The JavaScript blog.


libraries node email modules network notifications vm automation

Node Roundup: watch-network, MailDev, node-notifier

Posted on .


If you use something like Docker or Vagrant and want to listen for file notifications over the network, then watch-network (GitHub: efacilitation/watch-network, License: MIT, npm: watch-network) by Johannes Becker might come in handy. It can be used with Gulp, so you could run Gulp tasks when a specific network notification comes in.

Here's a basic example:

var watch = WatchNetWork({  
  configs: [{
    patterns: 'lib/*.coffee',
    tasks: 'something:important',
    onLoad: true

watch.task('something:important', function(changedFiles) {  
  // ..


Here's the use-case that Johannes described:

Scenario: You use Vagrant/VirtualBox in your workflow to have services and configurations in an encapsulated environment. For developing purposes you now sync a local directory into the VM using vboxfs, nfs, rsync or similar. In your VM you want to use watcher facilities for developing-concerns, but for some reason triggering inotify over the network seems to be troublesome or unreliable.



If you've ever felt like handling emails in web applications is messy, and you don't feel like your emails are as good as they could be, then you're not alone! I always feel like emails are annoying to develop, so I thought MailDev (GitHub: djfarrelly/maildev, License: MIT, npm: maildev) looked interesting. This module helps you test your project's generated emails during development with a responsive web interface. It has a Node API, and there's even a REST API so you could integrate it with other services.

Emails are displayed with WebSockets, so you don't have to keep refreshing, and it'll show HTML, text, and attachments.

I currently send all the generated emails to a temporary directory, then open them up when I need to. MailDev seems like a much better solution.


Mikael Brevik sent in node-notifier (GitHub: mikaelbr/node-notifier, License: MIT, npm: node-notifier), in response to the recent mention of trayballoon. Node-notifier tries to smooth out the differences between each platform, so you can use notification features that are present on all platforms more easily. It also supports actions on notifications.

Mikael notes that it works with node-webkit, which is cool if you're making Node desktop apps, and it supports the following notification systems:

  • Mac: Notification Center, Growl
  • Windows: Toasters, trayballoon
  • Linux: notify-osd

Here's an example:

var notifier = require('node-notifier');  
  'title': 'My notification',
  'message': 'Hello, there!'


libraries node modules http network security

Node Roundup: Building Node.js Together, node-libnmap, httpolyglot

Posted on .

Building Node.js Together

TJ Fontaine wrote about Node from a release management perspective on the official Node blog, in Building Node.js Together. It covers documentation, code quality, and the growing team of core contributors and contributors that are employed full-time to work on Node:

For instance, Chris Dickinson was recently hired to work full time on Node.js, and has expressed interest in working on the current and future state of streams. But it's not who employs Chris that makes him an ideal candidate, but it will be the quality of his contributions, and his understanding of the ethos of Node.js. That's how we find members of the team.


The evilscan module uses JavaScript to enumerate over TCP ports. node-libnmap (GitHub: jas- / node-libnmap, License: MIT, npm: node-libnmap) by Jason Gerfen is an alternative that uses the nmap binary.

It will return results as JavaScript objects, so you should be able to process the output fairly easily. A basic scan looks like this:

var libnmap = require('libnmap');

var opts = {  
  range: ['localhost', '', '']

libnmap.nmap('scan', opts, function(err, report){  
  if (err) throw err


httpolyglot (GitHub: mscdex / httpolyglot, License: MIT, npm: httpolyglot) by Brian White allows you to start a server that accepts both HTTP and HTTPS connections on the same port.

It works by sniffing the first byte of the stream to see if TLS is required:

var firstByte = data[0];  
if (firstByte < 32 || firstByte >= 127) {  
  // tls/ssl
} else


node modules npm network build-systems

Node Roundup: webpack, Mitm.js, musicmetadata

Posted on .



Vignesh Anand sent in webpack (GitHub: webpack, License: MIT, npm: webpack) by Tobias Koppers. It's a bundler for CommonJS and AMD packages, based around asynchronous I/O, and supports preprocessors like CoffeeScript.

With webpack you can load chunks of dependencies on demand, so you can reduce the initial payload. It only supports JavaScript by default, but there are modules for loading resources like CSS (css-loader). To understand how it works, the getting started tutorial provides a high-level overview.

Vignesh pointed out that Instagram uses webpack, and it already has a lot of support on GitHub.

Just wanted to leave a little thank you and share the exciting news that instagram.com is now building and serving all of its js and css assets with webpack :). @sokra you've been an awesome help in getting this all working, and our build step is so much cleaner and quicker because of it.


Mitm (GitHub: moll / node-mitm, License: LAGPL, npm: mitm) by Andri Möll is a module for intercepting and mocking outgoing TCP and HTTP connections. Running Mitm() will enable mocking for sockets, and it returns an object that allows mocking to be disabled:

var Mitm = require('mitm');  
var mitm = Mitm();

// Later:

The documentation has more examples, including how to handle HTTP requests during testing.


musicmetadata (GitHub: leetreveil / musicmetadata, npm: musicmetadata) by Lee Treveil is a streaming metadata parser for music files:

var fs = require('fs');  
var mm = require('musicmetadata');

// create a new parser from a node ReadStream
var parser = mm(fs.createReadStream('sample.mp3'));

// listen for the metadata event
parser.on('metadata', function(result) {  

The project is a fork of node-id3 by António Afonso.


node modules express network security connect cluster

Node Roundup: evilscan, pm2, connectr

Posted on .

You can send in your Node projects for review through our contact form.


It's finally here, TCP port scanning in Node! evilscan (GitHub: eviltik / evilscan, License: GPLv3, npm: evilscan) by Michel Soisson is a command-line tool, and has several interesting features, like control over the amount of concurrency, geolocation information, banner grabbing, and JSON output.

The author is focusing on connect scans, but is interested in adding SYN scans and UDP support. He's looking for contributors, and the project includes tests written with Mocha and Chai, so you really have no excuse not to help out! I think it's great to see well-tested security-related modules.



pm2 (GitHub: Unitech / pm2, License: MIT, npm: pm2) by Alexandre Strzelewicz is a command-line process manager for Node. It can be used to start a program as a cluster of processes, and then monitor the cluster's health, monitor the server itself (CPU/RAM/etc.), keep processes alive, log exceptions, and throttle programs that stop too quickly.

It also has tests written with Mocha, documentation, and examples.


connectr (GitHub: olalonde / connectr, License: MIT, npm: connectr) by Olivier Lalonde is a wrapper for Connect that allows middleware to be inserted at arbitrary points in the stack. That means you can add middleware before existing middleware.

It has a simple API: the before and after methods insert new middleware relative to other middleware, and it's also possible to add middleware to the top of the stack with first, or even based on an index.


node modules network security grunt streams

Node Roundup: 0.10.5, Node Task, cap

Posted on .

You can send in your Node projects for review through our contact form.

Node 0.10.5

Node 0.10.5 is out. Apparently it now builds under Visual Studio 2012.

One small change I noticed was added by Ryan Doenges, where the assert module now puts information into the message property:

4716dc6 made assert.equal() and related functions work better by generating a better toString() from the expected, actual, and operator values passed to fail(). Unfortunately, this was accomplished by putting the generated message into the error's name property. When you passed in a custom error message, the error would put the custom error into name and message, resulting in helpful string representations like "AssertionError: Oh no: Oh no".

The pull request for this is nice to read (apparently Ryan is only 17, so he got his dad to sign the Contributor License Agreement document).

Node Task

Node Task, sent in by Khalid Khan, is a specification for a promise-based API that wraps around JavaScript tasks. The idea is that tasks used with projects like Grunt should be compatible, and able to be processed through an arbitrary pipeline:

Eventually, it is hoped that popular JS libraries will maintain their own node-task modules (think jshint, stylus, handlebars, etc). If/when this happens, it will be trivial to pass files through an arbitrary pipeline of interactions and transformations utilizing libraries across the entire npm ecosystem.

After reading through each specification, it seems like an interesting attempt to standardise Grunt-like tasks. The API seems streams-inspired, as it's based around EventEmitter2 with various additional methods that are left for implementors to fill in.


Brian White sent in his cross-platform packet capturing library, "cap" (GitHub: mscdex / cap, License: MIT, npm: cap). It's built using WinPcap for Windows and libpcap and libpcap-dev for Unix-like operating systems.

It's time to write your vulnerability scanning tools with Node!

Brian also sent in "dicer" (GitHub: mscdex / dicer, License: MIT, npm: dicer), which is a streaming multipart parser. It uses the streams2 base classes and readable-stream for Node 0.8 support.