Developer Relations Engineer

A guide to building a GraphQL API server using Fastify and Mercurius. This workshop will guide participants in building a high-performance, scalable, and customizable graphQL server. This covers the backend stack and uses all open-source, community-driven technologies. Starting with the basics and ramping up to advanced GraphQL techniques including error handling, federation, and fragments. After completing the workshop, participants will have an understanding of the required concepts and skills that are required to build a production-grade GraphQL server.

From zero to GraphQL

First there was LAMP, then there was MEAN and JAM. But now it’s 2022 and times have changed… What does the modern full stack look like? It’s built entirely from free and open source technologies, it’s scalable beyond imagination, it can run on-premise or in the cloud, it should get out of the way and not lead to vendor lock-in, and most importantly it should “just work.” There are so many tools to choose from. Choosing the right stack from day one can be the difference between project success and a smoldering pile of software ashes. Using fastify, mercurius, urql, and react we can build high-performance full-stack applications using all javascript technologies.

Full-stack JS today: fastify, graphql, and react

Full Stack Product Designer

Get insights into the current state of your running applications/services through OpenTelemetry. It has never been as easy as now, to collect data with Open Source SDKs and tools which will help you to extract metrics, generate logs and traces and export this data in a standardized format to be analyzed, using the best practices. In this talk, We’ll show how easy is to integrate OpenTelemetry in your Node.js applications and how to get the most of it using Open Source tools.

Dot, line,Trace! Instrument your Node.js applications with Open Source Software

Senior Software Engineer

Founder and CTO

Node-RED is a low-code platform that makes it super simple to build event-driven applications within the browser that are deployed to its Node.js runtime.

The main way the platform can be extended is by creating new nodes in its palette. With close to 4000 nodes already available, there's a lot to choose from. But there's always room for more.

This workshop will walk through the process of taking an existing npm module and wrapping it to use within Node-RED.

Building Node-RED Nodes for fun or profit

Independent Node.js consultant and educator

A well-designed Node.js CLI tool can make life better, for you and your users. But what’s the best way to design one that meets user needs, and then how do you pick the libraries to help you build it?

Which library will you use to parse the command-line arguments? And which will you use to ask questions and get responses from your users? How about getting data from an external API? That’s a lot of decisions, and potentially a lot of libraries!

Node.js core is evolving all the time and the libraries you might have relied on before to build CLIs aren’t always needed. Newer APIs such as parseArgs, readline/promises and fetch give us exciting new opportunities for building CLI tools with Node.js.

In this workshop we’ll explore what makes a human friendly CLI and how we can leverage Node.js core to help our users achieve their goals, and live their best command-line lives.

Crafting human friendly CLIs with Node.js core

Educator and developer

Node.js Lead

This workshop provides an introduction to cloud native development with Node.js. The workshop will walk you through building cloud native Node.js applications, incorporating typical components including observability components for logging, metrics, and more. Next, we’ll show you how to deploy your application to cloud environments. The workshop will cover cloud native concepts and technologies, including health checks, metrics, building containers, and deployments to Kubernetes.

Elevating Node.js Applications to the Cloud

Head of DevRel

WebAssembly is a technology that is changing the way the web works by allowing code from other languages to be imported and used in many places, including the browser and Node.js. With this, we can bring modules from other languages into our applications without all the hassle of native compilation. Let's take a look at the cool stuff we can do when almost any code is available for us to use with Node.js! We will cover what WebAssembly is, how to use it with Node.js, and the benefits of using WebAssembly code in your Node.js application.

Augmenting Node.js with WebAssembly

Software Engineer

The Node.js release schedule may seem overwhelming to keep up with, maintaining 3 or 4 versions at a time, but there’s no shortage of effort that goes into releases to support the wide use of JavaScript across the web. Many Node.js contributors spend hours discussing APIs, running tests, and preparing release notes for a single release - but how does it all come together?

As a releaser, I will discuss the work that goes into a release, tips I’ve picked up along the way, and how every contribution counts. Learn how the Node.js project manages semver major releases, security patches, long-term support, and everything in between.

The Life and Times of a Node.js Release

Senior Software Infrastructure Engineer

Record & Tuple is a proposed feature for JavaScript that aims to introduce new immutable value types. Records are immutable key/value structures and Tuples are immutable sequences of data. In this talk, Robin, one of the champions of the proposal will introduce the feature, show how it can be used and explain how this feature is advancing in the TC39 standardization process.

Record & Tuple: immutable data structures in JS

Director of Developer Advocacy

These days of cyber warfare and targeted supply chain attacks on open source packages we developers are more attentive to security vulnerabilities. Yet writing secure code to avoid security vulnerabilities is an entirely different paradigm that needs to be mastered. One such vulnerability is Path Traversal, and while it may sound harmless, it is in fact ubiquitous and presents a significant risk. My session will teach you how path traversal vulnerabilities manifest in everything from code in your own applications to code in dependencies to core modules in the Node.js runtime. Additionally, path traversal vulnerabilities may endanger your local development setup and lead to insecure Node.js applications risking your production environment. Join me to gain a new secure coding skill and learn how to mitigate this set of security vulnerabilities.

Char Wars: The Path Traversal Strikes Back

Overwhelmed with security issues in your Node.js applications? Not entirely sure how to write secure code? Join us in this workshop where you’ll learn how to improve security without being a security professional. We’ll use Snyk Code’s VS Code extension to catch and find security issues while you code, automatically fix security issues in your open source libraries, and see first-hand how to weaponize vulnerabilities to exploit working Node.js applications. You will also learn about the multiple ways of using Snyk to secure your projects, from the CLI, to CI/CD pipelines with GitHub Actions, and extend your know from secure code and secure dependencies to that of building secure containers to your Node.js apps on Docker.

Developer Security Essentials with Snyk

System Engineer

Sometimes experiments have unintended consequences. Two years ago I modified the AbortController implementation in Node.js to support structured cloning and transfer across Node.js worker threads. The change introduced a nice performance bug in the implementation of WritableStream. We'll break down what happened and how we fixed it.

Transferable AbortController: The story of a Node.js performance bug

Distinguished Engineer, Director

Evil lurks in every package you download into your node_modules folder. Come learn how a large enterprise like Capital One manages the risk of a constantly evolving vulnerability landscape and encourages responsible use of Node.js and associated modules at Enterprise scale.

Responsible use of Node.js & OpenSource software in an evil world!

Senior Developer

Web applications are commonly vulnerable to several Distributed Denial of Service attacks, sometimes in unexpected ways. An example is the SlowLoris attack, an exploit that leads to service interruption by simply sending the data to the server as slowest as possible.

In this talk I will tell the tale of how it took almost 13 years for Node to be completely protected by SlowLoris attack. I will also show that sometimes prioritizing performance can lead to incorrect fixes that can result in a false sense of protection.

The tale of avoiding a time-based DDOS attack in Node.js

Node.js & DevOps freelancer

Preserving contextual data across asynchronous calls has been always tricky in Node.js land. For example, how to pass information about the current user or a correlation (transaction) id from the code processing incoming HTTP requests to the code calling a backend web service? Traditional runtimes like C and Java can utilize thread-local storage, which does not work for Node's single-threaded event loop.

The talk will describe different solutions people have been using (and abandoning) over the past 6+ years, dive into the history of domains and async hooks, explain what's so difficult about context keeping. Finally, I'll discuss the AsyncLocalStorage API stabilised in Node.js 16 and show how to use it in practice.

Hold my context!

Senior Architect

How many ways do you know to do iteration with JavaScript and Node.js?
While, for loop, for...in, for..of, .map(), .forEach(), streams, iterators, etc! Yes, there are a lot of ways! But did you know that JavaScript has iteration protocols to standardise synchronous and even asynchronous iteration?

In this workshop we will learn about these protocols and discover how to build iterators and iterable objects, both synchronous and asynchronous. We will learn about some common use cases for these protocols, explore generators and async generators (great tools for iteration) and finally discuss some hot tips, common pitfalls, and some (more or less successful) wild ideas!

Workshop: JavaScript iteration protocols

Head Developer Advocate

Node.js contributors are always working towards adding useful and awesome features to improve the runtime.

In this talk, you will learn what to expect in future Node.js releases, the most exciting features, and tips on how to use those features.

New and Exciting Features in Node.js

I have been doing some performance stuff at Netflix for some time.  I wanted to take some time to share with you two very specific techniques for making your applications faster.  

One of the two steps is surprisingly beneficial.

Performance and Memory

Senior Software Architect

Performance plays and important role in engineering. After looking for contributing to Node.js, implementing a very fast specification compliant URL state machine and a parser for Node.js became the project which pushes the boundaries of both javascript user-land and node.js.

Road to a fast url parser in Node.js

A major earthquake has hit TC39, the JavaScript standards committee. A proposal for adding type annotations to JavaScript has just landed in the committee, and has been approved for Stage 1. What is this proposal all about? How did it come to be? What is the motivation behind it? What are its pros and cons? Why are some people excited about it, some wary, some angry, and some afraid? As one of the writers of this proposal, I will delve into the details of the proposal, and try to answer all the questions above.

Typed JavaScript? For real? The “type annotations” proposal and what it’s all about

Senior JS Security Engineer, meet.js Poland community organizer

Being able to run someone else's code without the negative consequences is the ultimate supply chain security. What if I told you it's possible?

Limit access to globals for a package? Sure. Control if a package can access network or file system? Yup, that too.
And no more prototype pollution.

I'll start by replacing eval() with good(), get to TC39 proposals and then all the way back to what you can practically use right away!

Eval all the strings! - Hardened JavaScript

Founder/Engineer

Announcing Operator Framework, a FLOSS project backed by libuv and webkit that allows people to build lean and fast, lightweight apps for mobile and desktop. This is the successor to Electron and Phonegap, wrapped on into one framework with a simple DX that is a fraction the size of even Tauri or Neutrolinojs.

Node on mobile

Node.js TSC member, Fastify Lead Mantainer

Platformatic DB allows you to rapidly develop GraphQL and REST APIs on top of an SQL database (SQLite, PostgreSQL, MySQL and MariaDB). What’s special about it? Platformatic DB allows you to unleash the full potential of Node.js and Fastify whenever you need it - you can customise its behaviour by writing additional features and plugins. Bonus points: it automatically reloads without losing a single request.

In this workshop, we’ll develop a full stack web application using Platformatic DB and Astro - the Movie Quotes app!

Introducing the Platformatic DB

What's an ORM? An Object-Relational Mapping tool (ORM) is a library to map a SQL table to a Class. Most ORMs force users to structure their code into Model objects that include both data access and business logic.
Once upon a time, I did several projects using ORMs as I followed the common belief that those simplify the development and maintenance of projects. I was wrong. ORMs are often a hurdle to overcome for the most complex part of a project.
As the next stop of my journey, I recommended people to use the native languages of their databases, e.g. SQL. This works great for the most part but it creates quite a struggle: there is a lot of boilerplate code to write that can be quite tedious. I was wrong, again.
Today I'm presenting you something new.

I would never use a ORM

FullStack Engineer / Tech Lead

In this workshop we will make a smart webcam application with pre-trained Machine Learning models that runs on the browser, using the most popular Machine Learning framework for Javascript: TensorFlow.js

Intro to TensorFlow.js

Sr. Software Engineer 

One of the key concepts of Node.js is its modular architecture and Node makes it very easy to use a wide variety of modules and APIs from the community. But what about the modules and APIs that are part of Node.js core. Some of these are very familiar, like HTTP and Events. But what about those lesser known core modules that are just waiting to be used. This talk will Journey into Mystery as we explore some of the lesser known Core modules and APIs that Node.js has to offer.

Journey into Mystery: Lesser known Node Core modules and APIs

CTO at StreamLayer, Founder at Makeomatic

Growing your service from several thousand users to hundreds of thousands is often a painful, yet rewarding experience.
We’ll explore our journey in scaling Node.js based applications that provide gRPC for last mile communication, AMQP for inter-service communication and
interact with PostgreSQL, Redis & Clickhouse databases

You would learn about ways to achieve that scale: get to know tools & techniques used to identify and measure baseline performance,
be able to drill down to the root cause of specific performance issues, analyze them and make conscious decisions about ways to solve these problems.

Node.js and Serving Highly Dynamic Content to over 500.000 Devices in Near Real Time

RedwoodJS Co-founder

In this workshop, we’re going to have fun building a simple dynamic application using a workflow unlike anything you’ve done before with Node. Why? because we’ll use the RedwoodJS full-stack open-source framework. The app will consist of a React frontend and a GraphQL backend, including Prisma and Fastify. You’ll learn how to use Directives to transform data and Services to keep business logic organized and reusable. Redwood also comes with integrated authentication with RBAC (for both API and web), Jest tests (with mocks and scenarios), and Validations — we’re going to put all of them to work in our app.

You may ask, “How is all this possible in a 3-hour workshop?” Well, Redwood includes all these technologies out of the box. We’ll use CLI code generators to quickly scaffold boilerplate so we can get to work on features. Fas

Going Full Stack with RedwoodJS

Founder 

Learn how to develop apps in JavaScript for the Bangle.js 2 smartwatch, and use Web Bluetooth inside a bookmarklet to allow the watch to control or display information from an existing website, without having to modify it.

Integrate external hardware into your website

Writing useful code ... sometimes

Node.js is an incredible technology, it bring to us JavaScript on the server side. But even with such great promises, nothing is perfect and anything can be better when mixed with other cool techs.
Node.js is not the best way to handle heavy computation on the server side, but with Node-API you can now use and enjoy the power of 'the old' C++ and the shiny Rust in your favorite web server.
In this talk, I will show you some examples on why and how I implemented theses languages into some projects and feedback about this strange but interesting endeavor. Let's forget about JavaScript for a little time and see how we can appreciate something different

Heavy computation in Node.js with Rust

Learn how content addressed user-centric protocols like IPFS, DID, and UCAN will change the web, and how to build Node.js applications using them. The web3.storage team will share the latest APIs and walk you through building your own application data model. Start with DID-based self-sovereign auth, a great opportunity to learn about the next wave of digital identity, and write code to upload files as well as JSON objects. They'll discuss IPFS data structures like IPLD trees and graphs, and how they can be used in applications.

UCAN Build Apps with IPFS

Senior Software Engineer 

The Fetch API has been a favorite of front-end developers for many years. It has a rich history of providing a great developer experience for network requests. Bringing the Fetch API to the back-end has had an equally rich history, and as of Node.js v18 we can all finally celebrate; we made Fetch happen! This talk highlights the history of the Fetch API, the ideals of universal JavaScript, and the efforts and achievements of bringing it to Node.js and other JavaScript runtimes.

Making Fetch Happen

JavaScript Developer Advocate

Come learn techniques for bidirectional streaming over websockets and distributed state synchronization in a fully serverless environment with Cloud Pong, a fun retro nod to Pong, the 1970s iconic table tennis style arcade game with two paddles and a ball.
The talk walks through a fully serverless JavaScript implementation. The demo uses Cloud Run and Upstash, but attendees can apply the architectural and programming concepts to target other serverless environments that support websockets.

Developing a fully serverless distributed computing app

Software Engineer and UX Designer

This workshop provides an introduction into using a node application gateway as a central authentication and authorisation system for a suite of microservices.
Using OAUTH 2.0 and JWT tokens the node application provides a central location to manage user access and prevent redundant and repeated access check across multiple microservices.

Tom Maxfield

"Using Node as a central authentication and authorisation system for a microservice based application "

The speakers