BT

Node.js v7 Beta Brings Canary in a Gold Mine

| by James Chesters Follow 1 Followers on Sep 25, 2016. Estimated reading time: 2 minutes |

The Node.js Foundation have released the v7 beta for Node.js, with a focus on stability and the latest version of V8.

Node's beta release coincides with v6 becoming the project's second LTS release, where its life will continue under Active LTS and Maintenance until April 2019.

Rod Vagg, chairperson for the Node.js Technical Steering Committee, said the key focus for v7 was "to make sure modules in the ecosystem are keeping up with Node Core."

The project's core technical steering committee is using a technology called Canary in the Gold Mine (citgm) to pull down modules from npm and test if they will break when Node.js updates its versioning, giving the release team a greater understand of what will break before they release new versions

Myles Borins, member of the Node.js project core technical and collaborators committee, told InfoQ that Citgm is currently testing 70 modules from the ecosystem, selected initially based on npm statistics including most installed, and most depended on.

Borins said:

Citgm grabs the source code of a named module, it runs `npm install` and `npm test` and then reports the results. It has a logger with various verbosity levels, and a variety of reporters that can be used. The results can be published in TAP or jUnit, which are great if you are running in CI and want to use tools that consume TAP. Citgm can also report in Markdown if you are publishing the results to GitHub.

If you want to run all the test suites for all modules found in a lookup table then use citgm-all. It will automate the running of all tests and give itemized results at the end. It mostly has all the same options as citgm, aside from being able to install a module from a specific SHA.

Node.js's beta of v.7 is noteable for being the first beta release since the io.js/Node.js merger that has been produced by the Node.js project, with a series of betas expected to be released up to the official v7 release, to help ensure semver major changes will not need to be reverted.

Node.js v7 will also the first time that it has been released with an up-to-date version of the V8 JavaScript Engine. According to the V8 blog, 5.4 "delivers a number of key improvements in memory footprint and startup speed," with peak memory consumption of on-heap memory reduced by up to 40%.

Borins says Node.js v7 is a checkpoint release for the project, and will focus on stability and updating to the latest versions of V8, libuv, and ICU.

The Node.js foundation has also announced security updates for all of its active release lines, reporting a list of vulnerabilities affecting Node.js. Among these is  CVE-2016-6304: OCSP Status Request extension unbounded memory growth, considered to be a flaw of high severity.

CVE-2016-6304 potentially allows a malicious client to exhaust a server's memory, resulting in a DoS by sending very large OCSP Status Request extensions in a single session. Node.js servers using TLS are vulnerable.

Node.js v8 is slated for release in April 2017, with the team looking at language compatibility, adopting modern web standards, growth internally for VM neutrality and API development, and support for growing Node.js use cases.

Node.js v5 reached the end of its natural life after two months in Maintenance mode in June 2016. Node.js v6 will become the second LTS release for Node.js in October, with the release of V7.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT