#462 — November 10, 2022
Node.js Security Best Practices — A new official document from the Node.js team providing guidelines on securing your Node apps by looking at what the main threats are and how to mitigate them.
And.. Node Security Releases: 19.0.1, 18.12.1, 16.18.1 and 14.21.1 — Three security issues have been resolved in these point releases. Two X.509 certificate verification vulnerabilities, and a bug in Node’s rebinding protector that allowed invalid octal-denoted IP addresses (it might sound niche but where there’s a hacker’s will, there’s a way).
Juan José Arboleda (Node.js Team)
An Intuitive APM for Node.js Developers — AppSignal doesn’t just offer Node.js performance monitoring and error tracking. We have a full set of features to monitor your application from A to Z packed in a clear and intuitive interface. All features are included in all plans.
Hapi 21: A Simple, Secure Node App Framework — v21 bills itself as a ‘medium-sized release’ focused on modernization and all round Node 18 (and ESM) support. Hapi is notable as having no external dependencies while offering a lot out of the box. GitHub repo.
Getting Started with MongoDB Atlas & Azure Functions using Node.js — If you don’t want to manage any infrastructure yourself, MongoDB’s managed platform can provide the database and Azure Functions can provide the runtime.
Deploying a Simple Node App on Several Cloud Providers — You’ve got a Node app, you’ve got nowhere to deploy it.. what to do? Jérémy tries several options including classic and challenger platforms. Note that this is focused on the how (complete with errors and giving up!) with no opinion as to which you should choose.
Using TypeScript with Node.js — Robin has written a short series of three ‘setting up a backend’ posts with this outing covering the bare essentials of bringing TypeScript into Node, including introducing tsc, ts-node and installing types of things like Express. A useful primer.
Why Your Node Backend Needs an API Layer and How to Build It
Antonello Zanini (Semaphore)
Learning Good Habits by Watching a Staff Software Consultant
Nichol Alexander and Kevin Baribeau
🛠 Code & Tools
Agenda 5.0: Lightweight Job Scheduling for Node — Uses a MongoDB-backed persistence layer and offers repeatable jobs, delayed jobs, and optional UI and REST API frontends. v5 requires MongoDB 4.0+. The Redis-based Bull is another option to consider in this space if you need something beefier.
If You Are Building a Notification Microservice Internally: Read This — Learn about UX requirements, what to plan for with scaling, reliability, routing & preferences, and audit visibility.
safe-json-value 1.9: For When JSON Serialization Should Never Fail — Prevents JSON.serialize() from throwing an exeception, changing types, or otherwise transforming values unexpectedly, because sometimes you need that sort of reassurance.
Soul: A REST and Realtime Server for SQLite — Run soul -d database.db -p 8000 and the SQLite database in database.db is made available over a REST and WebSocket API.
Nest 9.2: A Mature Framework for Building Scalable Server-Side Apps — It’s been a couple of years since we linked to it properly, but this framework continues to go from strength to strength. Need a full on intro? There’s a ▶️ three-hour screencast(!) for that. GitHub repo.
Leoric 2.9: A Node ORM for MySQL, Postgres and SQLite — It’s heavily influenced by the Active Record pattern (such as is popular in the Ruby on Rails world, say). GitHub repo.
↳ Popular Node + TypeScript ORM. Fantastic release notes as usual, too.
↳ Popular Node-based headless CMS.
↳ Fast, disk space efficient package manager.
↳ Fast, well tested WebSocket client & server library.
↳ Advanced Postgres client with type safety.
↳ High-perf HTTP server powered by uWebsockets.js.
Zip It and Ship It 8.1
↳ Prepare Node Lambda functions for deployment.
Find Tech Jobs with Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It’s free for job-seekers.
Full Stack Engineer (EU Remote or Relocate to Berlin) — We’ve built a product thousands of people love (see Trustpilot if you don’t believe us). We need your help with React, GraphQL & TypeScript.