The Node.js Update - #Week 28 - 13 July, 2018

By Tamas Kadlecsik

The Node.js Update - #Week 28 - 13 July, 2018

Below you can find RisingStack‘s collection of the most important Node.js news, updates & tutorials from this week:

Postmortem for Malicious Packages Published on July 12th, 2018

On July 12th, 2018, an attacker compromised the npm account of an ESLint maintainer and published malicious versions of the eslint-scope and eslint-config-eslint packages to the npm registry. On installation, the malicious packages downloaded and executed code from pastebin.com which sent the contents of the user’s .npmrc file to the attacker. An .npmrc file typically contains access tokens for publishing to npm.

We, the ESLint team, are sorry for allowing this to happen. We hope that other package maintainers can learn from our mistakes and improve the security of the whole npm ecosystem.

The malicious package versions are eslint-scope@3.7.2 and eslint-config-eslint@5.0.2, both of which have been unpublished from npm. The pastebin.com paste linked in these packages has also been taken down.

Testing Node.js in 2018

Setting up a good test framework can be tricky regardless of what language you’re using. In this post, we’ll uncover the hard parts of testing with Node.js, the various tooling we decided to utilize in Winds 2.0, and point you in the right direction for when it comes time for you to write your next set of tests.

Node.js REPL in Depth

REPL stands for read-eval-print-loop, or just an interactive session (usually in your terminal), where you can enter some expression and immediately evaluate it, seeing the result. After evaluating, the whole flow repeats, and it works until you exit the process. So, R stands for reading your command, E stands for evaluating it, P stands for printing the result of the execution, and L means to run the whole process again, “in the loop”.

Build and Understand a Simple Node.js Website with User Authentication

Building websites with user authentication and management (login, registration, password reset, etc.), can be a huge pain. As a developer there are a million little things you need to worry about:

  • Storing the users in your database
  • Making sure you have the right user attributes defined
  • Forcing users to be logged in to view a page
  • Building registration and login forms
  • Creating password reset workflows that email users a link
  • Verifying new users when they sign up via email
  • Etc…

Building a Node JS interactive CLI

Node.js can be very useful when it comes to building Command-line Interfaces also known as CLI’s. This post teaches you how to build a CLI that asks some questions and creates a file, based on the answers.

How I built a job scraping web app using Node.js

Indreed is a Rest API for scraping jobs from Indeed and around the web. It is powered by my personal web scraping project and layered on a rest API. Its a real Rest API and can be used from any platform using any programming language.

npm Joins ECMA International and TC39

We’re excited to announce that npm has joined ECMA International and is participating in TC39, the working group of ECMA International that defines the standard for the JavaScript programming language. (The standard is, strictly speaking, called ECMAScript, although everyone refers to it as JavaScript.)

Node.js is Viriciti’s Go-to Dev Platform for Real-time Electric Vehicle Fleet Monitoring

Viriciti, a company focused on electric vehicle fleet monitoring, orchestrates hundreds of thousands of messages per second into real-time dashboards using Node.js, microservices, and serverless. They use Express Gateway, an open source API gateway built on Express.js, to make data available through their API tier.

signale – a hackable console logger for Node.js apps

Hackable and configurable to the core, signale can be used for logging purposes, status reporting, as well as for handling the output rendering process of other node modules and applications.

Previous Node.js Updates:

From the previous Weekly Node.js Update:

  • Node v10.6.0 (Current) Released. Update now!
  • Multi-server Chat in Node Without a Database
  • The Art of Node: An introduction to Node.js
  • Case Study: How Bustle uses Node.js to Speed Up App Development

& more…

We help you to stay up-to-date with Node.js on a daily basis too. Check out our Node.js news page and its Twitter feed!

Source:: risingstack.com