Friday, 26 May, 2017 UTC
Summary
Below you can find RisingStack's collection of the most important Node.js news, projects, updates & security leaks from this week:
1. npm: basic http authentication to be limited soon
Since before the release of npm 2.0 in 2014, the company has encouraged developers using its' APIs to use token authentication instead of passing username and password in a basic auth header.
Over the next few weeks we will be turning the recommendation into a requirement: basic http authentication will no longer work for any of the npm registry endpoints that require authorization. Instead you should use bearer tokens.
2. Node.js Streams: Everything you need to know
Streams are Node’s best and most misunderstood idea. Node.js streams have a reputation for being hard to work with, and even harder to understand.
Over the years, developers created lots of packages out there with the sole purpose of making working with streams easier. But in this article, I’m going to focus on the native Node.js stream API.
3. Getting Started with AWS Lambda & Node.js
Since the launch of AWS Lambda back in 2014, serverless (or FaaS - Function as a Service) computing became more and more popular. It lets you concentrate on your applications' functionality by not having to worry about your infrastructure.
In this article we will discuss what serverless programming is, and how to get started with AWS Lambda as a Node.js Developer.
4. Node.js Security: Broken Authentication
Broken Authentication and Session Management attacks are anonymous attacks with the intention to try and retrieve passwords, user account information, IDs and other details.
This is a note about Node.js security, by reading the amazing book Securing Node Applications by @ChetanKarade, which explains couple of common vulnerabilities in very simple way, and provides relevant npm modules as solutions to protect Node.js Web Apps.
5. The Contributors Guide to webpack — Part 1
Jumping into an unfamiliar codebase (or any for that matter) for the first time can be scary. Plus, if it’s your first time contributing to open source, it can even be scarier!
at webpack believe:
- Any (even non-technical) individual should feel welcome to contribute.
- However you decide to contribute, it should be fun and enjoyable for you!
- Even after your first commit, you will walk away understanding more about webpack or JavaScript.
- Consequently, you could become a better developer, writer, designer, etc. along the way, and we are committed to helping foster this growth.
6. Using ES6 and modern language tools to program a MIDI controller
This detailed blogpost summarizes the challenges of creating a flexible and customizable MIDI controller mapping for the Mixxx DJ software.
I will focus on the technical aspects of using the scripting facilities of the platform, and tackling the difficulties encountered on the journey.
7. NodeConf Argentina Announced
Argentina is among the first international Node.js conferences taking place in Latin American territory, and a not-for-profit community effort to push Node.js forward in Argentina and Latin America as a whole.
This year’s conference will be a three–day event in sunny Buenos Aires, Argentina, held during October 26th, 27th & 28th. Both action-packed days will be comprised of internationally acclaimed, regional, and local speakers. We are expecting Noders, JavaScripters, front-enders, and other programmers from all over the world.
8. Node Interactive North America: Full Schedule Announced
Node Interactive will cover everything from security, diagnostics, machine learning & more. The Full schedule is up now!
Vulnerable npm Packages Discovered:Node.js Interactive is the marquee event for Node.js developers, companies that rely on Node.js and the vendors that support both of these constituents with tools, training and other services.
High severity
- Arbitrary Command Execution - windows-cpu package, ALL versions
In the previous Node.js Weekly Update we read about Ignition and Turbofan in V8, Packing a Kubernetes Node app with Helm, Developing Microservices & more..
We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!