OpenJS World 2022 and other Adventures in Nodeland - Issue #62





Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that Adventures in Nodeland will receive your email address.

Matteo Collina
Matteo Collina
Hey Folks, I’m writing this after I landed in Austin for OpenJS World 2022. I’m really excited about meeting everybody in person after more than two years. In this issue you’ll find a few releases and a few quite interesting articles… including one on how NOT to do security research. Let me know what you think!

OpenJS World
The wait for Fastify v4 is almost over and we are ready to ship it. We had a few bugfixing releases as well as some major refactoring in fast-json-stringify:
pino v8.0.0 with a few changes:
  • drop support for Node v12
  • asynchronous logging by default
  • support for Error.cause
  • drop of all previous deprecations
We shipped undici v5.4.0 that resolves the Headers issue about forbidden headers: we decided to deviate from the spec and allow all headers. Read more at
Last week npm disclosed a very important vulnerability CVE-2022-29244 that could have lead to secrets being shipped within packages when using npm workspaces. Please update your node and npm installations, they have all been patched already.
What are components? Could we live in a component-less future? Read up the point of view of Ryan Solid:
Components are Pure Overhead
Firecracker is exploding on its own little ecosystem. Check out how Stripe has been using it to create a fast and secure build system.
Security researchers should NOT perform supply chain attacks to prove their theories. However that’s essentially what happened in the PHP community and what has caused all teams to scramble and update the their systems. Read up:
How I hacked CTX and PHPass Modules
If you are an heavy-duty OSS maintainers, you have no time to waste. Most of us now require a minimal reproduction before engaging in an issue. Check out Anthony long explanation:
If you are working at a tech firm and you would like to be promoted, you should really assess what kind of documentation you would need for that promotion. What lesson could we learn? If something did not have an impact, then it’s not important for your career and you can actually avoid it. Read the full article:
Why I Quit Google to Work for Myself
If you have a background in Security, you might want to apply to the Alpha-Omega position.
  • This Week in React: the best of React & React Native news. Sebastien filters the noise, and you save time!
Do you like this newsletter? Would you like to sponsor it? Check out the new sponsorship page.
Did you enjoy this issue? Yes No
Matteo Collina
Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.