Node.js News

The rumors of Express.js's death are greatly exagerrated

(June 26, 2019) Wandering across a question on Quora (Is Express.js dying? What are the alternatives?) had me stop and take a look at the facts. I'd noticed a few months ago that contributions to the main Express repository had dried up, and therefore I was worried the Express project was dying from neglect. So let's talk about this, because it is important to clear up the air.

Regarding the recent security vulnerability in event-stream and other npm packages

(June 18, 2019) Recently security vulnerabilities were discovered in the event-stream package, and at least one other. Malicious code was added to specific packages in a way that could be done much more broadly. While the specific vulnerability was tightly focused on one specific target and did not affect most of us, the problem could have been extremely wide-spread. As a result we, the Node.js community, need to rethink how packages are managed.

Node.js 10.x released - What's NEW?

(April 24, 2018)

After a year of development Node.js 10 has been released. It represents a huge step forward because of some high profile features and fixes. In October Node.js 10 will become the active Long Term Support branch, with 11.x becoming the new experimental branch. Let's take a look at what's been included.

Node.js Web Development, 4th edition, coming soon

(February 25, 2018)

With the rapid advances in the Node.js platform, Packt Publishing (the publishers of Node.js Web Development) and I both felt a new edition was required. The 3rd edition published in mid-2016 updated the text to support Promises and some advanced techniques like deployment using Docker. Since then, async functions have emerged on the scene, and with Node.js 10.x we'll have ES6 modules available. I just submitted the first draft of all 12 chapters to the editors, meaning that the book is about a month from being finished.

npm version 5 has major usability bug with installing packages locally

(Mon Nov 27 2017 16:00:00 GMT-0800 (Pacific Standard Time))

With npm version 5 we gained a lot of welcome new features and performance improvements. I've been happily using npm@5 for several months, but recently discovered a major problem that dramatically affects my workflow. When I'm updating a package, I want to test that package locally WITHOUT pushing changes to the Git repository. To do so, I found it best to install that package into another project to test/run the code. This worked great with npm versions prior to npm@5, but now I have two major problems. First, npm modifies the package.json to insert a "file:" dependency, overwriting the existing dependency, and second it makes a symlink to the package rather than doing a proper installation.

Node.js toolkit for mobile iOS and Android devices announced by Janea Systems

(Tue Oct 24 2017 17:00:00 GMT-0700 (Pacific Daylight Time))

Node.js is no longer limited to server-side application development. The Electron platform, popularized through the Atom editor, is an excellent way to develop desktop applications. Now it's possible to target mobile devices running either iOS or Android using a Node.js implementation. Janea Systems is offering a "library" for both iOS and Android systems allowing an app to host a full Node.js execution environment, and offering UI implementation either with Cordova or React Native.

Node.js forked, Ayo.JS, is trying to find its way

(Sat Sep 23 2017 17:00:00 GMT-0700 (Pacific Daylight Time))

A month ago we suddenly had news of a hostile fork of Node.js, called Ayo.js, by Node.js team members upset over what they called Code of Conduct violations. Supposedly another Node.js team member was routinely harrassing people (a claim he has denied) and spoke against having a Code of Conduct. I don't know whether any of that is true. What's necessary is to check in with Ayo.js, see what they're doing, and if there is any compelling technical reason for their existence.

Going by the Ayo.js issue queue, that team is considering the same problem. Several issues are suggesting breaking changes with Node.js, that might produce a superior implementation. In one issue the folks are explicitly debating whether they should maintain one-for-one compatibility, or to strike out on their own.

Node.js has been forked over Terms of Conduct violations forming Ayo.JS project

(Tue Aug 22 2017 17:00:00 GMT-0700 (Pacific Daylight Time))

Over the last couple days, a group of Node.js project members who'd worked in the Technical Steering Committee resigned, and at the same time Node.js was forked to create the Ayo.js project. The name was chosen because it's pronounced similarly to IO, in other words this seems to be an attempt to resurrect the IO.JS fork. According to Twitter and Medium postings I've found, there are allegations of repeated Code of Conduct violations by one TSC member, and an unwillingness of other committee members to take action. Bottom line, the people involved are questioning whether the leadership of the Node.js project are properly committed to "community" and "inclusivity".

An open source software project is about much more than the code. A successful project is comprised of a community of people successfully working together. Often such projects are volunteer driven, and membership is on merit and contributions. Bottom line is that community dynamics often drive decisions about who is "in" the project and who isn't. By contrast contributing to a traditional commercial software project simply means having been hired by a company to do the work.