Below you can find RisingStack's collection of the most important Node.js news, projects, updates & security leaks from this week:

In his presentation, Danny Grander walked us through hacking a vulnerable Node.js application, as well as looking in-depth into three different vulnerabilities in popular npm packages.

It is a good learning opportunity to see a real-world software, written by experienced developers that had security issues that later got fixed, and hopefully we can learn something from that.

Glimpse is an experimental npm package that gives you in-depth insights about the client and server sides of your Node.js apps.

More efficient debugging means faster development. Best of all, it’s free.

Post-mortem diagnostics & debugging comes into the picture when you want to figure out what went wrong with your Node.js application in production

We will take a look at node-report , a core project which aims to help you to do post-mortem diagnostics & debugging.

Docker is an amazing tool for developers. It allows us to build and replicate images on any host, removing the inconsistencies of dev environments and reducing onboarding timelines considerably.

To provide an example of how you might move to containerized development, I built a simple todo API using NodeJS, Express, and PostgreSQL using Docker Compose for development, testing, and eventually in my CI/CD pipeline.

Node Core Changes:

Now that util.promisify is in the Node Core, we don't have to use the es6-promisify module anymore.

AsyncWrap is two things. One is a class abstraction that provides an internal mechanism for handling asynchronous tasks, such as calling a callback.

The other part is an API for setting up hooks and allows one to get structural tracing information about the life of handle objects. In the context of tracing the latter is usually what is meant.

Vulnerable npm Packages Discovered:

Medium severity

Low severity

Information Exposure - brunch package, versions <1.7.7 >=1.7.0

Previously in the Node.js Weekly

In the previous Node.js Weekly Update we read about why Node 8 got delayed, how to use the fs module effectively, how to make Electron apps with 99.9% weight loss & 3 recent Node.js releases: v6.10.3 (LTS); v7.10.0 (Current) & v4.8.3 (Maintenance).

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!