The ABI-stable API guarantees that changes that happen at a VM level will not require a new version of Node.js, said Dan Shaw, CTO of Node technology vendor NodeSource and a member of the foundation’s board of directors. With the change, users can migrate from a given version of Node to the next version without having to recompile Node native code modules.
“[The API] allows Node to be highly optimized for different types of devices, scenarios, and workloads,” enabling different virtual machines to be used for specific devices, Chandra said.
Also this week, the foundation will take over the Node.js Security Project, which provides a unified process for finding and disclosing security vulnerabilities in the Node ecosystem. The foundation will take over the project from Lift Security.
Addressing Node NPM module dependency issues, NodeSource is introducing NodeSource Certified Modules. The company will curate modules that are publicly available in the NPM registry, certifying them for security and dependencies. The service, currently offered in a private beta stage, addresses predicaments like the left-pad issue earlier this year, in which an NPM with 17 lines of code was removed from the registry and caused other NPMs dependent on it to fail. NodeSource Certified Modules will never get unpublished, the company vows.
NodeSource also is introducing NSolid version 2.0, an upgrade to the company’s commercially supported version of Node, featuring security enhancements. These include runtime package vulnerability monitoring and customizable application security policies. Vulnerability monitoring is provided by security research firm Snyk, which can find issues such as distributed denial-of-service issues. Also featured is a guaranteed 24-hour response to security updates in the core Node project.
To improve reliability, version 2.0 features CPU profiling, heap snapshots, and async activity. The release also can be augmented with external tooling for performance monitoring and diagnostics. NSolid is available on AWS Marketplace, for one-click deployment of the NSolid runtime and console on the Amazon Web Services cloud. The platform also supports orchestration frameworks, including Kubernetes, OpenShift, and Cloud Foundry.