View profile

Back to work with COLORS endless loop and other Adventures in Nodeland - Issue #42

Matteo Collina
Matteo Collina
Hi Everyone,
In this back-to-work edition we feature only a few releases and Open Source work as I had some days off. However it covers quite a few interesting article ranging from some npm drama to GraphQL and web3.
See you next week!

The big shoutout this week goes to the hyperid module that got a new bug found and fixed… and I learned that RFC4648 covers how to encode base64 data in a url safe manner. Read more at:
Change urlSafe to be RFC4648 compliant by michaelrommel · Pull Request #29 · mcollina/hyperid · GitHub
We are progressing in our journey towards Fastify v4, and this week is the turn of fast-json-stringify that bumped its major version
Release v3.0.0 · fastify/fast-json-stringify · GitHub
We shipped fastify-passport v0.5.0 with support for the new @fastify/session module. Check it out:
Release v0.5.0 · fastify/fastify-passport · GitHub
Have you ever checked out fastify-vite? If you are curious on how you can use Vite with Fastify to build your frontend, read the article from my colleague Jonas - he rebuilt his blog using fastify-vite (his creation).
Blogging with Fastify, Vite and Vue 3
I will be speaking about Fastify at JS Poland (remotely)!
Article & News
This weekend has been busy for the Node.js community. Marak, who is a maintainer with millions of downloads per month, decided to introduce a Denial of Service attack to one of its most popular module, colors. This new episode is another chapter on one of most challenging problem of Open Source: how do we fund it? Read up:
Open source maintainer pulls the plug on npm packages colors and faker, now what? | Snyk
NPM / Github intervened and they suspended Marak account while reverting to a previous version of the module.
marak 🗿
NPM has reverted to a previous version of the faker.js package and Github has suspended my access to all public and private projects. I have 100s of projects. #AaronSwartz
Why did they do it? I think because it violated their “acceptable content” policy. However I would like to read a full postportem about this situation:
npm Open-Source Terms | npm Docs
One of the most interesting news in Nodeland is the ability to run EcmaScript modules in your AWS Lambdas! They also include one of the smartest use of Top-Level-Await that I have seen: boot your application before any Lambda event are received, greatly reducing the cost of cold start when using reserved capacity. We’ll soon be using this feature inside
Using Node.js ES modules and top-level await in AWS Lambda | Amazon Web Services
During my studies at the University of Bologna I had the chance to study the architecture of several chips (from the 8086 to the Pentium and then the Intel core) in great detail. I found the amount of research and explanation needed to write a precise article on architecture challenging - so I was delighted to read such a presentation about the Graviton 3. If you wonder were AWS superiority comes, you should not look any further.
Inside Amazon’s Graviton3 Arm Server Processor
Are you a GraphQL Server at scale? Check out the following article that explains how they reduced latency by 70%. Guess what technology they used - it’s a really description of their journey that they summarised as “aggregation of marginal gains”. Read up:
Lessons learned from running GraphQL at scale | by Dream11 Engineering | Dream11 Engineering
You probably have heard about all the hype about web3. The following article criticises a significant part of it - some are good observations, others not so. Independently of what you think of web3, it’s a must read.
This follow-up article is good counterargument of the details that Moxie did not get right. Check it out:
Did you enjoy this issue? Yes No
Matteo Collina
Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.