Feb 14, 2022

Adventures in Nodeland - Issue #47

Matteo Collina

Hi Folks! Another week has passed with more bugs, fixes, releases and… SECURITY ISSUES! I have also included a couple of interesting articles that will surely be of interest to you all - as usual you’d find them at the end! Let me know what you think.

Next week I’m going to be speaking at Node Congress!

LEARN FROM THE BEST TRAINERS IN THE CLOUD

Node Congress is a 2-day conference discussing all things Node.js. The event is going to gather thousands of backend and full-stack developers in the cloud on February 17-18, 2022

nodecongress.com

Mercurius

Last week I spent a significant amount of time chasing a significantly bad bug in Mercurius. Unfortunately the gateway did not resolve references returned by top level resolvers from different nodes:

[gateway] Correctly resolve references returned from top-level resolvers by mcollina · Pull Request #727 · mercurius-js/mercurius · GitHub

Fixes #726

github.com

I shipped v9.3.1 including that fix:

Release v9.3.1 · mercurius-js/mercurius · GitHub

Implement GraphQL servers and gateways with Fastify - Release v9.3.1 · mercurius-js/mercurius

github.com

Mercurius-Cache got an important bugfix that refactored how errors were handled.

Refactored Error handling by sameer-coder · Pull Request #77 · mercurius-js/cache · GitHub

This PR tries to simplify the error handling in the code. I have tried to split the different conditionals into separate functions so that the code is more readable. Added some tests to ensure we cover all cases and coverage is 💯 Closes #76

github.com

We have also added a new way to avoid naming collisions with entities with the same names of caching options (see https://github.com/mercurius-js/cache/issues/61 for more details). Therefore, we have added an __options key to specify them:

feat: __options policy implementation by tiagoheliob · Pull Request #68 · mercurius-js/cache · GitHub

Implementing _options for nested fields conflicts closes #61

github.com

Fastify

Hey Fastify user! We need your help: we are looking to know who you are so we can better target our work!

Fastify Feedback February 2022 Survey

Web survey powered by SurveyMonkey.com. Create your own online survey now with SurveyMonkey’s expert certified FREE templates.

linuxfoundation.surveymonkey.com

Last friday I shipped a fix for a security vulnerability identified by Alessio della Libera - a researcher from Snyk. Unfortunately fastify-multipart was vulnerable to a potential prototype poisoning attack. Update to the latest version ASAP:

Release v5.3.1 · fastify/fastify-multipart · GitHub

Multipart support for Fastify. Contribute to fastify/fastify-multipart development by creating an account on GitHub.

github.com

fastify-swagger v4.15.0 got an update as well with a new feature that add support to OpenAPI serialization options:

Release v4.15.0 · fastify/fastify-swagger · GitHub

Swagger documentation generator for Fastify. Contribute to fastify/fastify-swagger development by creating an account on GitHub.

github.com

News

You have probably noticed that a few modules are platform dependent. Very soon npm will include the concept of package distribution to simplify the installation procedures for such modules.. read it up:

rfcs/0000-package-distributions.md at 528fa298a3529dcae3f58cbf2f9a577ba16b479f · npm/rfcs

Today, maintainers utilize various strategies to distribute platform-specific versions of their software under a singular package namespace. Often, these strategies rely on install scripts or optionalDependencies with some type of bootloader implementation (ex. esbuild); borth are not ideal.

github.com

How do you investigate a Node.js performance issue in the wild? Read the story from Airtable:

Investigating Node.js Performance: Event Loop and Network I/O (Part 2) | by Xue Cai | The Airtable Engineering Blog | Medium

In a previous blog post, we discussed a performance investigation that uncovered an unexpected interaction between Node.js event loop and network Input/Output (I/O), which significantly slowed down…

medium.com

Psycological safety is one of most overlooked topic in the field of engineering management. Yet, it’s critical to enable people to do their best work:

Five ways to create a continuous learning culture within a psychologically safe environment

The mass exodus from the workforce known as the “Great Resignation” has made us all pause and wonder at the root cause of these departures. Especially in the tech industry where resignations rank among the highest with a 4.5% increase in departures compared to 2020.

stackoverflow.blog

Psychological safety is critical for high-performing teams

Big launches and milestone achievements deserve to be celebrated. When organizations take time to recognize the hard work that went into the completion of a release or even a bite-sized milestone, this helps employees recharge and stay motivated.

stackoverflow.blog

Learn from my colleague and fellow Fastify collaborator Manuel Spigolon on how to build a GraphQL federated server using Mercurius.

Learn how to create a GraphQL Federated server using Mercurius and Fastify

backend.cafe

Articles

Lately a few folks have asked me what I thought of TypeScript and what to do if a company wanted to adopt TypeScript. I recommend to follow the insights of the expert: Rob Palmer!

10 Insights from Adopting TypeScript at Scale | Tech At Bloomberg

Rob Palmer shares some of the insights & lessons learned during Bloomberg Engineering’s journey to adopt TypeScript as a first-class supported language.

www.techatbloomberg.com

Did you enjoy this issue? Yes No

Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.

If you were forwarded this newsletter and you like it, you can subscribe here.

Created with Revue by Twitter.