The JavaScript blog.


mobile node modules npm mongo generators libraires

Orientation and Vibration APIs, Mongomery

Posted on .

Orientation and Vibration APIs for Games

Andrzej Mazur sent in an article about using the orientation and vibration APIs for game development:

The Device Orientation API specification is still in the Working Draft status, so there might be some code-breaking changes introduced in the future. It's an experimental technology and should be treated as such. All implementations are still missing the compassneedscalibration event. Also, there are differences in browser implementations which should be taken into consideration. For instance, Chrome and Opera don't support the devicemotion event.

The Vibration API is another feature that can boost the mobile experience. Most devices support it (except iOS Safari and Opera Mini), and it works great on Firefox OS devices.

I've never used the vibration API, but apparently you can access it with window.navigator.vibrate. It even supports an array of values for vibrating multiple times. Andrzej's argument is that you can use these APIs to differentiate your game from other mobile web games, and while this is true it'll take a fair bit of experimentation to get orientation-based controls working well!


Coderaiser has sent in a few generator-based modules recently, but I missed Mongomery (GitHub: coderaiser/node-mongomery, License: MIT, npm: mongomery), a module that uses generators for MongoDB. It uses ruff, which was Coderaiser's module for giving generators a more EventEmitter-inspired API:

var mongomery = require('mongomery');

mongomery(function*(mongo) {  
  var url = 'mongodb://localhost:27017/myproject',
  var db = yield mongo.connect(url),
  var collection = db.collection('mongolog'),
  var docs = yield collection.find({}).toArray();

  docs.forEach(function(item) {

}).on('error', function(error) {

It'll take us a few years to really understand how new features like generators should be used in terms of databases, but I'm very interested in using generator syntax for databases.

An alternative that I've enjoyed experimenting with is Mongorito, which is more of an ODM-style API. The syntax is more succinct than Mongoose, while still remaining familiar.


libraries node modules npm ES6 generators

Private npm Modules, Rust ffi, Ruff

Posted on .

Private npm Modules

Private npm

npm private modules are here! This is something that people have wanted for a long time. There are ways to do this yourself, including third-party services and using private Git repositories. The actual production version is a little bit different to simply limiting who can see packages, however. For $7 a month you can have unlimited private packages, and grant read-write access to any other paid user. You can also collaborate on packages, which means other people can release your private module.

Packages are scoped under your username, and you can use the command-line tool to add collaborators.

Despite the low fee, I suspect many readers would prefer that their employer paid for the subscription. Fortunately, organisational accounts are coming:

Currently, private packages are only available for individual users, but support for organization accounts is coming soon. Feel free to create a user for your organization in the meantime, and we can upgrade it to an organization when support is here.

This implies that an organisational account will be an umbrella account for multiple users, so I expect pricing will differ to the individual account. I'm going to pay for an individual account right now because I think npm is cool, even though I really want an organisational account!

npm was also mentioned on TechCrunch because it recently raised $8M:

The new funding, Schlueter says, will mostly go toward hiring to push npm's product roadmap forward (the company currently has eleven employees). This is partly driven by Schlueter's philosophy around developer productivity. "When you are running this registry with 2.4 million users using it on a regular basis, you need a lot of reliability etc. — and that takes people," he said. "So you can either burn your employees out or build the company in a sustainable fashion."

Rust ffi

Matias Piipari sent me Andrew Oppenlander's Rust ffi tutorial, which explains how to extend Node with Rust.

Rust is an excellent candidate for an embedded language. In a larger project, it provides safety, which helps protect against memory issues, and speed, which keeps the host platform responsive by letting Rust do the heavy lifting.

I've implemented this boilerplate and example bindings for JavaScript/nodejs in Rust ffi. All JavaScript library and testing code is stored in the js folder and it is a valid NPM module, which will compile the Rust dylib on install.

The tutorial shows you how to make a Rust dynamic library, and how to use ffi to convert between C types and Rust types and call Rust from Node:

The JavaScript code is fairly straightforward, with the help of node-ffi. We just need to tell it where our dynamic library is and stub out what the C ABI function signature look like. The signature uses the C types from ref, which is used internally in node-ffi.


Coderaiser sent in Ruff (GitHub: coderaiser/ruff, License: MIT, npm: ruff), a module that mashes up coroutines with ES6 generators and EventEmitter.

var ruff = require('ruff');  
var minify = require('minify');

ruff(function*() {  
  var first = minify.bind(null, '1.js');
  var second = minify.bind(null, '2.js');

  yield [first, second];
}).on('error', function(error) {
}).on('end', function() {
  console.log('ok what\'s next?');

This example uses Coderaiser's minify module to minify two JavaScript files in parallel. Because the API is based on EventEmitter it should be relatively easy to understand for Node programmers.


libraries node modules generators articles

Node Roundup: 0.10.37 and io.js 1.5.1, Node and Real-time Finance, comws

Posted on .

0.10.37 and io.js 1.5.1

Node 0.10.37 was released on Saturday. This updates uv, domains, buffer, console, v8, and http. The uv update fixes a security issue which allowed attackers to gain elevated privileges due to the way setuid and setgid were used.

io.js 1.5.1 also came out last week. The blog post has some useful community updates, including a talk by Tony Pujals about the future of io.js.

There's also an npm weekly post about fixes for npm shrinkwrap --dev, changes to shrinkwrap in npm 3, and a screencast by Ben Clinkinbeard about using npm link.

Node and Real-time Finance

Imre Fazekas sent in two articles about Node and real-time finance:

The first part covers the background and architecture of the project, and the second part goes into the build system. It sounds like the third part will expand on client/server code sharing, so presumably it'll feature some of the author's experiences with isomorphic templates and view models.


What if you like Koa's generator-based middleware but don't want to use Koa? Andrea Parodi has created Comws (GitHub: shes/comws, License: MIT, npm: comws), a library based on co that you can use with any Node application.

To use it, create an instance of CoMws and then add generators to the middleware stack:

var CoMws = require('comws');  
var mws = new CoMws();

mws.use(function *(next){  
  this.result += ' hello';
  yield next();

mws.use(function *(next){  
  this.result += ' world';
  yield next();

var ctx = { result: 'yet another' };

mws.run(ctx).then(function() {  
  //ctx.result === 'yet another hello world' 

If you're using Node 0.11.x or 0.12.x you'll need to run node with --harmony-generators or --harmony, but io.js should work without the flags.

I'd like to try this with Express, but it also seems like a useful module for non-web Node programs.


webworkers ES6 generators

AsyncTask, DefineJS ES6 Features

Posted on .


Web workers are great, but who wants to go to the trouble of creating extra files just to run some code in parallel? AsyncTask (GitHub: gorillatron/async-task, License: MIT, npm: async-task) by Jørn Andre Tangen is a more generic web worker constructor that lets you define background tasks purely with JavaScript:

var task = new AsyncTask({  
  doInBackground: function(a, b) {
    return a + b

task.execute(1, 2)  
  .then(function(result) {
    result === 3

It has a fluent API, and has Karma/Mocha unit tests as well.

DefineJS: ES6 Generator Syntax

Recently I wrote about Mehran Hatami's define.js project, which is a lightweight AMD implementation. It has just been updated to support ES6 generators for loading modules, which means you can do this:

var module = yield require('module');  

It's still asynchronous, but it looks synchronous. I think this is a really cool use of generators, and apparently several people asked Mehran to implement this so it seems like there's demand for it.


testing node modules npm generators

Node Roundup: 0.10.28, 0.11.13, CSRF Vulnerability in Express, Generators in Node, Wolfpack

Posted on .

Node 0.10.28, 0.11.13

Node has been updated to 0.10.28 and 0.11.13.

Version 0.10.28 was a quick update to the earlier 0.10.27 release, which updates C++ dependencies (openssl, libuv) as well as several core modules. One important change was the update of openssl to 1.0.1g.

CSRF Vulnerability in Express

Connect and Express have a vulnerability in the CSRF middleware component that means you can bypass it by making a GET request with a method override parameter:

Connect's methodOverride middleware allows an HTTP request to override the HTTP verb with the value of the _method post parameter or with the x-http-method-override header. As the declaration order of middlewares determines the execution stack in Connect, it is possible to abuse this functionality in order to bypass the standard Connect's anti-CSRF protection.

Connect's CSRF middleware does not check CSRF tokens in case of idempotent verbs (GET/HEAD/OPTIONS, see csurf/index.js). As a result, it is possible to bypass the security control by sending a GET request with a POST MethodOverride header or parameter.

Read more at NibbleSecurity.

Generators in Node

Generators in Node.js: Common Misconceptions and Three Good Use Cases is a post by Marc Harter that explains how generators work from a Node developer's perspective.

Generators are function executions that can be suspended and resumed at a later point; a lightweight coroutine. This behavior happens using special generator functions (noted by function* syntax) and a couple of new keywords (yield and yield*) which are only used in the context of a generator


Wolfpack (GitHub: fdvj / wolfpack, License: MIT, npm: wolfpack) by Fernando De Vega is a SailsJS model testing library that uses SinonJS to mock the database and spy on models. That means you don't need a real database to run unit tests.

If you have Backbone testing backgrounds, this will be familiar to you. When testing a backbone model or collection, you instantiate it and provide mock data to test the methods. Rarely do you need your model or collection to communicate with the server to provide the results. That's because you want to test your model or collection, not how or if backbone is doing what it is supposed to do.