Node Summit 2018

Five Lessons Learned building a Node Microservice Platform

Node is a complex ecosystem. Over the course of the past two years, Joe and his team have gained valuable learnings as a result of building, maintaining, and improving the architecture of their platform. Many of the assumptions they made upfront about the right way to create and operate a Node microservice platform were fundamentally incorrect. Joe will discuss what engineers at his organization learned firsthand about Node performance, maintenance costs, and reliability.

GitHub Sponsored Workshop: Automating your Workflow with Probot

This workshop will focus on how developers can utilize GitHub’s powerful APIs, specifically through Probot, a platform for building GitHub Apps. It will expand in depth upon how open source developers can create customized Probot Apps specific to the problems their communities face. Follow along as we build a Probot App from scratch.

Making your Node.js app global-ready with GlobalizeJS and Unicode CLDR data

GlobalizeJS is one of the most popular open source JavaScript internationalization libraries in use today. This talk will introduce the key features of GlobalizeJS to help you make your NodeJS app global-ready and highlight key features, new capabilities, performance optimizations and data distribution mechanisms that have been added recently. The talk will also cover feature requests yet to be implemented on this open source project and how you can contribute.

Zero to Node.js: A Recent Graduate Helped Re-Platform HomeAway on Node.js

You're brand new to the Node.js world. Where do you get started? How can you become an effective contributor? Manny will tell his personal story of starting at HomeAway with zero Node.js experience to contributing to HomeAway's replatforming to Node.js, along the way sharing his answers to those questions. This talk is intended for those new to Node.js, managers, and those interested in hearing a personal story of growth. The audience can expect to leave with ideas on how to get started with Node.js, the role of mentors, and moving forward through adversity.

Get Started with N-API: A Hands-on Workshop

Ready to get your hands dirty with N-API, Node's new ABI-stable native add-on API? Don't miss this workshop. Whether you're maintaining a NAN module, looking to start a new add-on using N-API, or are interested in porting existing native add-ons to N-API, we're here to get you started right. After a brief introduction you'll have the chance to work through a tutorial or bring your project and N-API experts will be available to help you through any issues. You'll leave with a solid understanding N-API and the tools available to help you best succeed. This workshop is targeted to three kinds of experienced Node developers - developers who are considering creating a new add-on using N-API, maintainers of existing native add-ons looking to migrate them to N-API and developers interested in helping to migrate existing open source add-ons to N-API.

NodeSource Sponsored Workshop: GraphQL 101

Learn the basics of GraphQL, the freshest proposal in API designs, this is a guided workshop explaining all the basic concepts of this paradigm. you will be using Express and a GraphQL middleware to create an initial API and its client.

State of Diagnostic Tools for Production Environments in the Node.js Ecosystem

As we grow our application, being able to extract performance indicators and to identify bugs in production is essential. Node.js has a lot of debugging capabilities nowadays, but not all of them are suited for production environments. In these environments, we need safe tools capable of extracting information without adding too much overhead. Matheus will give an overview of the available tools in the Node.js ecosystem designed for these tasks, explaining their strengths, weaknesses as well as when and how they should be used.

Node Modules Development Made Easy

Node modules is the essential part of the NodeJS platform. When developing large NodeJS application it typically involve many modules. When you need to test changes in your modules locally, the process may be inconvenient. In this talk, I will go over some common scenarios developers may run into, and the issues typical solutions such as npm link have. Then I will go over a solution that I’ve implemented and how it makes local module development easier.

Square Peg Round Hole: Serverless Solutions For Non-Serverless Problems

Serverless is the new hotness. It works great for parallelized workflows and event-driven systems. But what happens when your boss comes along and needs you to build a serverless system that works with a SQL database? Or you need to scrape a website, but you need to rate limit your scraping? For that matter, how can you build a serverless state machine? This talk will provide interesting tips and techniques for using serverless for decidedly non-serverless friendly scenarios.

Async functions in practice: tips, tricks and caveats you want to know before migrating from callbacks

With Node.js 8.x bringing async functions to mainstream, many developers are tempted to abandon callback/Promise-based flow control and start using the new approach. When planning such move, one should consider several aspects: is this new feature ready for prime time yet? Do the benefits justify upgrade costs? What are the downsides? In my presentation, I'll cover practical aspects, benefits and pain points of async functions in Node.js 8.x LTS, 10.x and the npm module ecosystem. Armed with this knowledge, participants will have everything needed to decide whether async functions are a good choice for their projects.

NodeSchool SF Workshop

NodeSchool is for people totally new to programming, as well as experienced programmers looking to try a new language or skillset. Knowing some JavaScript will help, but is not necessary. NodeSchool workshops are self-guided. So, no boring lectures. We'll have industry expert mentors around to help and answer your questions

NodeBots Workshop

This workshop will teach you all about IoT. We'll be programming a Raspberry Pi using nothing but Node.js and JavaScript and connecting it to the cloud. You don't need any hardware experience, and we'll provide all the hardware you need. Just bring yourself and a laptop!

Building Next Generation Add-on modules for Node.js using N-API

You may have heard that the N-API is now a supported Node.js feature. N-API provides an ABI stable C based api that you can use directly, however, many developers will want to use the C++ wrapper module - node-addon-api. As a replacement for the NAN module, node-addon-api provides the easiest way to migrate your existing native addons to use N-API. This talk will introduce the node-addon-api module, show you how use it with code samples and show you some of the migration tools that are available. If you are going to be writing or maintaining native addons with Node.js you'll want to jump start your learning process by attending this session.

Leak Hunting: Finding and debugging a memory leak in Node.js

Performance metrics? Response time higher? Memory leak? We would walk through different memory leak situations to identify and analyze patterns that produce an increase of memory, CPU usage, and the load average over time, without any apparent reason. We'll discuss how to access Node.js memory using V8 Inspector & Chrome Dev Tools, create a dump of the heap memory for the inspected application, finally a compilation of best practices about how we could end fixing the memory leak. We'll be able to use the right tools to monitor, understand, and debug the memory consumption of a Node.js application on time

The VM Module: Why it's not a Security Sandbox

The Node.js documentation states "The vm module is not a security mechanism. Do not use it to run untrusted code.", but why does it say that? I'll go over what the module does, and more importantly what it doesn't do, in an attempt to explain the reasoning behind why `vm` shouldn't be used for security purposes. There are some valid use-cases for it though, and I'll go over those too.

IBM Sponsored Workshop: No Infrastructure, Just Code - See the Simplicity of Serverless

Serverless computing simplifies development of cloud-native applications, especially micro-service-oriented solutions. Come and explore hands-on cloud-native development and build then deploy a number of Serverless Cloud Functions, including web actions that can be invoked from the browser or from Microservices, all inside a browser.

IBM Sponsored Workshop: Create Highly Scalable Web Application Microservices with Node.js

Create, Deploy, Monitor, and then Breath Easy. Experience cloud-native development focused on Express.js through the App Service Console and leverage Health Checks, AppMetrics Dash, Prometheus, Zipkin, and more. Deploy your services to Docker locally and then the the Cloud.

Opening Remarks

My Node.js Process is on Fire

Your phone rings: the new JS application you deployed came under too much load, and the site has gone down! But you don’t lose your cool, and you tweak the autoscaling setting to handle the load spike increasing the number of servers. The next day, you try to analyze what happened and begin to optimize your application to prepare for future spikes. This talk is a journey into the rabbit hole of Node.js performance, taking a look at the available tools and optimization techniques inspired by insight gained from glimpsing under the hood of Node and V8.

NodeGirls or how communities change people

When I decided to change my career one of the important factors was JavaScript community - welcoming place with people who had similar interests. For me, it was surprising that everyone was so eager to share knowledge for free unlike many other professions. Then I decided to be involved. After 2 years I started NodeGirls and it changed my life and lives of other people. Now I want to share lessons I've learned, how leading countrywide community changed my perception of some things and how we managed to change lives of some women and opinion of some men.

Panel Discussion: Node.js and the Frameworks of the Web

Automate Anything You Can See with SikuliX in Node.js

Repetitive tasks deserve to be automated, but when they don’t provide an API, that’s easier said than done. Graphical automation allows your code to see your whole screen and interact with GUI-only software and OS features. This talk will introduce the SikuliX GUI automation library, explain how to connect it to Node, and show how we’re using it at Slack to add a new dimension to our automated tests.

Bubble up your Node I/O

One of the more difficult concepts to grasp when debugging a Node.js application is the flow of asynchronous context. To make it easier for us, we have created a new open source visualization tool that brings the Node.js asynchronous flow to life. This talk will dive deep into trace events, async_hooks, and context tracking through a Node.js process. We will show that while the amount of data is staggering, it is possible to visualize it through.. bubbles!

Node ES Modules - something almost, but not quite entirely unlike CommonJS

CommonJS, along with the npm registry, has become the de-facto standard in Frontend and NodeJS development today. But Native ES Modules are coming to NodeJS and the browser. On the surface, they look incredibly similar to CommonJS modules, but the differences are important. In this talk I will describe these differences, the consequences of these differences, and how to start preparing for the new world of Native ES Modules.

Improving security by improving the framework

Our tools, frameworks, and libraries affect how we code. Learn how the design of a software stack affects the security of the systems built upon it. This talk builds on "A Roadmap for Node.js Security" which takes lessons learned by Google's Security Engineering team and applies them to a Node.js stack.

Untangling the Big Messy Knot of Micro-services with Opentracing

My talk will cover how we dealt with discovering problems and fixing them through the years up to the point of right now with microservices and opentracing. It will include the story of HomeAway's road up to implementing opentracing, why we made our decisions, how we did it, and how it will affect our mean time to discovery and repair (MTTD/MTTR), how we can better understand our dependencies, and get a basic big picture in the Big Messy Knot of all of our microservices.

Understanding Functions and "this" in the World of ES2017

The "this" keyword has long been a source of confusion, and new features added to JavaScript in recent years have muddled the picture even more. This talk will walk you through the details of how "this" works in the context of modern JavaScript. We'll cover the differences between function declarations, function expressions, and arrow functions, as well as best practices when integrating with other ES2015+ goodies.

Measuring Performance: Creating Benchmarks to Measure What Matters and Integrate into Everyday Work

Performance is key. Performance is everything. But how do you measure performance? How does your development process integrate measurements into your workflow? The key to performance is measuring the right metrics. The problem is, we are still measuring services performance the way we benchmark hardware - throw a lot of load at it and see when it breaks. Worse, we produce benchmarks as a weapon, trying to make our code look better than everyone else's. We need new tools and process to measure reality.

Panel Discussion: Modern Software Practices of Node in the Enterprise

What is the enterprise? Why does this matter?
Current State of Enterprise Deployments
How does one bring new technology into an Enterprise environment?
Security & Dependency Management
Digital transformation
Standards & Reference Architectures
Knowledge Management

The Next Generation Node API is ready!

The Native module ecosystem for Node.js is an important factor in the rapid growth of Node.js. The N-API is now a supported feature and is designed to provide ABI stability across Node.js releases. This will reduce friction in upgrading to newer Node.js versions in production deployments. In addition, it will reduce the maintenance cost that module maintainers previously had to take on due to the fast pace of changes in the v8 APIs. This talk will provide a progress update on this community project, the roadmap, and why now is the right time to get involved.

Observing Node.js

The number one issue users of Node.js tend to have is understanding what their applications, and what Node.js itself, is doing while code is running. There are several ways to peer inside what Node.js is doing -- some great, some not so great. There are efforts and initiatives underway to improve visibility and observability of Node.js. This talk will discuss async-hooks, tracing, probes, analysis, and making sense of it all.

Beyond Code Coverage, Mutation Testing: Tests for your tests

100% coverage is great, but not enough. In this talk you will learn the basics about mutation testing, why it’s important and how Mutode can help you create better tested software. Diego will also share his experience creating Mutode, the first generic JavaScript and Node.js mutation testing tool.

ES.next features that’ll make ya dance

JavaScript is evolving quickly. New versions of ECMAScript are now released on a yearly basis with new features going through a 4-stage proposal process. But with tooling like Babel, we can leverage functionality slated for future versions right now to write even clearer and more concise JavaScript code. Familiarity with modern JavaScript will help you get the most of this session where we’ll discuss new features such as class properties, null property accessing, and more. Oh, and don’t worry if you don’t understand all of those terms — you soon will after this session!

Understanding why the new V8 is so Damn Fast, One Demo at a Time

The entire V8 compiler architecture as well as large parts of the Garbage Collector where updated recently. TurboFan replaced Crankshaft, Orinoco now collects garbage in parallel whenever possible. Node.js v8 shipped with this new and improved version of V8. As a result we can finally write idiomatic and declarative JavaScript without worrying about incurring performance overhead due to JavaScript compiler shortcomings. At least this is what the V8 team tells us. In this talk we will explore if and why this is true, one demo at a time.

Improve your visual discernment with NodeJS: BackStopJS for visual regression testing

How do we test the UI of a website or web application? Testing the UI changes of an application is still a challenge for the simple reason that CSS is easy to break but difficult to test. Bugs that occur within the UI of an application are a huge problem because they are the first thing your user will see and first impressions last. This talk will present the case for the use of BackStopJS,a node module created for visual regression testing. Join Orandi as he looks to leverage the power of Node.js for writing effective visual regression tests.

Introduction to libuv: What's a Unicorn Velociraptor?

libuv is what gives Node.js its event loop and cross-platform asynchronous I/O capabilities. This talk explains what libuv is all about, and how it's used by Node.js. This talk also looks at recent development efforts in the libuv project.

How Node Is Helping to Propel Angular

The Angular team is pursuing new ways of integrating Node.js to create applications that are fast by default. Learn about our vision for Angular Universal and other new technologies for serving Angular apps. We'll share some of our experience how we managed to integrate Node.js inside Google - where a lot of our infrastructure is Java/C++/Go based.

Optimizing your Lambda applications for supportability, size and speed

Deploying a Lambda function is easy, but making it work optimally in production requires some experience. Let me save you some time by sharing some best practices that LifeOmic has learned while deploying an almost completely serverless infrastructure using Node.js in AWS Lambda functions.

It's Dangerous To Go Alone! Take This Team

What makes a team successful? Innovative? Great? As software developers, many of us spend a large amount of time working alone behind our computers, but when we come together as a team we can build truly great products for people. So how do we maximize our impact and build effective teams? In this talk, we’ll explore the concept of “safe” teams and how they enable us to build software faster and with more innovation than other teams. We’ll see how these concepts apply not just to our day jobs but also to the larger Open Source and Node communities.

The art of extensibility and composability: crafting a foundation for frameworks and applications in Node.js with TypeScript

It's super easy to start developing in Node.js, but challenges will get in the way to grow a project that involves many npm modules, collaborating components, and contributing teams. If you are building on an open framework or large-scale application, you probably have more and more `hmm` moments in deciding between Be less opinionated and Don't repeat yourself. This talk will share our experience in building a new core for the next generation of LoopBack with TypeScript and illustrate the techniques and patterns to create an extensible and composable foundation to make everybody productive and happy.

Deploying Node.js Applications with Confidence using Kubernetes

Deploying Node.js applications just got a lot easier using Kubernetes. To be successful with Kubernetes and Node.js, we have to make sure our applications fit into Kubernetes’s model. This talk will help you understand how you can prepare your software to be deployed and operated in Kubernetes.

Panel Discussion: Building Node.js and JavaScript Communities

Node.js is a community centric platform. It grew with individuals and startups into something that’s used at a massive scale today. What's the current state of the community? Where is it going? And, importantly, how can you get involved?

Opening Day Two

Developers as a malware distribution vehicle

A malicious XCode injected malware into thousands of apps, stealing data of millions of users. Tokens committed to a GitHub repo exposed millions of Uber drivers and passengers. A phished developer gave the Syrian Electronic Army access to the Financial Times’ site. What do all of these have in common? They were caused by developers. Well-intentioned, smart and experienced developers. They had nothing to do with writing insecure code, and everything to do with the incredible access we’re entrusted with, ranging from code that reaches millions to direct access to these users’ data. In the name of DevOps, we’ve made developers incredibly powerful – but when does such access become unacceptable risk? Are there architectures and processes that let us move fast without exposing the keys to the kingdom? Can our culture be trusting and agile yet have a healthy appreciation of risk? Besides building a sober appreciation of this risk, this talk will help equip us to handle it. We’ll learn risk management from role models inside and outside of tech, understand cognitive biases, and build the case that good security constraints can actually help us move faster. Lastly, we’ll share a vision of where we may be headed, and how we can protect ourselves – and our users.

Panel Discussion: How to Handle Security in the Node.js Ecosystem

HTTP/2 in Node.js Core

HTTP/2 in Node.js is finally here. This talk will discuss how it works and how to use it. Included will be lessons learned, best practices, things to try, and things to avoid. Now that the code is there and we know it works, we can begin building real stuff.

Leaving the CDN behind: building a javascript SDK in a serverless world

Last year at PayPal, we open-sourced our suite of cross-domain javascript libraries. This year we've been upleveling our SDK from a static CDN script to a fully dynamic resource, embracing serverless principles and shipping a custom-tailored javascript bundle for each client.

Gaining Trust: Infiltrating with Social Engineering

The majority of cyber attacks start with social engineering (SE) -- and the cost of each cyber attack is rising. This talk outlines real-world SE examples, and seemingly innocuous information that could be used to gain trust and compromise a person, company or community. Learn the methods SEs use to mine data, pick targets, choose pretexts, and exploit behavior, and how women are uniquely skilled as SEs - from a 2016 and 2017 DEFCON SE Capture the Flag winner.

Take back control with modular JavaScript for front-end application development

In the last 4 years, most new npm developers have been primarily front-end developers, not back-end developers. A large and active tooling ecosystem has emerged to bring the power of hundreds of thousands of modules written in Node's standard format, CommonJS, into browsers. This has enabled richer front-end applications, but has also created barriers to new developers. This talk explains how we reached this status quo, and is a call to action for web developers to begin defining the future of modular JavaScript in the browser, the way we did for server-side JavaScript 10 years ago.

WebAssembly Demystified: What it means for Node.js

WebAssembly (aka wasm) is a new, standardized compilation target for the web. But since it's so low level it can be difficult to see how it can be used not only in browser apps, but also why it can be amazing in Node.js too! In this talk Jay will reveal what it is, how you can use it today, and the incredible opportunities it will unlock in the years to come.

Node.js applicative DoS through NoSQL injection

Applicative Denial of Service is mostly known through Regex abuse. Most people do not know that other applicative DoS can be exploited through diverse means. In this talk we will see how a malicious user can obtain a MongoDB injection and use it to prevent an application from responding.

React Native Case Study

We tried out React Native while keeping our native apps and it failed completely. The native app team was against it, the folks on the RN team got burned out, it was an utter failure. We had to change our approach on how to make it work and solve the problems we were facing - which lead to the creation of Electrode Native. It allowed us to overcome the technical problems of native and RN coming together and allowed us to change our approach of migration leading to multiple successful implementations.

Finding and Preventing Bugs in JavaScript Bindings

JavaScript prevents developers from introducing entire classes of bugs that plague low-level languages (e.g., buffer overflows, use-after-frees, and memory leaks). Unfortunately, JavaScript also introduces new classes of severe, exploitable flaws that are often less obvious than low-level code bugs. These bugs lie in the runtime system itself, often in the binding layer that bridges JavaScript and C/C++, the low-level languages used to implement the runtime system. In this talk, I will describe several classes of bugs that plague the Node.js binding layer, the µchex framework used to find these bugs, and our approach to making Node.js more secure.

Follow your code: Node/V8 tracing

A large percentage of Node application misbehavior can be effectively diagnosed and root cause identified through the in-built tracing capabilities of Node/V8. There are a number of under-documented, yet very powerful tracing options which we can leverage in development, testing and production phases to validate that the application architecture and design is indeed reflected in the code or not, without ever instrumenting it.In this presentation, I will talk about the "top 10" tracing options for Node/V8, ranging from the most simple Javascript method tracing to turning off specific JIT compiler options to diagnose and resolve complex crashes or functional issues.

Electron: State of the Universe

Approximately three years ago, the first subatomic particles of what was then known as atom-shell burst forth. While it's positioned itself as the essential element of many apps in the ensuing time, it's safe to say that the Electron of 2018 bears little resemblance to its beginnings. I'll discuss the current state of Electron in terms of how we've evolved, our community, and how we plan to drive advancement of desktop runtimes in the years to come. You'll come away with a solid understanding of the role Electron has played and will continue to play in the larger JS ecosystem.

Panel Discussion: Electron

Realistic AI Options For Node Developers

Everyone wants to use artificial intelligence and machine learning (AI/ML), but none of us are quite sure where to start. These new technologies are exciting, but most people don't have the time to become a data scientist, and nobody really wants to learn a new language. In this session, we'll put the buzzwords aside and expose where we actually are with AI/ML today, and what Node.js developers can realistically use and expect from these emerging technologies.

Property Descriptors, Getters/Setters, and Proxies, Oh My!

In this talk we'll take a look at some advanced features in the JavaScript language, specifically features which have to do with objects and their properties. First we'll cover Property Descriptors which includes such descriptors as Enumerable, Configurable, and Writable. Under this same umbrella are Getter and Setter descriptors which trigger function calls. Finally we'll look at Proxies and their Traps, which are functions that are called when an object is used in a particular way (such as For/Of loops or reading the objects keys).

Applying Object Character Recognition and Kubernetes to Twitch

Rotisserie is an open source node.js application which runs on Kubernetes and brings the concept of the red zone in American football and applies it to the popular online battle royale game PLAYERUNKNOWN’S BATTLEGROUNDS (with a port to Fortnite in the works). The idea is to always be viewing the most popular PUBG twitch stream with the least amount of people alive in-game, as this is the point where streamers are tense and playing at their highest levels to achieve victory.

Voice First Formats

Come and hear how the BBC, a long established content maker, is embracing Voice First Formats and learn about the full-stack, serverless technology stack and testing strategy behind it.

Cloud Native Node.js

The fundamental performance characteristics of Node.js make it ideal for building highly performant microservices for a number of workloads. Translating that into highly responsive, scalable solutions however is still far from easy. This session will not just discuss why Node.js is a natural fit for microservices, but will introduce you to the tools and best practices for creating, building, deploying, monitoring and tracing microservices that are both scalable and fault tolerant, and show through a live demo how do that with minimal effort.

Node Regular Expressions For Everyone

If your approach to using regular expressions ranges from "avoid at all costs" to "cross your fingers and pray", this talk is for you! You'll learn the most common use cases for regex, gotchas to watch out for, and tools to make creating and testing your regular expressions easier.

Panel Discussion: Node.js' Role and Readiness for the Cloud

Node.js: What's Next