The JavaScript blog.


libraries web node modules express middleware

Node Roundup: io.js 1.6.4, npm Semver Calculator, mongots, Join-io

Posted on .

io.js 1.6.4, npm Semver Calculator

io.js 1.6.4 is out, as always check the io.js changelog for more details. According to the changelog, the notable changes in this version are fixes for openssl, timers, and some changes to make it build for Android devices.

Understanding semantic versions

In npm Weekly, #11, a really cool semantic versioning calculator is mentioned. If you've been writing versions like ~1.1.0 but don't completely understand what this means, the calculator will show you which versions the string refers to. The source is available here: GitHub: npm/semver.npmjs.com, and works using Browserify, Angular, and npm build scripts.

It uses npm-registry-cors-proxy.herokuapp.com to fetch package metadata rather than directly hitting npm. Presumably that's because npm's web API doesn't have JSONP or CORS (yet?).


If you're interested in MongoDB and TypeScript, then take a look at Prabhu Subramanian's mongots (GitHub: prabhu/mongots, License: MIT). The author says it supports everything MongoJS does and passes the same tests. It's not yet available on npm -- he's working on a stable version before releasing it.


Most of us concatenate scripts to reduce request counts, but what about piping them? Join-io (GitHub: coderaiser/join-io, License: MIT, npm: join-io) is a middleware component that allows you to specify script or link paths like this: /join:/lib/client.js:/lib/util.js:/lib/jquery.js. When this hits your Express server, join-io will stream each file to the browser.

The author has built this module on top of files-io, which is a more generalised API for piping collections of files. And, naturally, files-io is written with pipe-io!


testing express middleware docker

Dockunit, easy-livereload

Posted on .


Dockunit (GitHub: tlovett1/dockunit, License: GPL, npm: dockunit) by Taylor Lovett is a Node command-line tool for running tests in Docker containers. You can define a set of containers for tests to run against, which makes it running tests against multiple environments a lot easier.

This is useful if you maintain open source projects. For example, a blog engine could be tested against Node 0.10.x and 0.12.x, or you could even switch framework versions for Express/Rails/Django/etc.

The author includes examples for PHP, Node, and Python, and it seems like you could hook it up to a CI server easily enough.


Are you still searching for the perfect Express middleware for live reloading your app? Daishi Kato sent in easy-livereload (GitHub: dai-shi/easy-livereload, License: BSD, npm: easy-livereload), a new module that uses LiveReload protocol 7.

If you haven't seen it before, then you might want to check out the LiveReload homepage. It's basically a protocol for updating client-side assets. With Daishi's module, you'll get almost instant updates to client-side assets, but also server restarts as well.

Server restarts are managed with node-dev. One interesting thing about node-dev is it's compatible with node-notifier, so you can get desktop notifications when the server restarts.


libraries node modules express middleware oauth

Easier OAuth with Grant

Posted on .

OAuth always seems like an attractive alternative to rolling your own authentication, but it usually ends up being much harder than it looks. Grant (GitHub: simov/grant, License: MIT, npm: grant) by Simeon Velichkov aims to solve this. It's built on Guardian.js, which was made by Nijiko Yonskai at Mashape (Nijiko has written quite a few Node modules that I've written about).

Grant is Express middleware that accepts options for the OAuth server. You can include things like the permissions you want to request, so for Facebook this might include friends_groups:

"facebook": {
  "key": "...",
  "secret": "...",
  // by default request publish permissions via /connect/facebook
  "scope": ["publish_actions", "publish_stream"],
  // set specific callback route on your server for this provider only
  "callback": "/facebook/callback"
  // custom override keys
  "groups": {
    // request only group permissions via /connect/facebook/groups
    "scope": ["user_groups", "friends_groups"]
  "pages": {
    // request only page permissions via /connect/facebook/pages
    "scope": ["manage_pages"],
    // additionally use specific callback route on your server for this override only
    "callback": "/pages/callback"

One nice touch is you can provide options for different environment, so it's fairly easy to add settings for development or a CI server. Simeon has an app on Heroku that allows you to try out each provider with a friendly form: https://grant-oauth.herokuapp.com/.

I also noticed the same author has written a REST API wrapper called Purest. It embeds configuration details for dozens of providers, including Tumblr, Twitch, Google, and imgur.

To use it, you have to create an access token, then you can connect to a provider:

var Purest = require('purest');  
var google = new Purest({ provider:'google' });

google.get('channels', {  
  api: 'youtube',
  qs: {
    access_token: 'token',
    forUsername: 'user'
}, function (err, res, body) {});

This Google instance can be used to access YouTube's API:

    forUsername: 'username'
  .request(function (err, res, body) {});

The documentation includes an excellent example that uses the request module's streaming API to pipe files from one service to another.


HTML testing forms node modules middleware sessions connect

Node Roundup: 0.11.3, Busboy, connect-mongostore, Chance

Posted on .

You can send in your Node projects for review through our contact form.

Node 0.11.3

Node 0.11.3 was released last week, which was a fairly large update: libuv, c-ares, and v8 were all updated. The debugger now breaks on uncaught exceptions, and there were changes to enable dtrace for libuv's probes (if enabled). The underlying implementation for buffers has undergone major changes as well -- I've picked out a few commits here that discuss the updates:

It looks like these changes should make the buffer implementation more robust. I've checked out Node 0.11.x and 0.10.x on my local machine and run make bench-buffer against both, so far 0.11 doesn't look conclusively faster, but I haven't been particularly scientific about the process yet.


Busboy (GitHub: mscdex / busboy, License: MIT, npm: busboy) by Brian White is a streaming HTML form data parser. It uses the Dicer module to parse multipart fields, and also uses a stream parser for urlencoded fields.

The busboy API allows limits to be placed on the incoming data. The Busboy constructor accepts an options object which may include a limits property. Limits can include fieldNameSize, fieldSize, files, and more -- see the readme for full documentation. These options mostly default to Infinity, apart from fieldNameSize which is 100 bytes.

Tests are included, and it should be possible to use it as Express middleware fairly easily.


How do you decide which session middleware to use? Use cookies during early development then quickly search npm for something that uses your database? Me too! But there are better options out there and it's worth taking a bit of time to research them. Ilya Shaisultanov sent in connect-mongostore (GitHub: diversario / connect-mongostore, License: MIT) which is an attempt to write a cleaner session store that takes advantages of features like replica sets, and has test coverage.



Chance (GitHub: victorquinn / chancejs, License: MIT, npm: chance) by Victor Quinn is a library for generating random stings, numbers, and even things that are useful for test data like address elements and names.

It works in browsers and Node, and has a simple constructor-based API:

var Chance = require('chance');  
var chance = new Chance();  
chance.name({ middle: true });  


testing node modules express middleware p2p

Node Roundup: 0.10.1, Express Group Handlers, Fox, iWebPP.io

Posted on .

You can send in your Node projects for review through our contact form.

Node 0.10.1

Node 0.10.1 has been released, hot on the heels of 0.10.0. This version improves the performance of the non-streaming crypto APIs, fixes some tls and net module issues, and makes missing callbacks in streams2 show a warning rather than raising an exception.

Express Group Handlers

Express Group Handlers (GitHub: tldrio / express-group-handlers, License: MIT, npm: express-group-handlers) by Louis Chatriot provides a little bit of sugar for managing Express middleware. It allows routes to be wrapped with beforeEach and afterEach so middleware can be confined to certain routes.

The beforeEach method can accept multiple middlewares to run, and it's easy to wrap it around existing code:

var groupHandlers = require('express-group-handlers');


app.beforeEach(groupHandler, function(app) {  
  app.get('/route3', finalHandler3); // GET /route3 will execute groupHandler, then finalHandler3


Fox (GitHub: azer / fox, License: BSD, npm: fox) by Azer Ko├žulu is a test framework that is largely compatible with Mocha, as long as you don't have nested invocations of describe. It works with both Node and client-side projects, and injects chai so you automatically get assertions without having to load an extra library.

Passing the -b flag to the command-line program will cause Fox to compile the scripts necessary to run the tests in a browser. It also includes tests written with itself, of course!


iWebPP.io (GitHub: InstantWebP2P / iwebpp.io, License: MIT, npm: iwebpp.io) by Tom Zhou is a set of projects designed to send HTTP over UDP, the goal being to take advantage of UDP's inherent performance benefits. It supports TURN and STUN channeling with WebSockets, for realtime streaming.

It can run web services using peer-to-peer protocols, behind NAT and firewalls. The iwebpp.io module includes a binary called node-httpp, which provides the HTTP over UDP handling. The project includes installation instructions, and a brief roadmap.

I've seen a few peer-to-peer Node projects, but I think this is the first one I've seen that uses UDP as the transport layer protocol. It's also interesting that the author is directly addressing NAT issues.