Author: shiya

There are lots of tutorials written to teach people how to use popular Node modules to handle routes and creating http servers, like Express or Koa. We all get too spoiled by the easiness of Node packages that we forget how easy to use Node core functions are. It’s tempting to import a library for every functionality we want to implement, but we should step back and think if that’s really what we need.

One of the main use cases for using only native modules is tests. Each test case is written for one scenario only. The code does not need to be extensible, because it’s not exported to anywhere else. The DRY (don’t repeat yourself) rule don’t apply to tests. You want to repeatedly test every scenario using slightly different case.

Packages like Express can handle a lot of cases for you, like taking in different types of routes, makes it easy to handle errors and then some. This makes the development process much faster but for tests these benefits irrelevant. A lot of things can happen because it depends on so many modules. I’ve run into many cases when there is a vulnerability found in a package that’s a submodule of a submodule of a submodule of a very reputable and well-maintained module, and our CICD process fails for a couple of days before we can put a patch in the module in question. The last thing a developer wants to fix in a failing test is the test itself.

In my experience, Node core is much more stable than any other node modules. It’s a very rare scenario that Node itself would break something and a library picks up the slack, which has been my experience following contributors of Node core and when they hear the needs of users and module developers regardless if they’re independent devs or large companies.

There’s also nothing worse than jumping into a big Node.js codebase where there are packages that’s 3.2M and only ~30 lines of code is used. Although, another bad practice is to write your own implementation for functionalities that have been well established by commonly used modules, and leave it poorly documented or tested. It’s a balance, and you as an engineer have to decide what to do based on your scenario.

tl;dr

1. Use only native node modules in tests
2. Node core is much more stable
3. Reduce node_module size

Without further ado, here’s a snippet I always use to serve up pages quickly.
Continue reading Using the Native Node http Module to Start a Node Server, When and Why

Try the live demo of the working tutorial.

3-legged authorization(OAuth) is the “Login with XXX” button you see everywhere. It’s a login protocol that lets the authentication provider authorize your application with the permission of the user. It redirects users to a new page, signs in, and approves the use of the user’s data. Some companies provide SDKs to make the process easier like Google and Facebook login, but if you learn the general process once, you can implement this for any API that requires 3-legged authentication.

Instead of implementing OAuth yourself, there are lots of frameworks out there like Passport.js or paid services like Auth0 for you to use in a production application. This post is intended to be a tutorial so you can learn it and not be too frustrated with the process.

Since the most popular APIs like Google and Facebook already provide custom SDKs, I’ll use GitHub’s OAuth API because it doesn’t have an officially recommended SDK. Their API doc page is very succinct, so if you’re already a seasoned Web developer, just head over to their site and read their guide instead.
Continue reading How to do 3-legged OAuth with GitHub, a general guide by example with Node.js