April 14 - 17, 2023
Node Congress
Berlin & Online

Node Congress 2023

The biggest event on JavaScript backends

A two-day conference on all things Node.js, DevOps, Edge-native workers (Cloudflare & others), Serverless, Deno & other JavaScript backend runtimes, gathering Back-end and Full-stack engineers across the globe in-person in Berlin and in the cloud.

This edition of the event has finished, the latest updates of this JavaScript Conference are available on the Brand Website.
DescopeReadysetPlatform.shNxCouchbaseFocusReactiveInfobip
Deno 2.0
36 min
Deno 2.0
Top Content
The Talk discusses forced optimization with Node and Deno, with Deno aiming to pursue the same goals in a more expansive and modern way. Deno has built-in support for NPM and enforces security constraints. It also has a key-value database called Deno KV, which will be a core part of the Deno 2 API. Deno Deploy is a serverless Edge Functions platform powered by FoundationDB, optimized for fast reading and ideal for building eCommerce sites or application servers at the edge. Deno 2.0 is coming soon with more features under development.
AWS Lambda under the hood
22 min
AWS Lambda under the hood
Top Content
In this Talk, key characteristics of AWS Lambda functions are covered, including service architecture, composition, and optimization of Node.js code. The two operational models of Lambda, asynchronous and synchronous invocation, are explained, highlighting the scalability and availability of the service. The features of Lambda functions, such as retries and event source mapping, are discussed, along with the micro VM lifecycle and the three stages of a Lambda function. Code optimization techniques, including reducing bundle size and using caching options, are explained, and tools like webpack and Lambda Power Tuning are recommended for optimization. Overall, Lambda is a powerful service for handling scalability and traffic spikes while enabling developers to focus on business logic.
Building a modular monolith with Fastify
30 min
Building a modular monolith with Fastify
Top Content
Fastify is a powerful tool for building web applications and APIs in Node.js, with millions of downloads per month. It promotes encapsulation and structuring through plugins and decorators, allowing for code and data segmentation. The talk emphasizes the importance of modularizing applications by domains and features, and showcases a demo of a typical Fastify application. The speaker also discusses the benefits of using Platformattic for refactoring and launching Fastify applications in the cloud. The Q&A section covers topics such as dependency injection and debugging, while also highlighting the importance of separating business logic from API contracts.
Node Monorepos with Nx
160 min
Node Monorepos with Nx
Top Content
WorkshopFree
Isaac Mann
Isaac Mann
Multiple apis and multiple teams all in the same repository can cause a lot of headaches, but Nx has you covered. Learn to share code, maintain configuration files and coordinate changes in a monorepo that can scale as large as your organisation does. Nx allows you to bring structure to a repository with hundreds of contributors and eliminates the CI slowdowns that typically occur as the codebase grows.
Table of contents:- Lab 1 - Generate an empty workspace- Lab 2 - Generate a node api- Lab 3 - Executors- Lab 4 - Migrations- Lab 5 - Generate an auth library- Lab 6 - Generate a database library- Lab 7 - Add a node cli- Lab 8 - Module boundaries- Lab 9 - Plugins and Generators - Intro- Lab 10 - Plugins and Generators - Modifying files- Lab 11 - Setting up CI- Lab 12 - Distributed caching
Building Multiplayer Applications with Cloudflare Workers & Durable Objects
28 min
Building Multiplayer Applications with Cloudflare Workers & Durable Objects
Top Content
Durable Objects are a part of CloudFlare's long-term goal to expand application possibilities on workers, allowing for the building of scalable collaborative applications. Durable Objects provide a way to store global state and coordinate multi-client applications. They can be created as close to the user as possible and have unique IDs for routing requests. Durable Objects have a persistent storage API with strongly consistent semantics and IO gates to prevent correctness errors. They are well-suited for collaborative applications and can be used with WebSockets. Performance impact and read replicas are considerations for accessing Durable Objects globally.
Server Components with Bun
7 min
Server Components with Bun
Top Content
Bun is a modern JavaScript runtime environment that combines a bundler, transpiler, package manager, and runtime. It offers faster installation of NPM packages and execution of package.json scripts. Bun introduces a new JavaScript and TypeScript bundler with built-in support for server components, enabling easy RPC with the client. This allows for code splitting and running code that streamingly renders React or any other library from the server and mixes it with client code, resulting in less JavaScript sent to the client.
Things I learned while writing high-performance JavaScript applications
31 min
Things I learned while writing high-performance JavaScript applications
Top Content
This talk explores the creation of a full-text search engine in JavaScript, highlighting the challenges with existing search engines like Algolia and the advantages of using JavaScript. The speaker emphasizes the importance of code optimization and performance enhancement techniques in JavaScript. The talk also discusses the evolution of the Lyra search engine into the open-source project Orama, which offers a feature-rich and highly performant full-text search engine for JavaScript. The speaker addresses questions about language choice, scalability, and deployment, and showcases the benefits of deploying an immutable database to a CDN.
Node.js Masterclass
109 min
Node.js Masterclass
Top Content
Workshop
Matteo Collina
Matteo Collina
Have you ever struggled with designing and structuring your Node.js applications? Building applications that are well organised, testable and extendable is not always easy. It can often turn out to be a lot more complicated than you expect it to be. In this live event Matteo will show you how he builds Node.js applications from scratch. You’ll learn how he approaches application design, and the philosophies that he applies to create modular, maintainable and effective applications.

Level: intermediate
Node.js startup snapshots
28 min
Node.js startup snapshots
Top Content
The Talk discusses the Startup Snapshot initiative in Node, which aims to improve startup performance by adding new features and optimizing initialization costs. Startup snapshots, serialized binary blobs, are used to speed up startup and can be generated for both the core and user applications. Custom snapshots allow deserializing a heap from a specified snapshot, skipping parsing and compilation. The Talk also addresses misconceptions and limitations of startup snapshots, and highlights the different use cases for heap snapshots and startup snapshots.
The Road to Async Context
26 min
The Road to Async Context
This Talk discusses the implementation and performance improvements of the async local storage API in Node and Cloudflare Workers. It explores the concept of continuations and execution contexts and how async local storage allows for passing contextual data through async flows. The talk also highlights the challenges in implementing async local storage in Node and the need for a standardized API. The introduction of async context as a replacement for async local storage is discussed, along with its benefits and the ongoing development of the async context API.
Bun, Deno, Node.js? Recreating a JavaScript runtime from Scratch - Understand magic behind Node.js
29 min
Bun, Deno, Node.js? Recreating a JavaScript runtime from Scratch - Understand magic behind Node.js
The Talk explores the magic behind Node.js and delves into its components, including V8, libuv, and the C++ bridge. It discusses the workflow and execution process, the use of NodeMod, and the understanding of console functions. The Talk also covers Node.js functions and scheduling, the introduction of runtimes, and the collaboration between JavaScript runtimes. It concludes with insights on content production, the choice of Node.js, and the inspiration behind it.
0 to Auth in an Hour Using NodeJS SDK
63 min
0 to Auth in an Hour Using NodeJS SDK
WorkshopFree
Asaf Shen
Asaf Shen
Passwordless authentication may seem complex, but it is simple to add it to any app using the right tool.
We will enhance a full-stack JS application (Node.JS backend + React frontend) to authenticate users with OAuth (social login) and One Time Passwords (email), including:- User authentication - Managing user interactions, returning session / refresh JWTs- Session management and validation - Storing the session for subsequent client requests, validating / refreshing sessions
At the end of the workshop, we will also touch on another approach to code authentication using frontend Descope Flows (drag-and-drop workflows), while keeping only session validation in the backend. With this, we will also show how easy it is to enable biometrics and other passwordless authentication methods.
Table of contents- A quick intro to core authentication concepts- Coding- Why passwordless matters
Prerequisites- IDE for your choice- Node 18 or higher
Decomposing Monolith NestJS API into GRPC Microservices
119 min
Decomposing Monolith NestJS API into GRPC Microservices
Workshop
Alex Korzhikov
Alex Korzhikov
The workshop focuses on concepts, algorithms, and practices to decompose a monolithic application into GRPC microservices. It overviews architecture principles, design patterns, and technologies used to build microservices. It covers the theory of the GRPC framework and protocol buffers mechanism, as well as techniques and specifics of building isolated TypeScript services in the Node.js stack. The workshop includes a live use case demo of decomposing an API application into a set of microservices. It fits the best architects, tech leads, and developers who want to learn microservices patterns.
Level: AdvancedPatterns: DDD, MicroservicesTechnologies: GRPC, Protocol Buffers, Node.js, TypeScript, NestJS, Express.js, PostgreSQL, TurborepoExample structure: monorepo configuration, packages configuration, common utilities, demo servicePractical exercise: refactor monolith app
Fresh: a new full stack web framework for Deno
24 min
Fresh: a new full stack web framework for Deno
Today's Talk introduces Fresh, a full-stack web framework for Deno, and covers its features, such as static files, routes, and data-fetching. It also discusses middleware, error pages, and styling options. The Talk explains the Islands architecture used by Fresh to enable client interactivity. The demo showcases the use of hybrid routes and islands components, and resources for Fresh, Deno, Preact, TypeScript, and web standards are provided.
Observability with diagnostics_channel and AsyncLocalStorage
21 min
Observability with diagnostics_channel and AsyncLocalStorage
Observability with Diagnostics Channel and async local storage allows for high-performance event tracking and propagation of values through calls, callbacks, and promise continuations. Tracing involves five events and separate channels for each event, capturing errors and return values. The span object in async local storage stores data about the current execution and is reported to the tracer when the end is triggered.
How to use ChatGPT with Node.js
32 min
How to use ChatGPT with Node.js
Today's Talk introduces Chat GPT and its integration with Node.js, highlighting its exceptional performance and natural language capabilities. The speaker demonstrates how to interact with ChatGPT using Node.js and showcases examples such as selecting avatars and getting jokes. The Talk also discusses the use of ChargePT for extracting important information and interacting with databases. Important considerations when using ChatGPT, the potential of GPT-4, and the impact of AI on jobs are also covered. Security concerns and the use of extensions like Runme in Visual Code are mentioned as well.
Parse, Don’t Validate
26 min
Parse, Don’t Validate
Evgeny Poberezkin
Jason Green
2 authors
Hello. We're going to talk today about JavaScript and how to ensure data correctness. JSON can be wasteful and has security issues, but Fastify tackles these challenges. JTD is better than JSON Schema for most API use cases, as it has a more strict structure and avoids debugging issues. Jason demonstrates how to validate data with JTD and TypeScript, ensuring data validity and improving performance. The approach of parsing JSON directly to the application type and serializing a specific type improves security and reliability.
JavaScript-based full-text search with Orama everywhere
49 min
JavaScript-based full-text search with Orama everywhere
Workshop
Michele Riva
Michele Riva
In this workshop, we will see how to adopt Orama, a powerful full-text search engine written entirely in JavaScript, to make search available wherever JavaScript runs. We will learn when, how, and why deploying it on a serverless function could be a great idea, and when it would be better to keep it directly on the browser. Forget APIs, complex configurations, etc: Orama will make it easy to integrate search on projects of any scale.
Decoupling in Practice
102 min
Decoupling in Practice
WorkshopFree
Chad Carlson
Chad Carlson
Deploying decoupled and microservice applications isn't just a problem to be solved on migration day. Moving forward with these architectures depends completely on what your team's workflow experience will look like day-to-day post-migration.
The hardest part of this can often be the number of vendors involved. Some targets are best suited for specific frontend frameworks, while others are more so for CMSs and custom APIs. Unfortunately their assumptions, workflows, APIs, and notions of security can be quite different. While there are certain advantages to relying on a strict contract between apps – where backend and frontend teams work is limited to a single vendor – this isn't always realistic. This could be because you're still experimenting, or simply the size of your organization doesn't allow for this kind of specialization just yet.
In this workshop, you'll have a chance to explore a different, single vendor approach to microservices using Strapi and Next.js as an example. You'll deploy each app individually, establishing a workflow from the start that simplifies customization, introducing new features, investigating performance issues, and even framework interchangeability from the start.
Structure:- Getting started- Overview of Strapi- Overview of Platform.sh workflow- Deploying the project- Switching services- Adding the frontend
Prerequisites:- A Platform.sh trial account created- The Platform.sh CLI installed
Scaling up Your Database With ReadySet
33 min
Scaling up Your Database With ReadySet
WorkshopFree
Aspen Smith
Nick Marino
2 authors
The database can be one of the hardest parts of a web app to scale. Many projects end up using ad-hoc caching systems that are complex, error-prone, and expensive to build. What if you could drop in a ready-built caching system to enable better throughput and latency with no code changes to your application?
Join developers Aspen Smith and Nick Marino to see how you can change one line of config in your app and use ReadySet to scale up your query performance by orders of magnitude today.
Prototype Pollution in JavaScript
27 min
Prototype Pollution in JavaScript
This Talk discusses prototype production in JavaScript and focuses on the concept of prototype pollution. It explains the impact of prototype pollution and ways to avoid it. The Talk also highlights real-world examples of prototype pollution vulnerabilities in Kibana and MongoDB. It provides recommendations for preventing and mitigating prototype pollution, such as filtering out merge functions and using defensive objects. The Talk concludes with a discussion on tools like Semgrep for static analysis and the importance of sanitization and validation in preventing outside attacks.
GraphQL with Mercurius and Prisma, love at first sight
34 min
GraphQL with Mercurius and Prisma, love at first sight
The Talk discusses the use of Prisma and Mercurius in moving from REST API to GraphQL. Prisma improves the developer experience and allows for easy data modeling and type-safe queries. Mercurius is easy to learn if you already know Fastify and offers a performant GraphQL server. Fastify is preferred over Express for its active community and good performance. The ideal stack for Node.js includes Fastify for REST API and GraphQL, Prisma for the database, and the default provider like MongoDB.
Next Generation Code Architecture for Building Maintainable Node Applications
30 min
Next Generation Code Architecture for Building Maintainable Node Applications
Today's Talk focused on code architecture, modularization, and scaling in software development. The speaker discussed the benefits of separating code by domain and using tools like NX to improve productivity and enforce modular architecture. They also highlighted the importance of automating library creation and configuration. Additionally, the Talk covered code scaling and deployment strategies, including caching and automated code migrations. The speaker emphasized the flexibility and scalability of Fastify and the advantages of using a monorepo for front-end and back-end development.
The tale of avoiding a time-based DDOS attack in Node.js
29 min
The tale of avoiding a time-based DDOS attack in Node.js
Web applications face constant threats from DDoS attacks, including the new Zoloris attack that can bring down a server with minimal bandwidth. Node.js has had vulnerabilities in its timeout handling, but recent versions like Node 18 provide better protection. NGINX is recommended for protection against slow loris attacks due to its superior timeout handling. Mitigating slow loris attacks for WebSockets involves enforcing higher timeouts and shutting down idle clients. It is important to prioritize security over performance and use common sense in software development.
Bring Node.js into your browser with WebContainers
21 min
Bring Node.js into your browser with WebContainers
This Talk discusses bringing Node.js into the browser using web containers. It covers the history of Node.js and the internet in the early 2000s, the possibilities of Node.js in the browser, and approaches to achieving this. It also explores Stackbits' journey and growth, innovation in web container design, and the functionality of web containers. The Talk emphasizes the importance of open source and collaboration in improving the web ecosystem.
Eval all the strings! - Hardened JavaScript
8 min
Eval all the strings! - Hardened JavaScript
NPM packages can be potentially dangerous, so it's important to be proactive in managing them. Lava Mode allows you to detect and investigate suspicious packages before deploying your app. Lavamote prevents unauthorized access to sensitive resources by isolating dependencies and using hardened JavaScript. Lava Mode makes it easier to analyze obfuscated files and understand their actions.
Using Machine Learning to Supercharge Your Node.js App
9 min
Using Machine Learning to Supercharge Your Node.js App
Welcome to our talk on incorporating machine learning to your Node.js applications. Learn how to take your Node.js application to the next level with machine learning. Implementing machine learning in Node.js can be daunting, but with the right framework and approach, it can be simplified. Start with a simple model, gradually add complexity, and ensure high-quality data. Monitor and evaluate your models using metrics and consider scalability and reusing pre-trained models.
Node.js: Landing your first Open Source contribution & how the Node.js project works
85 min
Node.js: Landing your first Open Source contribution & how the Node.js project works
Workshop
 Claudio Wunder
Claudio Wunder
This workshop aims to give you an introductory module on the general aspects of Open Source. Follow Claudio Wunder from the OpenJS Foundation to guide you on how the governance model of Node.js work, how high-level decisions are made, and how to land your very first contribution. At the end of the workshop, you'll have a general understanding of all the kinds of work that the Node.js project does (From Bug triage to deciding the Next-10 years of Node.js) and how you can be part of the bigger picture of the JavaScript ecosystem.

The following technologies and soft skills might be needed):
  - Basic understanding of Git & GitHub interface
  - Professional/Intermediate English knowledge for communication and for allowing you to contribute to the Node.js org (As all contributions require communication within GitHub Issues/PRs)
  - The workshop requires you to have a computer (Otherwise, it becomes difficult to collaborate, but tablets are also OK) with an IDE setup, and we recommend VS Code and we recommend the GitHub Pull Requests & Issues Extension for collaborating with Issues and Pull Requests straight from the IDE.

The following themes will be covered during the workshop:
- A recap of some of GitHub UI features, such as GitHub projects and GitHub Issues
- We will cover the basics of Open Source and go through Open Source Guide
- We will recap Markdown
- We will cover Open Source governance and how the Node.js project works and talk about the OpenJS Foundation
  - Including all the ways one might contribute to the Node.js project and how their contributions can be valued
- During this Workshop, we will cover Issues from the nodejs/nodejs.dev as most of them are entry-level and do not require C++ or deep technical knowledge of Node.js.
  - Having that said, we still recommend enthusiast attendees that want to challenge themselves to "Good First Issues" from the nodejs/node (core repository) if they wish.
  - We're going to allow each attendee to choose an issue or to sit together with other attendees and tackle issues together with Pair Programming through VS Code Live Share feature
    - We can also do Zoom breakrooms for people that want to collaborate together
  - Claudio will be there to give support to all attendees and, of course, answer any questions regarding Issues and technical challenges they might face
  - The technologies used within nodejs/nodejs.dev are React/JSX, Markdown, MDX and Gatsby. (No need any knowledge of Gatsby, as most of the issues are platform agnostic)
- By the end of the Workshop, we'll collect all (make a list) the contributors who successfully opened a Pull Request (even if it's a draft) and recognise their participation on Social media.
JS Character Encodings
33 min
JS Character Encodings
Character encodings are important for converting characters into bytes. UTF-8 is the most commonly used encoding in JavaScript. JavaScript engines handle character encodings automatically. There are bugs in Node.js related to character encoding and string manipulation. It is important to be cautious when working with character encodings and to choose the appropriate method for string manipulation.
Monitoring, Alerting, And Visualizing your Node.JS server infrastructure with Open Source tools
31 min
Monitoring, Alerting, And Visualizing your Node.JS server infrastructure with Open Source tools
This Talk introduces monitoring, alerting, and visualizing Node.js server infrastructure with open source tools. It covers the use of time series databases for server monitoring and discusses the JavaScript client library. The InfluxDB platform offers features for data acquisition, visualization, and task scheduling. The Talk includes a live demo of a fake Express server and showcases the use of community templates and the Node.js dashboard. It also provides resources for further learning and discusses options for visualization with Grafana.
tRPC - Move Fast and Break Nothing
26 min
tRPC - Move Fast and Break Nothing
TRPC is a tool that simplifies API development by allowing you to call functions in the backend and have the type data inferred into the frontend without code generation. It provides type safety and auto completion when querying databases using Prisma. TRPC can be used with various frontend frameworks and has features like automatic batching and middlewares. It can be shared between repositories using a monorepo or by publishing the types as an npm package. TRPC is easy to set up compared to gRPC and provides built-in input and output validation.
The State of Node.js Core
24 min
The State of Node.js Core
Today's Talk discussed the state of Node.js core, with increasing downloads and over 2 million packages on npm. Node.js has a LTS schedule, with Node 14 currently in maintenance mode. It was recommended to aim for Node 18, as Node 16 and its version of OpenSSL will soon be end of life. Node 18, known as Hydrogen, is stable and has new features. The Talk also covered CLI testing, core modules, new features, and upcoming enhancements.
Type-safe bindings for Node.js with Rust and WebAssembly
22 min
Type-safe bindings for Node.js with Rust and WebAssembly
This Talk explores TypeScript bindings for NodeJS with Rust and WebAssembly, providing an alternative approach for creating native NodeJS modules and automatically generating types. It delves into the use of WebAssembly and Rust for TypeScript modules, showcasing how Rust functions can be defined and imported using the wasm.bindgen library. The Talk also highlights the challenges of string conversion between Rust and JavaScript, the limitations of supporting Rust data types in JavaScript, and the seamless integration of Rust functions into TypeScript apps using tspy. It concludes with the recommendation of TSFI for type-safe bindings and showcases its usage in a TypeScript-based full-text search engine with WebAssembly support.
Roll you own JavaScript runtime
21 min
Roll you own JavaScript runtime
This Talk introduces Deno, a custom JavaScript runtime similar to Node.js, and discusses the benefits of using a custom runtime. It explores the process of building a custom runtime with Deno in Rust, including the integration with Cargo and the ability to mix and match crates and APIs. The Talk also covers the implementation of the setTimeout function in both Run.js and Runtime.js, and provides examples of how to fix errors and implement additional functions. Overall, the Talk highlights the flexibility and possibilities of creating custom runtimes with Deno.
Measuring the Cost of a GraphQL Query with mercurius-explain
7 min
Measuring the Cost of a GraphQL Query with mercurius-explain
Today we're going to talk about measuring the cost of a GraphQL query with Mercury's Explain. GraphQL allows us to create a list of items we want without needing to know their locations. NearForm created Mercurius Explain, a plugin that adds a Profiler to your GraphQL instance. This plugin provides detailed information about the resolution time and number of resolver calls for each field, making it easier to optimize and debug queries. Mercurius Explain is a valuable tool for understanding the cost of your GraphQL queries.
Creating an innovation engine with observability
27 min
Creating an innovation engine with observability
Baseline provides observability for serverless architectures and has created an innovation engine within their team. They measure team performance using Dora metrics and the Accelerate book. Baseline emphasizes the importance of foundations, streamlined testing, and fast deployment. They practice observability-driven development and incorporate observability as part of their development lifecycle. Baseline believes in building a culture that fosters ownership and democratizes production.
Tale of Two Repos
24 min
Tale of Two Repos
JavaScript became popular in the mid-2010s with the introduction of Node and advanced frameworks like Angular and React. Monorepos, which are single repositories containing multiple artifacts, are a popular approach for managing JavaScript projects. Linking packages internally in a monorepo can be done through local or global installation, or by publishing them to an artifact registry. Managing monorepos has become more complex with the introduction of tools like TypeScript and Babel. The development process for web applications involves a build process, testing, and linting, which can be facilitated by tools like Yarn Workspace and NPM Workspace. The release strategy for monorepos can be either unified or distributed, and it is important to select tools that align with the chosen strategy.
Couchbase Capella Workshop
Recording pending
Couchbase Capella Workshop
WorkshopFree
Michael Hirschberg
Michael Hirschberg
Are you looking for a DBaaS you don’t have to battle with? If so, join us at our Couchbase Capella™ workshop. Capella is our fully managed DBaaS – combining the best of relational and noSQL databases. Designed to reduce costs and admin overhead. The workshop is giving you the full rundown of the kinds of things you can accomplish with Capella.
Workshop table of content:- Couchbase overview and architecture- Couchbase Capella overview- Data access: SQL for JSON, full text search- Lab 1: SQL query, FTS query- Break- Lab 2: SDKs, API, Couchbase live playground- Advanced topics, Q&A
Pre-req: laptop with internet connectivity.
The Edge & Databases: Everything Everywhere All at Once
26 min
The Edge & Databases: Everything Everywhere All at Once
This talk discusses working with databases on the Edge, the challenges of serverless and databases, and the challenges of working with databases on the Edge. It explores solutions such as using proxy connections and globally replicated data stores. The talk also highlights the use of Prisma for caching data and the considerations for edge migration. Additionally, it mentions the caching strategy with SWR and the availability of edge solutions for caching.
Game Changer! Building Search Into Your Applications
8 min
Game Changer! Building Search Into Your Applications
Implementing the right strategies and tools, such as Apache Lucene, can improve search performance and user experience. The choice of analyzer affects search results, and query operators provide various search options. Relevant scoring is crucial for ranking documents based on relevance. Custom scoring can prioritize specific criteria. Consider analyzers, query operators, and scoring methods to optimize the search experience.
Securing Your Software Supply Chain
21 min
Securing Your Software Supply Chain
Today's Talk focuses on securing the software supply chain, particularly in the JavaScript ecosystem. The number of transitive dependencies in JavaScript projects can contribute to vulnerabilities. Attacks on the open-source supply chain have increased significantly, leading to initiatives to improve supply chain security. Accuracy in package manager dependencies is crucial, and caching and bundling dependencies can help achieve reproducible installations. Mitigating threats involves active scanning, creating profiles, and sharing information. Tools like NPM Audit Signatures can verify package integrity. Future developments include reproducible installations and powerful dependency queries.
Tools for better Observability in NodeJS Serverless IoT Applications
8 min
Tools for better Observability in NodeJS Serverless IoT Applications
The Talk discusses the challenges of IoT development, including issues with fleet offline, data missing, alerts not working, inconsistent data, and slow loading dashboards. It explores how to build observability in IoT applications using metrics, logging, and tracing. The integration between the rules engine and Lambda is explained, highlighting the use of tools like Lambda Power Tools and X-Ray for logging, monitoring, and tracing. The Lambda invocation process and the tracing capabilities of X-Ray are also mentioned.
Supply Chain Security Experience
8 min
Supply Chain Security Experience
Supply chain security is important in software development, and it's crucial to assess the actual impact of threats. When dealing with security vendors, ask practical questions about vulnerabilities and impacts. Focus on quality signal and noise ratios when considering the number of dependencies. Ongoing conversations with vendors are important to address concerns. Stay informed and make informed decisions.
The Database Magic Behind 40MIO Ops/S
7 min
The Database Magic Behind 40MIO Ops/S
This lightning talk discusses the database magic behind handling 40 million operations a second. The Amadeus database, powered by Couchbase, caters to travel agencies and airlines and handles a massive amount of traffic. Couchbase is a flexible and scalable database that supports JSON and SQL++ and provides low response times. It offers deployment options for on-premises, Kubernetes, and Capella cloud, and also has a mobile database for offline-first functionality and peer-to-peer communication.