Episode 8: Node.js in Production with Tierney Cyren

Web Rush

Tierney Cyren talks with John and Ward about all things Node and how to use it in production.

Recording date: 2018-10-25


John Papa https://twitter.com/john_papa

Ward Bell https://twitter.com/wardbell

Dan Wahlin https://twitter.com/dan wahlin

Tierney Cyren https://twitter.com/bitandbang

Show Notes:

(0:01:11) Ward reads the mailbag about Node versioning

(0:01:39) Tierney talks about Node.js versioning https://nodejs.org/en/

(0:01:56) Tierney discusses the Node.js LTS schedule

(0:02:18) Ward asks how he would go about moving from v8 to v10 of Node.js

(0:02:48) John asks if the code needs to change or just recompile

(0:04:40) Tierney explains the node.js release lines work https://nodesource.com/blog/understanding-how-node-js-release-lines-work/

(0:05:10) Tierney explains there can be more than one active LTS at a time

(0:05:39) John dsicusses how the Node.js LTS chart is helpful https://github.com/nodejs/Release#release-schedule

(0:06:10) Ward asks what is he missing if he doesn;t move to a new release

(0:06:30) Tierney explains vthat you may miss vulnerability patches

(0:07:30) Tierney explains how he recommends thinking about how long you should stay on a release line

(0:08:10) Tierney says Laurie Voss https://twitter.com/seldo of npm had a talk about the Fortune 50 companies who use Node.js

(0:08:46) Ward asks what the relationship is between Node.js and npm

(0:09:00) Tierney says npm is a company https://npmjs.com

(0:09:39) Tierney mentions Isaac - CEO of npm https://twitter.com/izs?lang=en

(0:12:32) John asks Tierney what the performance is of Node.js

(0:14:11) Tierney talks about how LinkedIn used Node.js

(0:14:33) Tierney says Paypal is the largest public deployment of Node.js on the planet

(0:14:50) Tierney says Walmart uses Node.js which helps them with Black Friday sales

(0:16:04) tc39 spec https://tc39.github.io/ecma262/

(0:16:48) Node.js performance tips https://www.smashingmagazine.com/2018/06/nodejs-tools-techniques-performance-servers/

(0:17:01) Ward asks what level of javascript features are implemented in Node.js

(0:17:40) Tierney talks about ESM (module system)

(0:19:40) John and Tierney talk about tools for application performance monitoring

(0:21:04) New Relic and AppDynamics are great tools for this

(0:21:40) Tierney talks about when the event loop is blocked

(0:21:45) JSON.parse can sneak up on you, as it blocks the event loop

(0:22:46) NSolid is a replacement for node.js runtime - does perf monitoring too https://nodesource.com/products/nsolid

(0:22:50) John asks if you can use NSolid for production deployments without slow-downs

(0:22:50) Tierney talks about the performance impact of using NSolid for monitoring

(0:23:30) John talks about an AST http://www.syntaxsuccess.com/viewarticle/javascript-ast

(0:26:10) Async hooks is a new tool that ships in node that pulls data out to help APM's (App Performance Monitoring) help get data

(0:27:00) Ward asks if there are tools that will check for anti patterns, for CI

(0:27:50) Tierney talks about tools that NodeSource has written to help look for issues in Node code (certified modules)

(0:28:57) ncm-ci is the tool https://github.com/nodesource/ncm-ci

(0:29:11) Ward mentions tools like Lighthouse for chrome https://chrome.google.com/webstore/detail/lighthouse/blipmdconlkpinefehnmjammfjpmpbjk?hl=en

(0:29:15) Tierney commits to writign Lighthouse for Node.js by the end of the podcast (jokingly)

(0:30:32) Greenkeeper is a github integration app that auto checks dependencies https://greenkeeper.io/ and analyzes your npm package

(0:31:09) Snyk looks for security vulnerabilities in packages https://snyk.io

(0:32:01) Node awesome list https://github.com/sindresorhus/awesome-nodejs

(0:33:14) Tierney has his own list for Node.js https://github.com/bnb/awesome-awesome-nodejs

(0:33:30) Ward asks Tierney whaat the top 10 Node.js tools everyone needs

(0:36:00) Ward says he is looking for a middle ground between all of the tools and just the most important tools

(0:37:49) John asks what you can do to secure Node.js apps

(0:39:50) Tierney talks about how you can submit vulnerabilities to https://hackerone.com/nodejs-ecosystem

(0:40:09) John asks Tierney about npm vs yarn

(0:50:51) Yarn https://yarnpkg.com/en/

(0:42:20) Tierney talks about his interest in Go https://golang.org/

(0:43:30) Tierney talks about how Ryan Dahl created Node.js https://jaxenter.com/ryan-dahl-fixing-node-deno-146190.html

(0:45:01) Someone to follow - Dave Geddes at https://gedd.ski/

(0:45:58) Someone to follow - Sherry List https://twitter.com/sherrrylst

(0:46:41) Someone to follow - Franziska Hinkelmann https://twitter.com/fhinkel


  • Node.js Everywhere with Environment Variables https://medium.com/the-node-js-collection/making-your-node-js-work-everywhere-with-environment-variables-2da8cdf6e786 by John Papa

  • Eleven Tips to Scale Node.js https://medium.com/microsoftazure/eleven-tips-to-scale-node-js-65cbf6deef6e by Brian Holt

  • async await in Node.js https://blog.risingstack.com/mastering-async-await-in-nodejs/

  • Certified Modules from Node Source https://nodesource.com/products/certified-modules

  • Blog posts by Tierney https://nodesource.com/blog/author/bitandbang

  • Node Collection - medium blog https://medium.com/the-node-js-collection

  • Tierney says use security tools like helmet https://github.com/helmetjs/helmet

  • Ryan Dahl - creator of Node http://tinyclouds.org/

  • npm audit in ci system https://docs.npmjs.com/getting-started/running-a-security-audit

  • WardInSpace: https://docs.npmjs.com/cli/audit NPM Audit

  • Node security working group https://medium.com/the-node-js-collection/meet-the-node-js-security-working-group-30b9f00b678

  • WardInSpace: Node Security Working Group https://github.com/nodejs/security-wg

  • Tierney-Cyren: https://internetbugbounty.org/

  • WardInSpace: https://www.rust-lang.org/en-US/ Rust

Audio Player