation, so we shuffled a lot files around and fixed all the broken links in the process. Thanks to a couple of phenomenal contributors helped.
You can browse the new documentation at:
I also released a new version of Mercurius, my take on “how to write a GraphQL server with Mercurius. This new releases sports a couple of new options and a regression fix. Check it out:
The most important announcement 📣 of Mercurius is a security advisor due to a bug 🐛 introduced in v8.10.0. This bug caused your application to crash if an invalid JSON was sent as a body to a GraphQL route. It was fixed in v8.11.2. Check it out
Next week I plan to release v9 of Mercurius sporting GraphQL v16 and a change of default protocol for subscriptions. More on that next week!
This new release of Undici significantly improves our fetch() implementation, solving several bugs and improving its performance. We are getting closer to call it “stable!”.
I have spent quite some time investigating a potential memory leak in Undici. I think the issue is a good example of performing this kind of analysis… even if I concluded that there is no leak.
Here is also a commentary of the actual problem I faced at the end.
I did not release or did much work on pino. However there were a few PR waiting to be landed and released. The release of pino-pretty includes quite a few updates that introduce new features and fix a few bugs. Check it out:
For all of you that do not know Hapi - it’s an web framework for Node.js that is very stable and preferred by several companies around the globe. hapi-pino registers to the logging mechanism of Hapi. This releases moves pino-pretty to devDependencies and it implements a new feature.
Last week I worked with my colleague Rafael to fix a significant regression on pino-http. Here is the result of our analysis and fix:
One of the most important news of this week is that Express shipped a new release after two years 🍾. I’m happy that Doug is still active and I hope for more.
The second most notable news from the last two weeks is a forced enrollment in 2FA for major publishers on the npm platform. This is a great news for everybody as it would make everybody significantly safer:
I was featured in the annual report from the Linux Foundation! Check it out:
If you haven’t heard about the Log4j vulnerability and you are running a product using Log4j you are probably in trouble now. If you are mostly running Node.js… you might want to read up about it!
Would you check in your npm dependencies in your Git repo? Read about this valuable opinion and how you would need to change your workflow to adopt this:
The Log4j vulnerability have spawn an incredible amount of really interesting content about Open Source sustainability. The following article has a somewhat new take: professionalizing the role of the Open Source maintainer.
My friend Myles then follow up with a take on similar lines: you are getting some value from your OSS contributions.
Is single-threaded faster than multi-threaded? Read up on this long explanation on how Redis could potentially be made much faster, using a share-nothing architecture with threads dedicated for a partition of key space:
What is TLS fingerprinting? It’s a technique that can be used to detect which runtime (with version) you are using by looking at the algorithms that it advertise supporting. How can you defeat it in Node.js? Read up:
ARM CPUs are taking over the world. From smartphones, to laptops to servers they are both more performant and energy savvy. Read up this story on how CloudFlare could deliver 57% more performance per watt spent.
Would you like to speak at NodeCongress? The Call for Papers is open!