View profile

Adventures in Nodeland - Issue #47

Matteo Collina
Matteo Collina
Hi Folks! Another week has passed with more bugs, fixes, releases and… SECURITY ISSUES! I have also included a couple of interesting articles that will surely be of interest to you all - as usual you’d find them at the end! Let me know what you think.

Next week I’m going to be speaking at Node Congress!
LEARN FROM THE BEST TRAINERS IN THE CLOUD
Mercurius
Last week I spent a significant amount of time chasing a significantly bad bug in Mercurius. Unfortunately the gateway did not resolve references returned by top level resolvers from different nodes:
I shipped v9.3.1 including that fix:
Release v9.3.1 · mercurius-js/mercurius · GitHub
Mercurius-Cache got an important bugfix that refactored how errors were handled.
We have also added a new way to avoid naming collisions with entities with the same names of caching options (see https://github.com/mercurius-js/cache/issues/61 for more details). Therefore, we have added an __options key to specify them:
Fastify
Hey Fastify user! We need your help: we are looking to know who you are so we can better target our work!
Last friday I shipped a fix for a security vulnerability identified by Alessio della Libera - a researcher from Snyk. Unfortunately fastify-multipart was vulnerable to a potential prototype poisoning attack. Update to the latest version ASAP:
Release v5.3.1 · fastify/fastify-multipart · GitHub
fastify-swagger v4.15.0 got an update as well with a new feature that add support to OpenAPI serialization options:
Release v4.15.0 · fastify/fastify-swagger · GitHub
News
You have probably noticed that a few modules are platform dependent. Very soon npm will include the concept of package distribution to simplify the installation procedures for such modules.. read it up:
rfcs/0000-package-distributions.md at 528fa298a3529dcae3f58cbf2f9a577ba16b479f · npm/rfcs
How do you investigate a Node.js performance issue in the wild? Read the story from Airtable:
Investigating Node.js Performance: Event Loop and Network I/O (Part 2) | by Xue Cai | The Airtable Engineering Blog | Medium
Psycological safety is one of most overlooked topic in the field of engineering management. Yet, it’s critical to enable people to do their best work:
Five ways to create a continuous learning culture within a psychologically safe environment
Psychological safety is critical for high-performing teams
Learn from my colleague and fellow Fastify collaborator Manuel Spigolon on how to build a GraphQL federated server using Mercurius.
Articles
Lately a few folks have asked me what I thought of TypeScript and what to do if a company wanted to adopt TypeScript. I recommend to follow the insights of the expert: Rob Palmer!
10 Insights from Adopting TypeScript at Scale | Tech At Bloomberg
Did you enjoy this issue? Yes No
Matteo Collina
Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.