Below you can find RisingStack's collection of the most important Node.js updates, projects, tutorials & Node related conferences from this week:

While there are many details that still need to worked through, and likely many issues that need to be fixed… this initial implementation provides enough functionality to get started, including:

Push Stream Support

respondWithFile() and respondWithFD() APIs that allow extremely efficient sending of raw file data that bypasses the Streams API.

and APIs that allow extremely efficient sending of raw file data that bypasses the Streams API. TLS and Plain-text connections

Full support for stream multiplexing

HTTP/2 Prioritization and Flow Control

Support for HTTP/2 trailers

HPACK header compression support

A compatibility API layer that operates as close as possible to the existing HTTP/1 API

You might have heard about the high impact security vulnerability issue recently fixed and announced by nodeJS team. This post will attempt to explain the issue, how and why it happened.

The vulnerability roots from HashTables, so lets start with a quick recap on HashTables, just in case you missed your computer science classes.

In this article, you’ll learn why Mac Heller-Ogden decided—on his own—to build a proof of concept for Node.js at Cars.com.

You’ll also learn how long it took, what leadership at Cars.com said when they saw his work (spoiler: they loved it), and what happened next.

Node.js is an event-based platform. This means that everything that happens in Node is the reaction to an event. A transaction passing through Node traverses a cascade of callbacks. Abstracted away from the developer, this is all handled by a library called libuv which provides a mechanism called an event loop.

The event loop is maybe the most misunderstood concept of the platform. The article covers Dynatrace's learnings about how the event loop really works and how to monitor it properly.

New features:

Add --link filter option to npm ls.

[email protected]:

4 new languages - Czech, Italian, Turkish, and Chinese (Traditional)! This means npx is available in 14 different languages!

New –node-arg option lets you pass CLI arguments directly to node when the target binary is found to be a Node.js script.

As mentioned before, we’re continuing to do relatively rapid, smaller releases as we keep working on stomping out [email protected] issues! We’ve made a lot of progress since 5.0 already, and this release is no exception.

The Code of Conduct calls out the following as specific examples of unacceptable behavior:

The use of sexualized language or imagery and unwelcome sexual attention or advances

Trolling, insulting/derogatory comments, and personal or political attacks

Public or private harassment

Publishing others' private information, such as a physical or electronic address, without explicit permission

Other conduct which could reasonably be considered inappropriate in a professional setting

Our Pledge:

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.

We are happy to announce that starting from September, three instructors from RisingStack will be traveling Europe to hold trainings on Node.js, Microservices, and Security.

The trainings will be available in Vienna, Dublin, Amsterdam, Paris, Barcelona, Berlin, Zurich, London, Lisbon.

Node Summit is the largest conference focused exclusively on Node.js and “The Ecosystem of Node”.

You can still register for the chance to attend Day Zero on July 25th. Day Zero provides a limited set of attendees (based on order of registration) invite-only access to additional talks, workshops and educational sessions, as well as more opportunities to network with the Node.js community and thought leaders.

Node Core Changes:

http: Writes no longer abort if the Socket is missing.

Writes no longer abort if the Socket is missing. process, async_hooks: Avoid problems when triggerAsyncId is undefined.

Avoid problems when triggerAsyncId is undefined. zlib: Streams no longer attempt to process data when destroyed.

Async Hooks

Multiple improvements to Promise support in async_hooks have been made.

Build

The compiler version requirement to build Node with GCC has been raised to GCC 4.9.4.

Cluster

Users now have more fine-grained control over the inspector port used by individual cluster workers. Previously, cluster workers were restricted to incrementing from the master's debug port.

DNS

The server used for DNS queries can now use a custom port.

Support for dns.resolveAny() has been added.

npm

The npm CLI has been updated to version 5.3.0. In particular, it now comes with the npx binary, which is also shipped with Node.

In the previous Node.js Weekly Update we read about node security updates, 2FA for Node apps, npx - an npm package runner, distributed tracing & more...

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!