Monthly Archives: September 2017

Node.js Weekly Update - September 29

By Tamas Kadlecsik

Node.js Weekly Update - September 29

Below you can find RisingStack‘s collection of the most important Node.js updates, projects & tutorials from this week:

Node v8.6.0 (Current)

Notable changes:

  • crypto
    • Support for multiple ECDH curves.
  • dgram
    • Added setMulticastInterface() API.
    • Custom lookup functions are now supported.
  • n-api
    • The command-line flag is no longer required to use N-API.
  • tls
    • Docs-only deprecation of parseCertString().
  • New Contributors
    • Welcome Sebastiaan Deckers (@sebdeckers) as a new Collaborator!

Security Issue: Path Validation Vulnerability

The Node.js project released a new version of 8.x this week which incorporates a security fix.

Version 8.5.0 of Node.js is vulnerable. 4.x and 6.x versions are NOT vulnerable.

Google Announced Stackdriver Debugger for Node.js

We’ve all been there. The code looked fine on your machine, but now you’re in production and it’s suddenly not working. But how do you diagnose the root cause of the issue? That’s where Stackdriver Debugger comes in.

Node.js Weekly Update - September 29

Stackdriver Debugger lets you inspect the state of an application at any code location without using logging statements and without stopping or slowing down your applications.

This means users are not impacted during debugging. Using the production debugger, you can capture the local variables and call stack and link it back to a specific line location in your source code. You can use this to analyze your applications’ production state and understand your code’s behavior in production.

How to write clean code for cascaded promises

An in-depth guide about working with Interdependent Promises

As a developer, I’m constantly looking for ways to write cleaner code.

A year ago I published a library called Premiere, designed to facilitate consuming Restful APIs in the frontend with Javascript. I’m now building a v2 of the library and, in this process, I noticed there was room to make the code cleaner, specifically when it comes to Promises.

How to write reliable browser tests using Selenium and Node.js

There are many good articles on how to get started with automated browser testing using the NodeJS version of Selenium. But they fall short of digging into the details of the many gotchas and best practice of automating your browser testing when using Selenium.

Node.js Weekly Update - September 29

This article continues where those other articles leave off, and will help you to write automated browser tests that are far more reliable and maintainable with the NodeJS Selenium API.

Debugging in 2017 with Node.js

While we’ve all used the trusty console.log for debugging our application, Node now has far more powerful debugging capabilities.

Node.js Weekly Update - September 29

Paul Irish demonstrates improved workflows for debugging, profiling and understanding your app using the DevTools Protocol. He also shares more advanced techniques for automating and monitoring Node.

Node8’s util.promisify is so freakin’ awesome!

TLDR;

  • util.promisify converts a regular function into a promise.
  • The function passed to util.promisify must follow the NodeJS callback style. The function must pass a callback as the last parameter, and the callback must be the take the following parameters in the following order: (err, value) => { /* … */ }
  • Promisifed functions can be used with await and async to help avoid messy promise chains an introduce a cleaner, saner, way to do asynchronous programming.

Limdu.js – Machine Learning for Node.js

Limdu is a machine-learning framework for Node.js. It supports multi-label classification, online learning, and real-time classification. Therefore, it is especially suited for natural language understanding in dialog systems and chat-bots.

npm install limdu

Limdu is in an “alpha” state – some parts are working (see this readme), but some parts are missing or not tested. Contributions are welcome.

Terminal Kit – Terminal utilities for node.js

A full-blown terminal lib featuring: 256 colors, styles, keys & mouse handling, input field, progress bars, screen buffer (including 32-bit composition and image loading), text buffer, and many more…

Node.js Weekly Update - September 29

Whether you just need colors & styles, build a simple interactive command line tool or a complexe terminal application: this is the absolute terminal lib for Node.js!

Node.js Weekly Update - September 29

It does NOT depend on ncurses.

Reddit thread of the week: Hey Node friends, can we stop posting about politics and start posting about code again?

It would really warm my cold dead heart if we could ignore the stuff that’s happening over on Twitter and such, and let the whole thing just die off.

The opinions of a few people aren’t so important as to rustle our jimmies, plus I love reading about code a lot more than I love reading about politics.

Thanks Node friends, let’s make this place friendlier for each other.

Previously in the Node.js Weekly Update

In the previous Node.js Weekly Update we read about object recognition, the process module, debugging the event loop, and a great modern JS cheatsheet.

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!

Source:: risingstack.com

Deploying AdonisJS Apps to Heroku

By Chimezie Enyinnaya

The question on how to deploy AdonisJS apps keeps popping out within the AdonisJS community. The thing is that most people tend to forget that AdonisJS apps are Node.js applications and can be deployed the same way you would deploy any Node.js application.

In my last post, we built a task list app with AdonisJS. Today, I’ll be showing you how to deploy the task list app to Heroku.

Create a Git Repository

If you follow along from the last tutorial, we need to first setup a git repository since we’ll be using git for deployment. Head over to GitHub/Gitlab/Bitbucket and create a new repository.

Then we initialize git repository in the adonis-tasks directory:

cd adonis-tasks
git init
git remote add origin git@github.com:YOUR_USERNAME/adonis-tasks.git

Create a Heroku App

Login to your Heroku dashboard or signup if you don’t have an account already. Then create a new app.

I named mine adonis-tasks (which might no longer be available for you)

Once the app is created, we’ll be redirected to the Deploy page on the app dashboard where we can see different ways with which we can deploy our app. We’ll be deploying using Heroku Git with the use of the Heroku CLI. So, we need to install the Heroku CLI on our computer. Go through the documentation on how to install the CLI depending on your operating system.

Once the CLI is installed, we need to login to Heroku with our account details.

heroku login

Next, we add Heroku remote to our task list app repository.

heroku git:remote -a adonis-tasks

Setting Up MySQL Database

The task list app uses MySQL as its database which Heroku does not support out of the box. We, therefore, need a way to use MySQL on Heroku. Luckily for us, there is support for MySQL through what Heroku call add-ons. There are numerous add-ons to add MySQL to our app, but for this tutorial, we’ll be using ClearDB MySQL. So, we need to add ClearDB MySQL to our Heroku app. To do this, go to the Overview page of the Heroku app, we’ll see Installed add-ons section showing the add-ons we have added to the app (it will be empty for now since we haven’t added any).

Click on Configure Add-ons which will take us to a page where we can configure or add a new add-on. Start typing ClearDB and it will show up in the selection option, which we can then click to select.

Upon selecting ClearDB, a modal will appear for us to provision ClearDB to our app. At this point, we can choose a plan we want, but we’ll be going with the free plan for this tutorial.

Clicking on Provision will add ClearDB to our app, and it will also add CLEARDB_DATABASE_URL to our app’s config variables.

Let’s add another config variable DB_CONNECTION which will tell AdonisJS the database connection our app is using. Go to Settings then click on Reveal Config Vars and add DB_CONNECTION as key and mysql as value.

Next, we need to modify our app to use ClearDB when deployed. The CLEARDB_DATABASE_URL is a URL string that contains our database details (host, username, password and database name), so we need to parse this URL and extract the individual detail. Let’s install an npm package to help us with that:

npm install URL-parse

With that installed, open config/database.js and add the snippet below to the top of it just after where we declare Helpers:

// config/database.js

const Url = require('url-parse')
const CLEARDB_DATABASE_URL = new Url(Env.get('CLEARDB_DATABASE_URL'))

Still in config/database.js, replace mysql’s connection object with:

// config/database.js

connection: {
    host: Env.get('DB_HOST', CLEARDB_DATABASE_URL.host),
    port: Env.get('DB_PORT', ''),
    user: Env.get('DB_USER', CLEARDB_DATABASE_URL.username),
    password: Env.get('DB_PASSWORD', CLEARDB_DATABASE_URL.password),
    database: Env.get('DB_DATABASE', CLEARDB_DATABASE_URL.pathname.substr(1))
} 

Depending on the environment our app is running, the necessary database settings will be used. It will first look for DB_ variables (which indicate it’s on development) and use them if found else it will fallback to CLEARDB settings (which indicate it’s on production).

Specifying Node.js Version

By default, Heroku will use the current stable version (v6.11.3 as at this tutorial) of Node.js. AdonisJS v4 (which our app is on) requires Node.js v8.0 or greater. So we need to tell Heroku to use a specific Node.js version. We can do this by adding the snippet below to our app package.json:

// package.json

"engines": {
    "node": "8.5.0"
}

This will force Heroku to use Node.js v8.5.0 (which is the current version as at this tutorial).

Create a Procfile

A Procfile is use to explicitly declare what command should be executed to start your app. We can also add other commands we want executed. For instance, release phase which enables us to run tasks before a new release of our app is deployed to production. Create a file named Procfile (without an extension) directly in the root of our app (that is adonis-task directory). Note that the P is uppercased. Add the code below into it:

// Procfile

release: ENV_SILENT=true node ace migration:run --force
web: ENV_SILENT=true npm start

Instead of running our app migrations manually with heroku run. We use release phase to run our app migrations before deploying the app to production. This is really helpful compared to running our app migrations manually, because we might forget to run migrations after deploying to production some times. We are using the --force flag because we are running the migrations on production. The next command simply start the app.

Noticed we prefixed both commands with ENV_SILENT=true. This will prevent us from getting Env provider error because AdonisJS by default expects a .env file which it pulls some config settings from.

Now let’s commit and push the changes made to the app to remote:

git add --all
git commit -m "initial commit"
git push -u origin master

To deploy our application, we simply push to Heroku:

git push heroku master

This will start the deployment by installing Node.js and other necessary dependences. Once the deployment is done, we can use the Heroku CLI to open the application.

heroku open

This will open our app in a new browser window.

There you have it, our AdonisJS application is now running on https://adonis-tasks.herokuapp.com.

Conclusion

That’s it guys, you have seen how easy it is to deploy AdonisJS application to Heroku. Kindly drop your questions and comments below. In my next post, I will show you how to deploy AdonisJS application to a VPS.

Source:: scotch.io

Best VS Code Extensions for Angular v2+ Development

By Chris Sevilleja

Visual Studio Code is a brilliant editor that makes coding life much easier, especially for JavaScript developers.

What makes VS Code an even better editor is the amount of extensions in the marketplace.

Going through some Angular development, I’ve found a few packages that have made coding easier for Angular v2+ projects. We’ll go over them here. There’s an easy way to get many of these packages using an extension pack: Angular Essentials Extension Pack by John Papa.

The extension pack has many of these, but I’d like to go into a little more detail for some of the packages and also introduce some packages that aren’t necessarily Angular specific, although they do help with JS development.

Angular Specific Packages —

Here are the packages specific to Angular. All of these will help make Angular development faster and more convenient.

Angular 2 TypeScript Emmet

VS Code Package

This package will allow you to use Emmet abbreviations inside Angular inline templates.

Here’s what it looks like without the Angular 2 TypeScript Emmet package:

And with the package, we have the glory of Emmet!

Related Video Course: Write HTML Super Fast with Emmet

Angular Language Service

VS Code Package

This is an extremely helpful extension. It gives us intellisense when writing out our HTML templates for an Angular component.

Angular v4 TypeScript Snippets

VS Code Package

This is a great package by John Papa. While the Angular CLI can do a lot of these generations for us, it’s always helpful to know we have snippets at our fingertips.

Just type a- and see VS Code show you all the snippets available with this package:

Here’s an example of a snippet to generate an HTTP Interceptor:

Angular2 Inline

VS Code Package

This is a simple one but a favorite. Get syntax highlighting for your inline templates. Here’s a comparison with and without:

Angular2 Switcher

VS Code Package

This is also a simple package that not everyone will find useful. When coding, I do my best to keep my hands on the keyboard. It saves time to stay away from the mouse. This is why I invest time into learning the VS Code keyboard shortcuts and Vim.

This package allows you to quickly switch to a component’s matching .css|.html|.ts files.

Type alt + o (Windows) or shift + alt + o (Mac) to:

  • Go from .ts -> .html
  • Go from .css -> .html
  • Go from .html -> previous file (.ts or .css)

Type alt + i (Windows) or shift + alt + i (Mac) to:

  • Go from .ts -> .css
  • Go from .html -> .css
  • Go from .css -> previous file (.ts or .html)

Type alt + u (Windows) or shift + alt + u (Mac) to:

  • Go from .css -> .ts
  • Go from .html -> .ts
  • Go from .ts -> previous file (.css or .html)

Packages for All JavaScript Languages —

Debugger for Chrome

VS Code Package

An essential when working with any VS Code JavaScript.

Auto Import

VS Code Package

Very useful package that will automatically add the import { } from '' line to your code.

Bracket Pair Colorizer

VS Code Package

This may not be up everyone’s alley, but it can be helpful to see which bracket closes where. This extension makes matching brackets the same color.

JavaScript (ES6) Code Snippets

VS Code Package

A simple package to add common ES6 snippets. The one I use the most is idm which is a snippet that expands to:

import { } from 'module';

Some other useful snippets:

  • clg: console.log(object)
  • fof: for(const item of object) {}
  • sto: setTimeout(() => {});

npm

VS Code Package

A small package that can tell you when one of your packages are out of date. Here’s an example showing one of our Angular packages behind a version.

TSLint

VS Code Package

Integrates TSLint into VS Code so we can get smart hinting and error finding for our TypeScript code.

Align

VS Code Package

A personal favorite. This is a minor package that I find myself using all the time. Purely cosmetic, it will help you align your code.

Here’s some unaligned code.

Hit the keyboard shortcut ctrl + alt + a and you get:

Conclusion

These are the packages that I’ve found to help most with Angular v2+ development. The amount of time these extensions can save us add up over time and let us focus more on the actual code.

Do you have any favorite extensions for Angular development? Would you be interested if I put together a VS Code extension pack so that you can install all these extensions with the click of a button?

Happy coding!

Source:: scotch.io

Seven Reasons Why Incapsula is Your Best DDos Solution

By Dino Londis

Creating your shiny new application is useless unless you also strive to protect it. While it may zip along in your test environment, far from the noise of the Internet, it can seize in just a few minutes when deployed in an under-protected environment. Today’s hackers are employing increasingly sophisticated hybrid DDoS attacks to slow and stop the performance of your application.

Deploying your app, regardless of how it’s coded, requires the same level of sophistication to prevent and mitigate attacks. You can’t do it on your own. But beware. The market is cluttered with CDN and DDoS mitigators, and choosing the right one will make the difference between keeping your business safe and putting it at risk of losing customers and reputation.

An Attack is an Attack is an Attack

Your customer doesn’t care if you stung with a level 3 or level 7 attack. They don’t care to make the distinction that this was a DDoS attack as opposed to a data breach. To the average person, they look the same: Something is wrong.

Your customers want the site to work and to trust that their data and transactions are safe.

A DDoS strikes at the heart of that trust. Your sites downtime may not be a loss of that customer, but it is an erosion of your reputation and could lead to an eventual loss and the cost of customer acquisition – especially after downtime – is too great to be wasted by a DDoS attack.

If you don’t have a DDoS mitigation solution or you’re using an inferior product, your site and business’ reputation are sitting ducks. Incapsula has pioneered best-in-class solutions for small and larges business. Here are Seven Reasons Why Incapsula is Your Best DDoS Solution

Hiding Your Infrastructure Origin IP Addresses

Incapsula provides infrastructure DDoS protection for their clients origin IPs addresses. By design, a CDN acting as a proxy prevents a hacker from directly attacking the servers. But a determined hacker can pretty easily uncover the origin IP address by looking up the DNS records of non-HTTP/S services, such as FTP.

To stop that, Incapsula assigns you an IP address from its IP range for routing traffic, using a Generic Routing Encapsulation (GRE) tunnel to established traffic between your origin servers and the Incapsula network. The tunnel routes clean traffic from its network to your origin server and back.

DDos Scrubbing

The attacker’s goal is to saturate server resources of the targets or those of intermediate communication equipment (e.g. Load balancers) exploiting network protocol flaw. The category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The Protocol Attacks magnitude is measured in packets per second.

Incapsula launched its Infrastructure Protection Services across its entire content delivery network of 30 PoPs, where other providers use just a few scrubbing centers globally. The bigger network allows it to serve its clients with minimum latency across the globe, even in an always-on mode.

AS soon as a DDoS attack is detected, inbound traffic is redirected to the nearest scrubbing center, and the centers applies DDoS filtering and routing techniques to reduce DDoS traffic interference. The scrubbed traffic is then routed back to the customer’s network.

The capacity of scrubbing centers and the filtering methods are critical for the provisioning of an efficient defensive service. Incapsula global network has over 3.5 Tbps (Terabits per second) of scrubbing capacity and the ability to process 30 billion packets per second. Once activated, the service blocks any attack in less than a second.

Protecting a Single IP Addresses in an Always-On Mode

As organizations move assets to public cloud, Incapsula created a solution similar to Infrastructure Protection – as described above. With single-address IP Protection Incapsula uses its own IP ranges and “lease” its IP addresses. Clean traffic would then be routed back to their origin over a GRE tunnel, just as it does with the Infrastructure Protection service. The result is packets remain untouched and the source IPs are available for firewalls and back end applications. This breakthrough service is unique to Incapsula.

Speed of Deployment

One major factor in a DDoS service is how fast can you on board the service and what kind of effort do you need to invest,” said Incapsula founder, Gur Shatz. “When you are under fire making sure you have chosen a solution that can shield your network from that attack with the minimal effort and time.”

This is how Incapsula approaches DDoS protection. It recommends its cloud based service that can be joined with no hardware, software or other integration requirements. Adding a website to Incapsula is done with a DNS change, allowing it nearly any company size, IT resources or expertise.

Superior Session Persistence

Session Stickiness or Session Persistence is vital for financial and other critical transactions. Incapsula supports various load balancing methods and by default, all of these methods are also session-persistent, meaning the same HTTP session will always return to the same preferred server (if it the server is responsive). Incapsula uses Source IP hash to maintain client session states, also unique to Incapsula.

When Persistence is enabled, Incapsula applies the load balancing algorithm only to the first request of each user session. Following that, Incapsula maintains the user session continuity by setting a dedicated session cookie in the client’s browser.

Easily Navigable Dashboard

You already know the benefits from your SIEM. At it’s best, your SIEM reduces the panes of glass you must look at in your environment. The Incapsula dashboard plugs into most major SIEMs so real time monitoring and administration can take place in a centralized location. Even on premise SIEMs can receive real-time data from Incapsula’s cloud-based services.

Incapsula also provides near real-time statistics. Incapsula integrates into nearly any SIEM as just another tab, showing little wait time for data. As little as one minute from the time the log is pulled and processed in the SIEM. That kind of information can help make better and faster decisions.

Ease of Switching

Enterprises are often leery of switching large services, especially when those services are deeply integrated in the architecture of the enterprise. Uprooting old Authoritative DNS servers when moving to a new platform may seem daunting, but better CDN providers like Incapsula ensure that you are not alone with the move because Incapsula designs solutions around the enterprise. It doesn’t try to shoehorn the enterprise into the solution.

This post is sponsored by SyndicateAds.

Source:: scotch.io

Best VS Code Themes of 2017

By Eniola Lucas Fakeye

VS Code Theme

I don’t know about you but I love writing code in a visually appealing environment. Beyond vanity, a good theme (and good font, because good themes should come with good fonts) makes your tons of code less boring to look at. Some themes even point out types in your code with colour schemes.

A good theme can make your job a bit easier, more fun and exciting.

Here, I will name a couple of great Visual Studio Code themes out there. Criteria for selection as of September 25, 2017:

  • User ratings
  • Number of installs
  • Time of last update

1. One Dark Pro

VS Code Page

This is a port of Atom’s iconic One Dark theme to VS Code. Need I say more? I love this theme.

  • Number of installs: 2,001,220
  • Time of last update: September 22nd, 2017
  • Number of open issues on github: 6
  • Average rating: 4/5 by 61 people

2. Material Palenight Theme

VS Code Page

It’s good to appreciate and encourage teenagers who are making impact in the ecosystem. This theme was made by Olaoluwa, a teenager.

Material Palenight Theme VS Code Theme

  • Number of installs: 10,767
  • Time of last update: September 13th, 2017
  • Average rating: 5/5 by 6 people

3. Monokai Pro

VS Code Page

From the creators of the original Monokai, Monokai Pro is a modern take on a functional color scheme. Let’s you get rid of the distractions and get straight to the code.

Monokai Pro VS Code Theme

Monokai Pro VS Code Theme

  • Number of installs: 7,696 installs
  • Time of last update: September 21th, 2017
  • Average rating: 4.5/5 by 11 people

4. Dracula Official

VS Code Page

There’s something calming about the color scheme used in this theme. The dark purple tint is what differentiates this theme from the others.

Dracula VS Code Theme

  • Number of installs: 211,364
  • Time of last update: September 17th, 2017
  • Average rating: 5/5 by 10 people

5. One Monokai Theme

VS Code Page

What a colourful theme! A lot of colours, everywhere.

One Monokai VS Code Theme

  • Number of installs: 128,595
  • Time of last update: July 26th, 2017
  • Average rating: 5/5 by 13 people

6. Material Theme

VS Code Page

A simple and clean material theme. Lots of configuration options here for color tints.

Material Theme VS Code Theme

  • Number of installs: 116,432
  • Time of last update: July 25th, 2017
  • Average rating: 5/5 by 29 people

7. Cobalt2 Theme Official

VS Code Page

Official Wes Bos theme. You know it’s quality if it’s from Wes Bos, I like it.

Cobalt  2 VS Code Theme

  • Number of installs: 11,603
  • Time of last update: September 15th, 2017
  • Average rating: 4.5/5 by 13 people

7. Atom One Dark Theme

VS Code Page

Another package that ports over the Atom One Dark Theme.

Atome One Dark VS Code Theme

8. Panda Theme

VS Code Page

Panda VS Code Theme

Panda VS Code Theme

9. Material Theme Kit

VS Code Page

It looks like this theme has been abandoned by its maker(s), but it’s still a good looking one!

Material Theme Kit VS Code Theme

Material Theme Kit VS Code Theme

Material Theme Kit VS Code Theme

  • Number of installs: 101,829
  • Time of last update: April 26th, 2017
  • Average rating: 4/5 by 15 people

Icons

Installing a great theme is not enough, you need a nice set of icons to complete the whole puzzle. That’s why I’d recommend the two most popular theme icons for you.

vscode-icons (3,190,596 installs)

Material Icon Theme (819,174 installs)

Conclusion

When a lot of people are buying or saying good things about a particular product, you can be sure of the quality of the product. In an online store, the best products always have the highest number of downloads and average ratings.

To rate the best VS Code themes out there, I decided to employ the same technique because a lot of people can’t be wrong, not on this kind of issue.

Source:: scotch.io

Create a Barebones Angular App with the --minimal Flag

By Chris Sevilleja

The Angular CLI gives us an easy way to create brand new Angular applications. Not only does it build Angular apps for us, it also gives us extras like testing built in.

Related Course: Working with the Angular CLI

Sometimes you may want to create a simple Angular app that doesn’t have all the bells and whistles that the CLI provides.

The –minimal Flag

The Angular CLI since v1.2 has added a --minimal flag to create a barebones Angular app.

We can create a new barebones app using the CLI:

ng new barebones-app --minimal

Now we’ve created a brand new app. You may notice that there are some file differences with and without the --minimal flag.

Let’s talk about the differences.

The Differences with the --minimal Flag

Here the three main differences:

  1. No tests are created: You’ll see no .spec.ts files for testing
  2. CSS is inline
  3. HTML templates are inline

Each component will be created as one file. There won’t be any .css or .html files created. Here’s the whole app.component.ts:

import { Component } from '@angular/core';

@Component({
  selector: 'app-root',
  template: `
    <p>
      app Works!
    </p>
  `,
  styles: []
})
export class AppComponent {
  title = 'app';
}

We have inline styles and templates.

How Does it Work?

How does the CLI know that it’s a minimal app? We can see the configuration in the .angular-cli.json file. Towards the bottom in the defaults section, you can see the the setup:

"defaults": {
  "styleExt": "css",
  "component": {
    "spec": false,
    "inlineStyle": true,
    "inlineTemplate": true
  },
  "directive": {
    "spec": false
  },
  "class": {
    "spec": false
  },
  "guard": {
    "spec": false
  },
  "module": {
    "spec": false
  },
  "pipe": {
    "spec": false
  },
  "service": {
    "spec": false
  } 
}

We can see in the component section, there are three properties for:

  • spec: Should the CLI create tests
  • inlineStyle: Should the styles be inline
  • inlineTemplate: Should the HTML template be inline

Even if you create an Angular app without the --minimal flag, you can update the settings here for any generated features!

Source:: scotch.io