Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, February 23th, 2021. One Critical serverity issue One High serverity issue One Low serverity issue Impact The 15.x release line of Node.js is vulnerable to one critical severity issue, one high severity Read more…
#376 — February 18, 2021 Read on the Web Node Weekly Avoiding npm Substitution Attacks — Recently there have been some high profile examples of supply chain attacks on popular source code repositories, such as where fake or eponymous packages are published, but you can reduce your attack surface by Read more…
Notable Changes crypto: add keyObject.export() ‘jwk’ format option (Filip Skokan) #37081 deps: upgrade to libuv 1.41.0 (Colin Ihrig) #37360 doc: add dmabupt to collaborators (Xu Meng) #37377 refactor fs docs structure (James M Snell) #37170 fs: add fsPromises.watch() (James M Snell) #37179 use a default callback for fs.close() (James M Read more…
#375 — February 11, 2021 Read on the Web Node Weekly How to Generate Thumbnails using AWS Lambda from Videos Uploaded to S3 — A perfect pairing of serverless and Node. This thorough walkthrough covers using Node to tie together processing new videos uploaded to an S3 bucket, running FFmpeg Read more…
Notable changes deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 Commits [ 1e8a4e560ea ] – async_hooks: fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779 [ 1427968d266 ] – deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 [ 1cd9a8106be ] – http: do not loop over prototype in Agent (Michaël Zasso) Read more…
Notable changes The update to npm 6.14.11 has been relanded so that npm correctly reports its version. Commits [ 1953a85035d ] – crypto: fix crash when calling digest after piping (Tobias Nießen) #28251 [ 1fe2c98003e ] – deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 [ 17b7fb43b8a ] – Revert Read more…
Notable Changes deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 Note: Node.js is not believed to be vulnerable to CVE-2021-21148. stream,zlib: do not use _stream_* anymore (Matteo Collina) #36618 Commits [ 120b1e6c802 ] – deps: V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 [ 1408c7a65f3 ] Read more…
Scalability, latency, and throughput are key performance indicators for web servers. Keeping the latency low and the throughput high while scaling up and out is not easy. Node.js is a JavaScript runtime environment that achieves low latency and high throughput by taking a “non-blocking” approach to serving requests. In other Read more…
Deno, a JavaScript/TypeScript runtime promising stronger security and a superior developer experience to Node.js, reached its 1.0 release status on May 13, 2020. Created by Ryan Dahl, who also created Node.js, Deno was designed to address a number of Node’s shortcomings, particularly security. (Deno is an anagram of Node.) The project became Read more…
The arrival of Deno, an alternative to the Node.js JavaScript runtime, has inspired open source developers to create Nest.land, a decentralized module registry for Deno that uses blockchain technology to store modules permanently. With Nest.land, a distributed blockchain infrastructure is used to store the data, which is replicated “forever” via Read more…
