Backend JavaScript News Brief (Q3 2021)

Several security fixes were addressed. Popular topics include Microservices Authentication in Node.js, the npm registry deprecating TLS 1.0 and 1.1, and the Node v16.10.0 release.

Honeybadger's quarterly briefings keep you up to date on the most important developments in your programming communities. We curate the news so you can spend more time focusing on what's really important.

  • Events: Conferences and meetups. Upcoming and recently completed.
  • Security: Recent vulnerability reports
  • Projects: News about major community projects
  • Standout Content: Content that didn't fit in other sections, but that was too cool to leave out.


jsday on Jul 6-7

The jsday 2021 is the 10th edition of the online Italian JavaScript conference, organized by GrUSP, and many others.

iJS NEW YORK HYBRID 2021 on Sep 27-30

The International JavaScript Hybrid Conference takes place in New York this year, with topics varying on JavaScript practices and tools, Vue/Angular/React, and Node.js.

  • Sep 20: International JavaScript Conference & PHP Conference 2021: Early bird special.

NodeConf Remote 2021 on Oct 18-21

Europe's largest fully remote Node.js conference is run by the organizers of NodeConf EU and will focus on keynotes on Node.js Core, Apps, Community, and related.

  • Sep 20: Nodeland newsletter announcing the conference dates, calling devs to join in.
  • Sep 12: Meet the NearForm team at JSDay!

Conf42: JavaScript 2021 on Oct 28

Join us for the online conference JavaScript, which’s all about JavaScript and the crazy things you can do with it! Presentations on new frameworks and libs for JS, Node.js, innovative uses of JS, and games.

CascadiaJS 2021 on Nov 3-4

A JavaScript hybrid event, a virtual conference progressively enhanced with in-person events in Seattle, Portland and Vancouver, BC.

  • Aug 25: Why is CascadiaJS hybrid this year?

CONNECT.TECH 2021 on Nov 8-10

CONNECT.TECH is the largest multiframework frontend conference in the USA. It’s a premium Web, Mobile and Design conference at a community conference price!

Node.TLV on Nov 14-15

The 2nd edition of the Node.js international conference in Tel Aviv, Israel, brought to you by Node.js-IL and EventHandler, is going to be 100% Node.js. Topics will vary from Node apps scalability & performance, trends/hot topics in 2021, security, ops, tests, and much more.

XtremeJS Online Conference on Dec 22

This year's online conference is looking for talks on JavaScript, micro frontend, DevOps, Data Science, IOT, and more.


  • Sep 17: static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
  • Sep 8: GitHub security update: vulnerabilities in tar and @npmcli/arborist that may result in arbitrary code execution due to file overwrite and creation when tar is used to extract untrusted tar files.
  • Aug 11: An error in Ghost on the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability.
  • Aug 11: cares upgrade - Improper handling of untypical characters in domain names (High) (CVE-2021-22931)
  • Aug 3: node-tar: arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning (CVE-2021-32803)



The most popular JavaScript runtime built on Chrome's V8 JavaScript engine.

  • Sep 22: Node v16.10.0 (Current) released — No big changes, but lots of smaller things, like npm and Acorn being updated and a new way to limit requests per connection via http.
  • Sep 21: Latest new release of V8 v9.5, which is in beta until its release in coordination with Chrome 95 Stable in several weeks. V8 v9.5 is filled with all sorts of developer-facing goodies such as Intl.DisplayNames v2, WebAssembly Exception Handling, and more.
  • Sep 7: Node v16.9.0 released with Corepack, a new experimental tool for managing package managers directly within the Node distribution itself (as already used to occur with npm but could now be Yarn orpnpm` instead).
  • Aug 18: Node v16.7.0 released adding an experimental recursive cp implementation.


A growing-in-popularity secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust.

  • Sep 14: Deno 1.14 has been released with many new Web Crypto APIs.
  • Sep 1: Deno Deploy Beta 2. This is the second in a series of beta releases that will be made over the coming months. This version includes static files loaded via Deno.readFile, new design, crash reports, and more.
  • Aug 10: Deno 1.13 has been released with many updates such as stabilize native HTTP server API, use system certificate store for TLS, updates to WebCrypto APIs, and much more.
  • Jul 13: Deno 1.12 has been tagged and released. It adds for more Web Crypto functions, server side WebSocket support in native HTTP, among other improvements.


The Microsoft programming language for strict syntactical JavaScript with optional static typing.

  • Jul 1: Announcing TypeScript 4.4. Among the major highlights, we have control flow analysis of aliased conditions, symbol and template string pattern index signatures, exact optional property types, and many performance improvements.
  • Aug 24: Announcing the New TypeScript Homepage, the next iteration version of the TypeScript Website has been switched on for the TypeScript homepage.


The fully-featured productivity-focused web framework for Node.js to create functional web apps or API servers.

  • Aug 20: Adonis 5.3.0 is out introducing AdonisJS drive (a new official package), along with some bug fixes, minor improvements and a breaking change..


Nest is a progressive Node.js framework for building efficient and scalable server-side applications.

  • Jul 7: Release of NestJS 8, a major release spanning the entire platform, including the framework, numerous improvements to the @nestjs/graphql and @nestjs/config packages, CLI, and updated documentation.

MongoDB Node.js Driver

The official MongoDB Node.js driver allows Node.js applications to connect to MongoDB and work with data.

  • Jul 13: Mongo Node.js Driver v4.0: a significant update a year in the making which completes a migration to TypeScript and adds support for some features added in MongoDB 5.0.


Socket.IO enables real-time bidirectional event-based communication in various languages.

  • Aug 30: Socket.IO 4.2.0 is released, including small bug fixes on typings, and ignoring query strings when serving client JavaScript.


The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

  • Sep 21: Electron 15.0 released, wich includes upgrades to Chromium 94, V8 9.4, and Node.js 16.5.0. They've also added API updates to, bug fixes, and general improvements.
  • Aug 31: Electron 14.0 released, includes upgrades to Chromium 93 and V8 9.3, and several API updates, bug fixes, and general improvements.
  • Jul 14: Beginning in September 2021, Electron will have a new release cadence: a new major stable version every 8 weeks.


Node-RED is a ‘low code’ programming environment built on top of Node that makes it easy to ‘wire up’ event flows in a visual way.

  • Jul 20: Node-RED 2.0 released with focus on upgrading dependencies, dropping old Node version support, and an (optional) improved text editor..

Microservices in Node.js (3)

Standout Content

What to do next:
  1. Try Honeybadger for FREE
    Honeybadger helps you find and fix errors before your users can even report them. Get set up in minutes and check monitoring off your to-do list.
    Start free trial
    Easy 5-minute setup — No credit card required
  2. Get the Honeybadger newsletter
    Each month we share news, best practices, and stories from the DevOps & monitoring community—exclusively for developers like you.
    Stop wasting time manually checking logs for errors!

    Try the only application health monitoring tool that allows you to track application errors, uptime, and cron jobs in one simple platform.

    • Know when critical errors occur, and which customers are affected.
    • Respond instantly when your systems go down.
    • Improve the health of your systems over time.
    • Fix problems before your customers can report them!

    As developers ourselves, we hated wasting time tracking down errors—so we built the system we always wanted.

    Honeybadger tracks everything you need and nothing you don't, creating one simple solution to keep your application running and error free so you can do what you do best—release new code. Try it free and see for yourself.

    Start free trial
    Simple 5-minute setup — No credit card required

    Learn more

    "We've looked at a lot of error management systems. Honeybadger is head and shoulders above the rest and somehow gets better with every new release."
    — Michael Smith, Cofounder & CTO of YvesBlue

    Honeybadger is trusted by top companies like:

    “Everyone is in love with Honeybadger ... the UI is spot on.”
    Molly Struve, Sr. Site Reliability Engineer, Netflix
    Start free trial
    Are you using Sentry, Rollbar, Bugsnag, or Airbrake for your monitoring? Honeybadger includes error tracking with a whole suite of amazing monitoring tools — all for probably less than you're paying now. Discover why so many companies are switching to Honeybadger here.
    Start free trial