Notes from Node.js Interactive: Node.js VM-neutrality, the Node.js security project, and NodeSource NSolid 2.0

The Node.js Foundation is continuing its mission to make Node.js VM-neutral. The foundation announced major milestones toward allowing the solution to work in a wide variety of VMs at the Linux Foundation’s Node.js Interactive conference this week.

According to the foundation, VM-neutrality will allow Node.js to expand its ecosystem to more devices and workloads, such as the Internet of Things and mobile devices. Other benefits include developer productivity and standardized efforts.

As part of VM-neutrality, the foundation has announced that the Node.js API is now independent from any changes in V8, the open-source JavaScript engine. “A large part of the Foundation’s work is focused on improving versatility and confidence in Node.js,” said Mikeal Rogers, community manager of the Node.js Foundation. “Node.js API efforts support our mission of spreading Node.js to as many different environments as possible. This is the beginning of a big community web project that will give VMs the same type of competition and innovation that you see within the browser space.”

(Related: What’s in Node.js 6.0)

In addition, the foundation revealed the Node.js build system will start to produce nightly builds of node-chakracore, allowing Node.js to be used with Microsoft’s JavaScript engine, ChakraCore.

“Today, there is a proliferation in the variety of device types, each with differing resource constraints,” wrote Arunesh Chandra, senior program manager for Chakra, in a blog post. “In this device context, we believe that enabling VM-neutrality in Node.js and providing choice to developers across various device types and constraints are key steps to help the Node.js ecosystem continue to grow.”

The Node.js Foundation also announced plans to oversee a Node.js security project at the conference, which is designed to detect and disclose security vulnerabilities in Node.js. According to Rogers, the foundation will allow security vendors to contribute to its common vulnerability repository.

“Given the maturity of Node.js and how widely used it is in enterprise environments, it makes sense to tackle this endeavor under open governance facilitated by the Node.js Foundation,” said Rogers. “This allows for more collaboration and communication within the broad community of developers and end users, ensuring the stability and longevity of the large, continually growing Node.js ecosystem.” A Node.js security project working group will be established as part of the Node.js Foundation.

In other Node.js news, enterprise Node company NodeSource announced it is expanding its production toolset with NodeSource Certified Modules and the release of NSolid v2.0. NodeSource Certified Modules is designed to provide security and trust to third-party JavaScript solutions. The solution verifies trustworthiness through the NodeSource Certification Process, and it ensures a stable, reliable and secure source.

NSolid v2.0 is the latest release of the company’s enterprise-grade Node.js platform, and it features automated error reporting, real-time metrics, built-in security features, CPU profiling, and performance monitoring.