The JavaScript blog.


node modules security git

Node Roundup: V8 Vulnerability, git-promise, awesome-nodejs

Posted on .

V8 Memory Corruption

The versions of V8 included with Node 0.8 and 0.10 were found to have a memory corruption vulnerability. The issue was discovered by a security specialist, and then a core Node contributor worked with the V8 team to fix the problem. More details can be found in the V8 Memory Corruption and Stack Overflow post on the Node blog.

That means Node 0.8.28 and Node 0.10.30 have been released which both include a fix. 0.10.30 also has some changes to several core modules, including buffer, streams, and child process.


git-promise (GitHub: piuccio / git-promise, License: MIT, npm: git-promise) by Fabio Crisci is a promise-based wrapper for Git:

var git = require('git-promise');

git('rev-parse --abbrev-ref HEAD').then(function(branch) {  
  console.log(branch); // This is your current branch

The readme has more advanced examples, like finding the commit where master diverged from your current branch. Fabio has included some tests written with nodeunit.


Sindre Sorhus sent in awesome-nodejs, a curated list of Node modules and resources. It's a handy list to check if you're looking for a module and are overwhelmed by choice, or not sure where to start on a topic.

There's also an awesome list of awesome lists, which leads to awesome-javascript, and then back again.


node modules npm git grunt

Node Roundup: husky, grunt-npmcopy

Posted on .


husky (GitHub: typicode / husky, License: MIT, npm: husky) by typicode is a module for helping to avoid bad commits being pushed using Git hooks.

It basically sets up Git hooks for your Node projects:

So what makes husky different?

First, other modules often replace or delete existing hooks. husky won't ever replace or modify an existing hook, so it's a safer choice for a team or an open source project. In other terms, people who have set up their own hooks won't be impacted by husky.

I think also that husky is more easier and straightforward to use compared to others. husky's README is just a few lines and setting up hooks should be simple.

And last, usually other modules introduces unconventional package.json fields, husky uses only valid package.json fields.


grunt-npmcopy (GitHub: timmywil / grunt-npmcopy, License: MIT, npm: grunt-npmcopy) by Timmy Willison allows you to use the same package manager for Node and client-side projects. It helps place client-side dependencies in the right directory by using a Grunt task called npmcopy.

The npmcopy task takes source and destination options so you can avoid copying lots of extra files into your publicly accessible asset directories.

Have you ever wondered why we have so many package managers? NPM, Bower, Component. Why don’t we just pick one? Well, after much deliberation with developers like you, I’ve decided to support the idea that NPM might just be able to handle it all.


ui browser git

JS-Git Progress, jide.js, Val

Posted on .

JS-Git Progress

Khalid Khan sent in an email to say that Tim Caswell JS-Git project is seeing a lot of activity recently.
It seems like this new branch has changed a lot compared to the old branch.

I'd file this under "Captain's Log: Supplemental", but let's see what happens over the next few weeks. If you're interested in this project, it might be a good time to start following Tim on Twitter.


Patrick Gotthardt recently wrote two articles about jide.js. One includes jide.js benchmarks:

Since the next release of jide.js is supposed to introduce massive performance improvements, I thought it might be a good idea to see how it holds up against this benchmark. I used a modified version from vue.js which seems to include a few more nice frameworks.

There's also a nicely presented introduction to jide.js:

jide.js is a new toolkit for creating modern web applications. It consists of a collection of useful controls and all the tools you need to create your own, application specific, components. jide.js fully embraces AMD (require.js) to allow you to pick only those parts of it that you truly need. Starting with version 1.0.0-beta3, you’ll also be able to use it with Browserify.

At its core, jide.js is built around observable values, event emitters, and data binding. It utilizes the features of modern browsers (IE9+) to create a solid cross platform experience and to leverage the features of the current JavaScript language instead of clinging to the past.


Mark Steve Samson has created a Valentine card generator (GitHub: marksteve / val, License: MIT). If you've been desperately searching for a tweenHeart function, then you're in luck!


node apps modules git images

Node Roundup: 0.10.16, ungit, image-size

Posted on .

You can send in your Node projects for review through our contact form.

Node 0.10.16

Node 0.10.16 has been released, which includes an update for npm, and fixes for the crypto, http, and stream modules.


ungit logo

ungit (GitHub: FredrikNoren / ungit, License: MIT, npm: ungit) is a web-based UI for Git, written with Node. It makes Git repositories easier to visualise, a bit like gitk or git instaweb, but it has some GitHub-specific tweaks.

ungit repo

It can be installed with npm install -g ungit, and is run with ungit on the command-line. You can set up an .ungitrc which is a JSON file that currently just changes the port.

Once you're running ungit, you can make commits, discard them, fetch remote changes -- pretty much the standard Git operations you're used to, with a friendlier workflow.


If you need to get image sizes without using command-line binaries, then take a look at image-size (GitHub: netroy / image-size, License: MIT, npm: image-size) by Aditya. It looks at the relevant bits in a file by using a Node buffer, and supports popular formats like PNG, GIF, BMP, and even PSD.

It has an asynchronous and synchronous API:

var sizeOf = require('image-size');  
sizeOf('images/example.png', function(err, dimensions) {  
  console.log(dimensions.width, dimensions.height);


node apps modules chrome git polymer

git-html5.js, TodoMVC 1.2

Posted on .



git-html5.js (GitHub: ryanackley / git-html5.js, License: MIT) by Ryan Ackley is a Git implementation for JavaScript:

git-html5.js is a pure JavaScript git client library. It implements a complete Git workflow in nothing but JavaScript. It's meant to run in a browser environment and depends on so-called "html5" APIs. Some example use cases:

Ryan took Adobe's Brackets app, ported to run as a Chrome packaged app, and then added git-html5.js to create an editor that can read and write to Git repositories. I've tried out the basics and it seems to work pretty well.

The project includes tests and build instructions, but you can just run the Tailor app in Chrome if you want to try it out.

TodoMVC 1.2

Sindre Sorhus sent in TodoMVC 1.2, an update to the monster MV asterisk collection:

We released TodoMVC 1.2 yesterday with some new app examples of frameworks from Google (Polymer), Twitter (Flight) and Facebook (React), and other improvements.

If you're interested in seeing what a small but functional Polymer project looks like, then check it out!