Episode 8: Node.js in Production with Tierney Cyren
Tierney Cyren talks with John and Ward about all things Node and how to use it in production.
Recording date: 2018-10-25
John Papa https://twitter.com/john_papa
Ward Bell https://twitter.com/wardbell
Dan Wahlin https://twitter.com/dan wahlin
Tierney Cyren https://twitter.com/bitandbang
Show Notes:
(0:01:11) Ward reads the mailbag about Node versioning
(0:01:39) Tierney talks about Node.js versioning https://nodejs.org/en/
(0:01:56) Tierney discusses the Node.js LTS schedule
(0:02:18) Ward asks how he would go about moving from v8 to v10 of Node.js
(0:02:48) John asks if the code needs to change or just recompile
(0:04:40) Tierney explains the node.js release lines work https://nodesource.com/blog/understanding-how-node-js-release-lines-work/
(0:05:10) Tierney explains there can be more than one active LTS at a time
(0:05:39) John dsicusses how the Node.js LTS chart is helpful https://github.com/nodejs/Release#release-schedule
(0:06:10) Ward asks what is he missing if he doesn;t move to a new release
(0:06:30) Tierney explains vthat you may miss vulnerability patches
(0:07:30) Tierney explains how he recommends thinking about how long you should stay on a release line
(0:08:10) Tierney says Laurie Voss https://twitter.com/seldo of npm had a talk about the Fortune 50 companies who use Node.js
(0:08:46) Ward asks what the relationship is between Node.js and npm
(0:09:00) Tierney says npm is a company https://npmjs.com
(0:09:39) Tierney mentions Isaac - CEO of npm https://twitter.com/izs?lang=en
(0:12:32) John asks Tierney what the performance is of Node.js
(0:14:11) Tierney talks about how LinkedIn used Node.js
(0:14:33) Tierney says Paypal is the largest public deployment of Node.js on the planet
(0:14:50) Tierney says Walmart uses Node.js which helps them with Black Friday sales
(0:16:04) tc39 spec https://tc39.github.io/ecma262/
(0:16:48) Node.js performance tips https://www.smashingmagazine.com/2018/06/nodejs-tools-techniques-performance-servers/
(0:17:01) Ward asks what level of javascript features are implemented in Node.js
(0:17:40) Tierney talks about ESM (module system)
(0:19:40) John and Tierney talk about tools for application performance monitoring
(0:21:04) New Relic and AppDynamics are great tools for this
(0:21:40) Tierney talks about when the event loop is blocked
(0:21:45) JSON.parse can sneak up on you, as it blocks the event loop
(0:22:46) NSolid is a replacement for node.js runtime - does perf monitoring too https://nodesource.com/products/nsolid
(0:22:50) John asks if you can use NSolid for production deployments without slow-downs
(0:22:50) Tierney talks about the performance impact of using NSolid for monitoring
(0:23:30) John talks about an AST http://www.syntaxsuccess.com/viewarticle/javascript-ast
(0:26:10) Async hooks is a new tool that ships in node that pulls data out to help APM's (App Performance Monitoring) help get data
(0:27:00) Ward asks if there are tools that will check for anti patterns, for CI
(0:27:50) Tierney talks about tools that NodeSource has written to help look for issues in Node code (certified modules)
(0:28:57) ncm-ci is the tool https://github.com/nodesource/ncm-ci
(0:29:11) Ward mentions tools like Lighthouse for chrome https://chrome.google.com/webstore/detail/lighthouse/blipmdconlkpinefehnmjammfjpmpbjk?hl=en
(0:29:15) Tierney commits to writign Lighthouse for Node.js by the end of the podcast (jokingly)
(0:30:32) Greenkeeper is a github integration app that auto checks dependencies https://greenkeeper.io/ and analyzes your npm package
(0:31:09) Snyk looks for security vulnerabilities in packages https://snyk.io
(0:32:01) Node awesome list https://github.com/sindresorhus/awesome-nodejs
(0:33:14) Tierney has his own list for Node.js https://github.com/bnb/awesome-awesome-nodejs
(0:33:30) Ward asks Tierney whaat the top 10 Node.js tools everyone needs
(0:36:00) Ward says he is looking for a middle ground between all of the tools and just the most important tools
(0:37:49) John asks what you can do to secure Node.js apps
(0:39:50) Tierney talks about how you can submit vulnerabilities to https://hackerone.com/nodejs-ecosystem
(0:40:09) John asks Tierney about npm vs yarn
(0:50:51) Yarn https://yarnpkg.com/en/
(0:42:20) Tierney talks about his interest in Go https://golang.org/
(0:43:30) Tierney talks about how Ryan Dahl created Node.js https://jaxenter.com/ryan-dahl-fixing-node-deno-146190.html
(0:45:01) Someone to follow - Dave Geddes at https://gedd.ski/
(0:45:58) Someone to follow - Sherry List https://twitter.com/sherrrylst
(0:46:41) Someone to follow - Franziska Hinkelmann https://twitter.com/fhinkel
Resources
Node.js Everywhere with Environment Variables https://medium.com/the-node-js-collection/making-your-node-js-work-everywhere-with-environment-variables-2da8cdf6e786 by John Papa
Eleven Tips to Scale Node.js https://medium.com/microsoftazure/eleven-tips-to-scale-node-js-65cbf6deef6e by Brian Holt
async await in Node.js https://blog.risingstack.com/mastering-async-await-in-nodejs/
Certified Modules from Node Source https://nodesource.com/products/certified-modules
Blog posts by Tierney https://nodesource.com/blog/author/bitandbang
Node Collection - medium blog https://medium.com/the-node-js-collection
Tierney says use security tools like helmet https://github.com/helmetjs/helmet
Ryan Dahl - creator of Node http://tinyclouds.org/
npm audit in ci system https://docs.npmjs.com/getting-started/running-a-security-audit
WardInSpace: https://docs.npmjs.com/cli/audit NPM Audit
Node security working group https://medium.com/the-node-js-collection/meet-the-node-js-security-working-group-30b9f00b678
WardInSpace: Node Security Working Group https://github.com/nodejs/security-wg
Tierney-Cyren: https://internetbugbounty.org/
WardInSpace: https://www.rust-lang.org/en-US/ Rust