Hi Everyone! It’s time for another edition of Adventures in Nodeland, telling the latest stories of the Fastify & Node.js communities. Today we have quite a bit of news and articles, a new event we are launching, and a “fun” experiment with TypeScript targets. As usual, let me know what you think!
We are launching a new event on GraphQL! Check it out:
Come watch Josh Goldberg, Max Stoiber, Ebenezer Don, Arisa Fukuzaki, Jason Kuhrt, Uri Goldshtein and myself at “Untangling GraphQL” a free, remote event by NearForm, taking place 06/04/2022 to 07/04/2022.
Last week I released v3.27.3 and v3.27.4 to fix all compatibilities problems between Fastify v3 and the (upcoming) Node.js v18. Fixes were required in the the test suite - false positives started to show up due to changes in the runtime and they started to show up in Node.js CITGM.
Meanwhile in another branch the development of Fastify v4.0.0 is progressing steadily. This includes a deprecation of the variadic .listen() implementation. Check out the PR and the discussion at:
Resolves #3652. As I am going through the process of getting this PR together, I am more convinced that this is the right path. I have had to jump through several hoops to cover cases of “was this signature provided? That one? This one?”
There are quite a few moments that you noticed you made a mistake: Dave and myself developed 0x to help build performant libraries for Node.js. The first of those libraries was pino, our JSON logger. Anyway the latest release of pino was not compatible with 0x, because of a bug inside 0x - that Rafael promptly fixed!
Last week I have done quite a bit of research to verify that using async/await with TypeScript could lead to massive overhead… unless it’s configured correctly. Specifically, you’ll need to target at least es2017 to avoid any additional overhead. This unfortunately applies also to some of yours dependencies (be careful in what you chose to use!):
The complexity behind modern authentication system is unique. while the technology might be simple to use, understanding what is actually happening is fundamental for a safe implementation of every solution. Check out this illustrated guide to know more:
In the “stone age” days of the Internet, sharing information between services was easy. You simply gave your username and password for one service to another so they could login to your account and grab whatever information they wanted!
Nowadays with the established concepts of cloud computing, infrastructure as code, and automation; the volume and complexity of environments are increasing exponentially. This landscape makes it necessary to implement a clear set of rules and policies regarding the lifecycle of cloud resources, otherwise known as Cloud Governance.
What happen when you enable your customers to run code inside your infra? They can easily sniff each other secrets if you are not careful. Last week a “fun” vulnerability was released targeting Azure. Read up:
At the beginning there was HTTP/2 push. However that did not really work out as planned. Then 103 Early Hints came for the rescue. I have been watching the advancement of this new feature of the Web with interest: currently it is at origin trial status in Chrome:
Support 103 Early Hints informational responses for navigation. When a 103 response includes or other link headers Chromium tries to preload (and/or preconnect, prefetch) specified resources even before the final response is received. This gives Web developers a way to optimize Core Web Vitals such as Largest Contentful Paint (LCP).
How much should you rely on services of your Cloud provider? How much should you tie your business to one single vendor? Those are the fundamental question of every software architect in 2022. Here is the opinion of ThoughWorks:
I write about my journey as a core contributor of Node.js, as an author and a maintainer of many modules - including Fastify and Pino. In addition, I speak at conferences, and I will add links to all my talks in case you missed one.