Node.js
Last updated
Last updated
"Node.js" (written and spoken guidelines)
moment - date handling
yars, commander.js - helper for create CLI
Unorganized:
Stuk/jszip: Create, read and edit .zip files with Javascript - Read and write ZIP asynchronously
expressjs/session: Simple session middleware for Express - Handle clients sessions
mail-null - sleep 2 && open http://localhost:2345 & SMTP_PORT=3456 PORT=2345 npx mail-null
Unix: PORT=3512 npx mail-null
, Windows: set PORT=3512&&cmd /c start http://localhost:%PORT%&&npx mail-null
nodemailer - Email client
Configuration:
parse configuration file / run commands: rc
load environnement variable (from .env
file): dotenv; do it view the command line instead: bash - Set environment variables from file of key/value pairs - Stack Overflow
davidtheclark/cosmiconfig: Find and load configuration from a package.json property, rc file, or CommonJS module - used by stylelint to load .myapprc
, .myapprc.json
, myapp.config.js
, etc.
Parse DOM (HTML, XML, SVG) and CSSOM:
lddubeau/saxes: An evented streaming XML parser in JavaScript - used by jsdom and svgo's svg2js (see also js2svg)
NaturalIntelligence/fast-xml-parser: Validate XML, Parse XML to JS/JSON and vise versa, or parse XML to Nimn rapidly without C/C++ based libraries and no callback - Read and write XML with a DOM (pure JS), an alternative to jindw/xmldom
libxmljs/libxmljs: libxml bindings for v8 javascript engine - Read and write XML (native)
csstree/csstree: Fast detailed CSS parser with syntax validation - Read and write CSS
Security:
http-auth/src at master · http-auth/http-auth - Basic and Digest HTTP Authentification (express)
jshttp/basic-auth: Generic basic auth Authorization header field parser - Basic HTTP Authentification (generic)
auth0/node-jsonwebtoken: JsonWebToken implementation for node.js - JSON Token generation and verification (for access token)
kelektiv/node.bcrypt.js: bcrypt for NodeJs - bcrypt hash generation and verification (for password storage)
Network:
ljharb/qs: A querystring parser with nesting support - assert.deepEqual(qs.parse("foo[bar]=baz"), {foo: {bar: "baz"}});
Aka is subdir
Usefull to keep it on version control system or in context of security
https://github.com/JamieMason/shrinkpack
https://docs.npmjs.com/cli/shrinkwrap
In all node_modules
directory on an hard drive.
https://github.com/jeffbski/pkglink
process.env.IN_PASSENGER === "1"
typeof PhusionPassenger !== "undefined"
Passenger Library - Module for ngnix or Apache to handle configuration, deployment, reload, etc. of Node.js, Ruby, Python
node inspect server.js
Debugging - Getting Started | Node.js - Inspector Clients (Chrome, Edge)
NODE_ENV=development
node --trace-warnings servefr.js
HTTP header X-ChromeLogger-Data: jsonbase64value
CPU profile file:
use the node --cpu-prof
option that will generate a cpuprofile
file
use Chrome Dev Tools Performance tab to read the file as flamegraph where the x-axis represents when a call happened. It annotate the source code with the sampled traces this gives an approximate time how much each line took to execute
use speedscope (GitHub - jlfwong/speedscope: 🔬 A fast, interactive web-based viewer for performance profiles.) to read the file as flamegraph but it merge similar call-stacks together to see where the time is being spent, the x-axis represents time consumed of the total time. It referred to as a "left-heavy" visualization. It's not a standard flamegraph where the x-axis represents when a call happened.
use node --cpu-prof $(which npm) run myscript
to do it when run a script
Heap profile file:
use the node --heap-prof
option that will generate a heapprofile
file
it can be open in Chrome Dev Tools Memory tab
Speeding up the JavaScript ecosystem
Cluster is child_process
in a more convenient way to listen the same port by all children (it use child_process
internally): Cluster | Node.j v9.6.1 Documentation
Aka CLI
Shebang:
Syntax check without executing:
Parse command line arguments:
Test server capacity with mcollina/autocannon: fast HTTP/1.1 benchmarking tool written in Node.js
Order route registration from most specific to less specific: /foo/bar
, /foo
, /
Internal redirect, aka reroute: node.js - Forward request to alternate request handler instead of redirect - Stack Overflow. See Express 4.x - API Reference
Reroute:
Global error handling
At app level or a parent route level, register the error handler (a middleware with 4 arguments) after all other used middleware and routes handlers
Examples:
expressjs/compression: Node.j compression middleware - http compression for express (Note: doesn't compress small responses, see expressjs/compression: Node.j compression middleware)
kwhitley/apicache: Simple API-caching middleware for Express/Node. - HTTP cache server side for express
cors - CORS for express
RESTful routing (resource, facet):
app.set('trust proxy', 'loopback')
node.js - Express.js: how to get remote client addres - Stack Overflow - Responses are not correct, see the link above
how to set shell for npm run-scripts in windows - Stack Overflow - NPM can use bash as shell on Windows (require git for Windows)
npm install
modifies package-lock
! (changes resolved url protocol!) · Issue #20106 · npm/npm - npm install issue that update package-lock.json
by changing https://
to http://
. To fix it, use rm -rf node_modules/ && npm cache clean --force && npm i
. See also Some packages have dist.tarball as http and not https - 🐞 bugs - npm forum
NODE_OPTIONS=--max-old-space-size=4096 npm run myscript
, see Best way to set --max-old-space-size when running npm? · Issue #12238 · npm/npm
npm install --legacy-peer-deps
to fix possible retrocompatibility issues between 14 and 16
Updates:
yarn upgrade-interactive --latest
sort package.json
with npx sort-package-json
- npm - Is there a way to alphabetize package.json without installing a package? - Stack Overflow
matzkoh/prettier-plugin-packagejson: Prettier plugin for package.json use sort-package-json
Prettier config to override default / projet config for package JSONs:
npmgraph - NPM Dependency Diagrams - Visualize NPM package dependency graphs
Aka environment variables
npm outdated
to list "Current", "Wanted" (aka fuzzy, latest minor release) and "Latest" (latest major release) version, use npm install <package name>@latest
to install latest version
to allow patch releases: 1.0
or 1.0.x
or ~1.0.4
to allow minor releases: 1
or 1.x
or ^1.0.4
to allow major releases: *
or x
Aka monorepos and multi packages
@babel/*
, @angular/*
, etc.
First: Just don't install packages globally
Install global with node-gyp can output errors:
Use --unsafe-perm
paramter for npm
to fix the issue, or update the NODE_PATH
env var.
See Warning "root" does not have permission to access the dev dir · Issue #454 · nodejs/node-gyp
npm config get registry
should return https://registry.npmjs.org/
rm -rf node_modules/
npm cache clean --force
Revert the changes in your package-lock.json
file
npm i
Note: ver
only exist in cmd.exe
(default shell used on Windows). The last part (after ||
) will be executed in other shell (usally /bin/sh
on POSIX)
Write scripts like npm do for bins (in node_modules/.bin/
):
mycommand
:
mycommand.cmd
:
mycommand.ps1
:
See also:
https://github.com/npm/cmd-shim/blob/49ab03fae831a5727c30c37d11ba94fa5700100f/lib/index.js
Instead of:
core-modules/module.js
https://github.com/sidorares/node-mysql2/blob/5f0fb8f1f5035e2c0207490aa2f0b838dc82fdc2/lib/connection_config.js#L166-L196
https://github.com/nodemailer/nodemailer/blob/5da6c87766e258f1a5fa9b628f2d9f57c9d533ce/lib/shared/index.js#L16-L91
process.setUncaughtExceptionCaptureCallback
Zlib will don't have extra gzip header fiels (empty values):
If deflateSetHeader is not used, the default gzip header has text false, the time set to zero, and os set to 255, with no extra, name, or comment fields.
https://github.com/nodejs/node/blob/master/deps/zlib/zlib.h
Zlib binding:
Node handle pretty well path case insensibility on Windows. But if a module use a symbolic link or a junction and the working directory doesn't match the case of that path (d:\mydir
instead of D:\MyDir
) Node load the same module twice, for each path case. Note: NPM use junction for local path modules.
See an example:
If the version doesn't match, npm install
:
Note: that doesn't work for npm ci
that ignore that check
Asynmmetric encryption usally encrypt an symectric key used to encrypt: RSA maximum bytes to encrypt, comparison to AES in terms of security? - Information Security Stack Exchange
Encrypt and decrypt content with Nodejs - chris-rock - Symetric encryption
See security cryptography - "Diffie-Hellman Key Exchange" in plain English - Information Security Stack Exchange
use the net module
On Windows for Bash, add to %USERPROFILE%\.bashrc
:
%USERPROFILE%\.bash_profile
:
On Windows for CMD:
Exec the registry script:
%USERPROFILE%\autorun.cmd
:
Aka --max-old-space-size
, "FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory", "EXEC : FATAL error : Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory"
Increase memory to 4GB: node --max-old-space-size=4096 index.js
. 1024 for 1GB, 1536 for 1.5GB, 2048 for 2GB, 3072 for 3GB, 5120 for 5GB, 6144 for 6GB, 7168 for 7GB, 8192 for 8GB, etc.
It is recommended to always explicitly set the
--max-old-space-size
instead of relying on default imposed by Node.js
On a machine with 2 GiB of memory, consider setting this to 1536 (1.5 GiB) to leave some memory for other uses and avoid swapping.
— Command-line API - --max-old-space-size=SIZE (in megabytes)
node --max-old-space-size=4096 "$(which npm)" install
node -r ts-node/register --max-old-space-size=4096 index.ts
for running TypeScript
v8.getHeapStatistics().heap_size_limit
for get the max memory size inside node process
Finch:increase max_old_space_size to 4 GB based on availability of ph… · v8/v8@b2f75b0 - changes in v8 for "Increase max size of the old space to 4 GB for x64 systems with the physical memory bigger than 16 GB" (~ Node 14)
node <= 11: default is 1.4 GB, <= 13: 2.0 GB, >= 14 only on x64 with > 16 GB: 4.0 GB
SABs are not meant for bundling dependencies