It’s all about security

#​462 — November 10, 2022

Read on the Web

Node.js Security Best Practices — A new official document from the Node.js team providing guidelines on securing your Node apps by looking at what the main threats are and how to mitigate them.

Node.js Project

And.. Node Security Releases: 19.0.1, 18.12.1, 16.18.1 and 14.21.1 — Three security issues have been resolved in these point releases. Two X.509 certificate verification vulnerabilities, and a bug in Node’s rebinding protector that allowed invalid octal-denoted IP addresses (it might sound niche but where there’s a hacker’s will, there’s a way).

Juan José Arboleda (Node.js Team)

An Intuitive APM for Node.js Developers — AppSignal doesn’t just offer Node.js performance monitoring and error tracking. We have a full set of features to monitor your application from A to Z packed in a clear and intuitive interface. All features are included in all plans.

AppSignal sponsor

Hapi 21: A Simple, Secure Node App Framework — v21 bills itself as a ‘medium-sized release’ focused on modernization and all round Node 18 (and ESM) support. Hapi is notable as having no external dependencies while offering a lot out of the box. GitHub repo.

hapi.js Project

Getting Started with MongoDB Atlas & Azure Functions using Node.js — If you don’t want to manage any infrastructure yourself, MongoDB’s managed platform can provide the database and Azure Functions can provide the runtime.

Nic Raboy

Deploying a Simple Node App on Several Cloud Providers — You’ve got a Node app, you’ve got nowhere to deploy it.. what to do? Jérémy tries several options including classic and challenger platforms. Note that this is focused on the how (complete with errors and giving up!) with no opinion as to which you should choose.

Jérémy Levy

Using TypeScript with Node.js — Robin has written a short series of three ‘setting up a backend’ posts with this outing covering the bare essentials of bringing TypeScript into Node, including introducing

,

and installing types of things like Express. A useful primer.

Robin Wieruch

What’s New in Mongoose 6.5:

— Makes it easier to use your Mongoose schemas against plain old JavaScript objects.

Valeri Karpov

Why Your Node Backend Needs an API Layer and How to Build It

Antonello Zanini (Semaphore)

Learning Good Habits by Watching a Staff Software Consultant

Nichol Alexander and Kevin Baribeau

🛠 Code & Tools

Agenda 5.0: Lightweight Job Scheduling for Node — Uses a MongoDB-backed persistence layer and offers repeatable jobs, delayed jobs, and optional UI and REST API frontends. v5 requires MongoDB 4.0+. The Redis-based Bull is another option to consider in this space if you need something beefier.

Ryan Schmukler

If You Are Building a Notification Microservice Internally: Read This — Learn about UX requirements, what to plan for with scaling, reliability, routing & preferences, and audit visibility.

Courier.com sponsor

safe-json-value 1.9: For When JSON Serialization Should Never Fail — Prevents

from throwing an exeception, changing types, or otherwise transforming values unexpectedly, because sometimes you need that sort of reassurance.

ehmicky

Soul: A REST and Realtime Server for SQLite — Run

and the SQLite database in

is made available over a REST and WebSocket API.

Vahid Al

Nest 9.2: A Mature Framework for Building Scalable Server-Side Apps — It’s been a couple of years since we linked to it properly, but this framework continues to go from strength to strength. Need a full on intro? There’s a ▶️ three-hour screencast(!) for that. GitHub repo.

Kamil Myśliwiec

Leoric 2.9: A Node ORM for MySQL, Postgres and SQLite — It’s heavily influenced by the Active Record pattern (such as is popular in the Ruby on Rails world, say). GitHub repo.

Leoric

Best-In-Class Geofencing, Trip Tracking, Routing & Geocoding Software

Radar sponsor

• Prisma 4.6
  ↳ Popular Node + TypeScript ORM. Fantastic release notes as usual, too.

• Strapi 4.5
  ↳ Popular Node-based headless CMS.

• pnpm 7.15
  ↳ Fast, disk space efficient package manager.

• ws 8.11
  ↳ Fast, well tested WebSocket client & server library.

• Slonik 33.0
  ↳ Advanced Postgres client with type safety.

• HyperExpress 6.5.2
  ↳ High-perf HTTP server powered by uWebsockets.js.

• Zip It and Ship It 8.1
  ↳ Prepare Node Lambda functions for deployment.