The release of Node.js 17.0, a platform for executing network applications in JavaScript, has taken place. Node.js 17.0 is a regular support branch with updates until June 2022. In the coming days, the stabilization of the Node.js 16 branch will be completed, which will receive LTS status and will be supported until April 2024. Maintenance of the previous Node.js 14.0 LTS branch will last until April 2023, and the previous 12.0 LTS branch until April 2022.
Main improvements:
- The V8 engine has been updated to version 9.5.
- The implementation of variants of the base API based on the use of the Promise asynchronous computing interface has continued. In addition to the previously proposed Timers Promises and Streams Promises APIs, Node.js 17.0 introduces the Readline Promise API for reading data line by line using the readline module. import * as readline from 'node:readline/promises'; import { stdin as input, stdout as output } from 'process'; const rl = readline.createInterface({ input, output }); const answer = await rl.question('What do you think of Node.js?'); console.log('Thank you for your valuable feedback: ${answer}'); rl.close();
- The supplied OpenSSL library has been updated to version 3.0 (using the quictls/openssl fork with QUIC protocol support enabled).
- Ensure that the Node.js version is displayed in stack traces for fatal errors that cause the application to terminate.
Additionally, we can mention the elimination of two vulnerabilities in the current branches of Node.js (CVE-2021-22959, CVE-2021-22960), which make it possible to perform attacks of the HTTP Request Smuggling (HRS) class, which allow, through sending specially designed client requests, to wedge into the content of requests from other users processed in the same thread between the frontend and backend (for example, you can achieve the substitution of malicious JavaScript code in another user's session). Details will be revealed later, but for now it is only known that the problems are caused by incorrect handling of spaces between the HTTP header name and colon, as well as different handling of carriage return and line feed characters in the parameter block used when passing the request body in chunks in "chunked" mode. ".
Recall that the Node.js platform can be used both for server maintenance of Web applications and for creating ordinary client and server network programs. To expand the functionality of applications for Node.js, a large collection of modules has been prepared, in which you can find modules with the implementation of HTTP, SMTP, XMPP, DNS, FTP, IMAP, POP3 servers and clients, modules for integration with various web frameworks, WebSocket and Ajax handlers , DBMS connectors (MySQL, PostgreSQL, SQLite, MongoDB), templating engines, CSS engines, implementations of crypto algorithms and authorization systems (OAuth), XML parsers.
To ensure the processing of a large number of parallel requests, Node.js uses an asynchronous code execution model based on non-blocking event handling and the definition of callback handlers. Supported methods for multiplexing connections are epoll, kqueue, /dev/poll, and select. For connection multiplexing, the libuv library is used, which is an add-on for libev on Unix systems and IOCP on Windows. The libeio library is used to create a thread pool, and c-ares is integrated to perform DNS queries in non-blocking mode. All system calls that cause blocking are executed inside the thread pool and then, like signal handlers, transfer the result of their work back through an unnamed pipe (pipe). The execution of JavaScript code is provided through the use of the V8 engine developed by Google (in addition, Microsoft is developing a version of Node.js with the Chakra-Core engine).
At its core, Node.js is similar to the Perl AnyEvent, Ruby Event Machine, Python Twisted frameworks, and the Tcl event implementation, but the event loop in Node.js is hidden from the developer and resembles event handling in a web application running in browser. When writing applications for node.js, you need to consider the specifics of event-driven programming, for example, instead of doing "var result = db.query("select..");" with waiting for completion of work and subsequent processing of results, Node.js uses the principle of asynchronous execution, i.e. the code is transformed into "db.query("select..", function (result) {result processing});", in which control will instantly pass to further code, and the query result will be processed as data arrives.
Source: opennet.ru