Your Choice JavaScript News

Node News Wednesday, November 22

Node News Preview / TLDR

  • A crash course on Serverless with Node.js – Hacker Noon
    • Regardless of your developer background, it’s inevitable you’ve heard the term Serverless in the past year. The word has been buzzing around in my ears for longer than I dare say. For too long have I…
    • Serverless, serverless offline, Serverless framework, serverless architecture, aws
  • Exploiting Node.js deserialization bug for Remote Code Execution
    • tl;dr Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node.
    • function, code execution, reverse shell, arbitrary code execution, var serialize
  • Build a “Serverless” Reddit Bot in 3 Steps with Node.js and StdLib Sourcecode
    • Here at StdLib, we’re big fans of Reddit. If you spend any time browsing Reddit, you will without a doubt encounter a few bots. They have many different purposes, from moderating subreddits to…
    • reddit bot, app preferences page, Reddit app preferences, Reddit Bot Sourcecode, scheduled task
  • The Performance Cost of Server Side Rendered React on Node.js
    • It seems the original results for React.js have not been optimal, since the Node environment had not been set to production. In this env thus React does a lot of extra work under the hood. Thank you to Anatoli Papirovski for noticing this and the additional PR to further optimise…
    • templating engine, average response time, React, static HTML, average response times
  • Seven Reasons to Choose Node.js for Your Startup
    • JavaScript is justly called the most popular programming language several years in a row, as it is a common software development technology among both startups and well-established enterprises. Initially employed for front-end development, it has quickly become one of the major tools for back-end and even cross-platform mobile app development….
    • node js, node package manager, Node JS advantages, default Node package, Node project
  • Learn Real World Node.js Applications to Deployment
    • Learn Real World Node.js Applications to Deployment Course – If you want to learn how to build and deploy applications built with Node, Express, and MongoDB then it is the right course for you.
    • Real World Node.js, world server-side Node.js, high quality applications, node.js applications, deploy apps
  • You would usually create an app.get() method for a particular route, like this:app.get(‘/’, function(req, res, next) { /* execute some code */ });When a user hits the ‘/’ route an event will trigger the callback function.
  • The only downside is that you have to push code to AWS every time you wish to test your functions, while emulating the environment locally is a bit of pain.The use cases when Serverless is the better choice are vast.
  • Create your first serviceCreate a new directory to house your Serverless application services.
  • It’s where you define AWS Lambda Functions, the events that trigger them and any AWS infrastructure resources they require, all in a file called serverless.yml.Back in your terminal type:$ serverless create –template aws-nodejs –path my-serviceThe create command will create a new service.
  • Lastly we’ll go ahead and jump right into some code and write our own Serverless functions, emulate the environment locally and monitor performance!

Tags: Serverless, serverless offline, Serverless framework, serverless architecture, aws

  • tl;dr – Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE).
  • Here is a sample node.js application to imitate the code: – – – var express = require(‘express’); – var cookieParser = require(‘cookie-parser’); – var escape = require(‘escape-html’); – var serialize = require(‘node-serialize’); – var app = function(req, res) { – if (req.cookies.profile) { – var str = new Buffer(req.cookies.profile, ‘base64’)….
  • var y = { – rce : /’, function(error, stdout, stderr) { console.log(stdout) }); – }(), – } – var serialize = \n” + serialize.serialize(y)); – – The following output was obtained – – – – The IIFE worked fine but the serialization failed.
  • So we have the exploit (){\n \t /’, – function(error, stdout, stderr) { console.log(stdout) });\n }()”} – Passing it to unserialize() function will result in code execution.
  • var serialize = require(‘node-serialize’); – var payload = ‘{“rce”:”_$$ND_FUNC$$_function /\’, function(error, stdout, stderr) { console.log(stdout) we know that we can exploit unserialize()function in node-serialize module, if untrusted data passed into it.

Tags: function, code execution, reverse shell, arbitrary code execution, var serialize

  • Regardless of their goal, many of these bots perform just two basic tasks: reading comments and replying to ones that match certain criteria.In this guide, you’ll learn how to deploy an infinitely-scalable, “serverless” Reddit bot from just your browser.
  • By leveraging templates built by StdLib’s partners and community, you can deploy a variety of projects in addition to this Reddit bot, such as Slack apps, Stripe stores, and Twilio messaging hubs, directly from the browser.Step 1: Register a Reddit AppLog into Reddit, head over to the Reddit app preferences page,…
  • You won’t be using it however, so just put in a dummy one, such as http://www.example.com/Step 2: Deploy the Reddit AppReddit Bot SourcecodeKeeping the app preferences page open, navigate to the Reddit Bot Sourcecode page and scroll down to the inline editor.
  • To get the code for your bot and publish a release version of it run:$ lib get username/reddit-bot$ cd username/reddit-bot$ lib releaseNow you can set a scheduled task with:$ lib tasks:create username/reddit-bot The resulting prompt will ask you for one of your StdLib library tokens.
  • Depending on the popularity of the subreddit you can get away with running the bot less often, but once every five minutes (or twelve times an hour) should work.Now, you should set a scheduled task to remove unwanted comments with:$ lib tasks:create username/reddit-bot cleanThe prompt is going to ask what…

Tags: reddit bot, app preferences page, Reddit app preferences, Reddit Bot Sourcecode, scheduled task

  • I created a simple Node.js application (Source on GitHub) with TypeScript that renders a HTML table of 100 rows of employee data from a JSON file with a number of different templating methods: – – For measure I threw in a simple Node HTTP server that dumped the content as…
  • I ran the benchmarks with concurrencies of 1, 5, 50, 100 and 250 and tracked throughput (requests / second) and the average response time (in Milliseconds of waiting for response).
  • Nunjucks scores second last, but beats React by a significant margin providing five times the throughput of ReactDOMServer on the latest Node.js (9.2.0) – – Native ES6 template literals and Pug are a close match, with Pug pulling ahead at a clear margin of 5 to 6 percent throughout the…
  • For the other libraries the average response times are consistent with throughput, although it seems that the native ECMAScript Template Literals provide a lower average response time, especially at high concurrencies; at 250 concurrent requests Pug takes an average of 81ms to respond, where native ES6 templates take around 40%…
  • Throughput stabilises for both options from concurrency of 5 or more, but for high concurrencies the response time for uncompiled templates grows respectively more.

Tags: templating engine, average response time, React, static HTML, average response times

  • JavaScript is justly called the most popular programming language several years in a row, as it is a common software development technology among both startups and well-established enterprises.
  • If you are up to building a real-time or streaming web application with multiple concurrent connections (messaging apps, social media, multiplayer games, virtual terminal emulators, etc.) you’ll definitely benefit from Node capabilities, especially in terms of efficient performance and easier development processes.
  • On the top of that, if you have a small team of JavaScript developers and you aren’t looking to hire developers for backend development only, Node js will work well.
  • Considering the above-mentioned use cases, let’s sum up and highlight the top seven benefits of Node.js for startups: – – If you opt for Node.js, you can benefit from the ease of sharing one and the same language both on server and client sides.
  • Npm is a default Node package manager that also works as a huge database for free JavaScript tools, contributed by the community.

Tags: node js, node package manager, Node JS advantages, default Node package, Node project

  • Learn Real World Node.js Applications to Deployment Course ( view ) – If you want to learn how to build and deploy applications built with Node, Express, and MongoDB then it is the right course for you.
  • In this course, you can build high quality applications, create data models with Mongoose ODM, deploy apps to production with Herokku, and learn ES6 concepts like arrow functions, template strings.
  • ( view details

Tags: Real World Node.js, world server-side Node.js, high quality applications, node.js applications, deploy apps

Comments are closed, but trackbacks and pingbacks are open.