Read the most important Node.js weekly news & updates:

Let's explore the 9 main areas of digital transformation and see what are the benefits of implementing Node.js. Digital Transformation Roadmap inside!

One of the available technologies that enable companies to go through a major performance shift is Node.js and its ecosystem. It is a tool that grants improvement opportunities that organizations should take advantage of:

Increased developer productivity,

DevOps or NoOps practices,

and shipping software to production in brief time using the proxy approach,

just to mention a few.

Facebook's open source JavaScript package manager is gathering steam, but don't count out NPM

Mere months since it was open-sourced by Facebook, Yarn has NPM on the run. The upstart JavaScript package manager has gained a quick foothold in the Node.js community, particularly among users of the React JavaScript UI library.

February has been an exciting and very, very busy month for me. As you have probably heard, we’ve finally announced that we will launch the Ignition+TurboFan pipeline in Chrome 59. So despite running late, and not making it for February actually, I’d like to take the time to reflect on the TurboFan tale a bit, and tell my story here. Remember, that everything you read here is my very personal opinion and doesn’t reflect the opinion of V8, Chrome or Google.

WebAssembly is an exciting new language that many JavaScript engines have added support for. WebAssembly promises to make it much easier to compile languages like C and C++ to something that runs in the browser.

In this article, I'll show you how to get a couple rudimentary WebAssembly examples running in Node.js, and run a couple trivial benchmarks to show the performance impact.

By default qs protects against attacks that attempt to overwrite an object's existing prototype properties, such as toString() , hasOwnProperty() , etc. Overwriting these properties can impact application logic, potentially allowing attackers to work around security controls, modify data, make the application unstable and more.

In versions of the package affected by this vulnerability, it is possible to circumvent this protection and overwrite prototype properties and functions by prefixing the name of the parameter with [ or ] . e.g. qs.parse("]=toString") will return {toString = true} , as a result, calling toString() on the object will throw an exception.

Example:

qs.parse('toString=foo', { allowPrototypes: false }) // {} qs.parse("]=toString", { allowPrototypes: false }) // {toString = true} <== prototype overwritten

David Heinemeier Hansson, a well-known programmer and the creator of the popular Ruby on Rails coding framework was the one who started it:

Immediately, other techies picked up the meme. “Hello my name is Sadiksha, I am working on rails since 2011. I don’t know migrations syntax to add/remove column, I google it everytime,” one coder said. “Hello, my name is Tim. I’m a lead at Google with over 30 years coding experience and I need to look up how to get length of a python string,” tweeted another.

Latest Node.js Releases

○ Node v7.7.0 (Current)

This release contains a bug that will prevent all native modules from loading. Update to 7.7.1!

child_process: spawnSync() exit code now is null when the child is killed via signal

spawnSync() exit code now is null when the child is killed via signal http: new functions to access the headers for an outgoing HTTP message

new functions to access the headers for an outgoing HTTP message lib: deprecate node --debug at runtime

deprecate node --debug at runtime tls: new tls.TLSSocket() supports sec ctx options

new tls.TLSSocket() supports sec ctx options url: adding URL.prototype.toJSON support

adding URL.prototype.toJSON support doc: items in the API documentation may now have changelogs

items in the API documentation may now have changelogs crypto: adding support for OPENSSL_CONF again

adding support for OPENSSL_CONF again src: adding support for trace-event tracing

Node.js 7.7.0 contains a bug that will prevent all native modules from building, this patch should fix the issue.

In the previous Node.js Weekly Update we read fantastic articles about Writing REST APIs, Quality with Speed, Node 6 at Wikimedia, Node in China, Async/Await released and more..

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!