View profile

Release week just passed.. check out new Fastify, Mercurius and many more modules in Adventures in Nodeland - Issue #39

Matteo Collina
Matteo Collina
Hi Everyone! I’ve missed an edition because I took a week off at the beginning of December - I was exhausted, this has been a tough year. In case you wonder, I have been to Rome and Florence!
We are back with our regular schedule and I hope to keep up with the newsletter over the holidays as well. As usual, let me know what you think

Sunset at the Colosseum
Sunset at the Colosseum
Being off for a week often means that no releases are shipped. I learned the wrong way to always release when you have time to fix your mess. So.. a lot of projects I maintain shipped something new last week. Check them out.
Fastify
The first release I’m going to talk about is Fastify! We are working hard to improve our documentation, so we shuffled a lot files around and fixed all the broken links in the process. Thanks to a couple of phenomenal contributors helped.
You can browse the new documentation at:
Documentation (latest — v3.25.0)
Release v3.25.0 · fastify/fastify · GitHub
Mercurius
Mercurius the r
Mercurius the r
I also released a new version of Mercurius, my take on “how to write a GraphQL server with Mercurius. This new releases sports a couple of new options and a regression fix. Check it out:
Release v8.12.0 · mercurius-js/mercurius · GitHub
The most important announcement 📣 of Mercurius is a security advisor due to a bug 🐛 introduced in v8.10.0. This bug caused your application to crash if an invalid JSON was sent as a body to a GraphQL route. It was fixed in v8.11.2. Check it out
Next week I plan to release v9 of Mercurius sporting GraphQL v16 and a change of default protocol for subscriptions. More on that next week!
Undici
This new release of Undici significantly improves our fetch() implementation, solving several bugs and improving its performance. We are getting closer to call it “stable!”.
Release v4.12.0 · nodejs/undici · GitHub
I have spent quite some time investigating a potential memory leak in Undici. I think the issue is a good example of performing this kind of analysis… even if I concluded that there is no leak.
undici fetch has memory leak · Issue #1108 · nodejs/undici · GitHub
Here is also a commentary of the actual problem I faced at the end.
Matteo Collina
I spent an hour identifying that @nodejs Worker Threads have in fact their own heap and if you spin up 50 of them you are going to need quite a bit of RAM.
Pino
I did not release or did much work on pino. However there were a few PR waiting to be landed and released. The release of pino-pretty includes quite a few updates that introduce new features and fix a few bugs. Check it out:
Release v7.3.0 · pinojs/pino-pretty · GitHub
For all of you that do not know Hapi - it’s an web framework for Node.js that is very stable and preferred by several companies around the globe. hapi-pino registers to the logging mechanism of Hapi. This releases moves pino-pretty to devDependencies and it implements a new feature.
Release v9.1.0 · pinojs/hapi-pino · GitHub
Last week I worked with my colleague Rafael to fix a significant regression on pino-http. Here is the result of our analysis and fix:
25% throughput improvement by mcollina · Pull Request #196 · pinojs/pino-http · GitHub
News
One of the most important news of this week is that Express shipped a new release after two years 🍾. I’m happy that Doug is still active and I hope for more.
Release 4.17.2 · expressjs/express · GitHub
The second most notable news from the last two weeks is a forced enrollment in 2FA for major publishers on the npm platform. This is a great news for everybody as it would make everybody significantly safer:
Enrolling all npm publishers in enhanced login verification and next steps for two-factor authentication enforcement | The GitHub Blog
I was featured in the annual report from the Linux Foundation! Check it out:
Ben Michel
Stoked to see this nice spread about the @openjsf in the LF's annual report this year + all the faces of rad JS people! 😎🎉 https://t.co/RcCpLmavQe

cc @rginn206 @bitandbang @matteocollina @codebytere ♥️ https://t.co/0OSwpFCgPG
If you haven’t heard about the Log4j vulnerability and you are running a product using Log4j you are probably in trouble now. If you are mostly running Node.js… you might want to read up about it!
Log4Shell vulnerability disclosed: Prevent Log4j RCE by updating to version 2.15.0 | Snyk
Would you check in your npm dependencies in your Git repo? Read about this valuable opinion and how you would need to change your workflow to adopt this:
Why you should check-in your node dependencies - Jack Franklin
The Log4j vulnerability have spawn an incredible amount of really interesting content about Open Source sustainability. The following article has a somewhat new take: professionalizing the role of the Open Source maintainer.
Professional maintainers: a wake-up call
My friend Myles then follow up with a take on similar lines: you are getting some value from your OSS contributions.
sMyle
Time for a 🔥 take

If you cannot find a way to be compensated, recognized, or get some value out of your OSS contributions you should reconsider how you are investing your time.

You don't need to be directly compensated, but you should personally benefit from your labor.
Is single-threaded faster than multi-threaded? Read up on this long explanation on how Redis could potentially be made much faster, using a share-nothing architecture with threads dedicated for a partition of key space:
What is TLS fingerprinting? It’s a technique that can be used to detect which runtime (with version) you are using by looking at the algorithms that it advertise supporting. How can you defeat it in Node.js? Read up:
Fighting TLS fingerprinting with Node.js
ARM CPUs are taking over the world. From smartphones, to laptops to servers they are both more performant and energy savvy. Read up this story on how CloudFlare could deliver 57% more performance per watt spent.
Designing Edge Servers with Arm CPUs to Deliver 57% More Performance Per Watt
Would you like to speak at NodeCongress? The Call for Papers is open!
Node Congress
The biggest #NodeJS conference worldwide is coming back in 2022.

If you are into #JavaScript or related technologies and ready to share your ideas with the world — here is your chance to join #NodeCongress as an expert!

Apply before January 16, 2022.

See you on stage!
Did you enjoy this issue? Yes No
Matteo Collina
Matteo Collina @matteocollina

I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.