►
Description
KEYNOTE: State of the Union: node.js - Rod Vagg, NodeSource
A
A
Thankfully
diving
into
the
details
and
the
numbers
I
don't
need
to
do
any
fudging
or
spinning,
because
all
the
metrics
were
collecting
a
really
healthy.
Things
are
looking
really
good,
I'm
super
confident
about
node,
and
particularly
after
compiling
these
details,
even
more
so
than
this
time
last
year.
So
things
are
going
great
for
node
and
I'm,
so
I'm
gonna
run
through
some
of
the
reasons
why
you
should
think
so
too.
So,
first
of
all
the
node
union.
What
are
we
talking
about?
A
We
stay
in
the
Union
I'm,
not
from
America,
so
we
don't
have
State
of
the
Union
speeches.
So
let
me
define
this
what
it
means
to
have
a
node
Union.
Now
we
have
the
node
Foundation,
which
is
organizer
of
this
event,
and
it's
this
strong
coalition
of
all
these
companies
there's
nearly
30
companies
in
the
node
foundation.
Eight
of
them
are
platinum.
A
Most
of
those
have
contributed
sizable
amount
of
money
to
run
this
foundation
to
kick
things
off
and
then
there's
19
silver
companies
in
that
as
well,
and
they
participate
in
governance
of
the
this
is
a
central
meeting
point
of
the
other
node
ecosystem,
and
alongside
that,
we
also
have
this
technical
group
and
at
the
peak
of
a
technical
group,
what
we
call
the
collaborators.
These
people
have
commit
access
to
the
node
repo,
the
core
node
repository
and
there's
currently
90
people
in
that
list.
A
So
90
people
have
commit
access
to
know,
jeaious,
slash,
node
they're,
not
all
active.
There
you'll
see
some
faces
on
there
that
haven't
been
around
for
a
little
while
so
in
terms
of
active
people.
If
we
looked
at
just
just
the
people
that
have
made
commits
to
no
call
in
the
lis
in
this
line
this
year,
we
get
down
to
248.
That
number
is
a
bit
bigger
when
you
consider
the
number
of
people
that
are
also
commenting
and
doing
things
in
github
they're.
A
An
important
group
I
just
wasn't
able
to
get
good
numbers
on
that
too,
to
make
this
group
larger,
but
forty-eight
active
people
in
that
collaborator
group.
It's
always
growing.
New
people
are
being
added
in
almost
every
week.
It's
a
great
group
of
people
to
be
involved
with
too
I
really
enjoy
this
state
of
the
whole
community.
So
this
is,
let's
focus
on
the
community
around
no
call.
A
This
is
not
community
in
the
sense
of
being
is
large
ecosystem
talking
purely
about
core
community
and
it's
quite
hard
to
define
what
do
you
mean
by
community
when
you
start
getting
outside
of
core
cuz
notice,
just
so
massive?
But
when
we
talk
about
the
core
community,
it's
a
bit
easier
to
contain
and
measure.
So,
let's
look
at
some
proxy
measurements
for
the
size
and
the
activity
and
the
health
of
their
community.
So
I'm
going
to
be
showing
a
bunch
of
graphs
and
numbers
through
this
talk.
A
Most
of
them
are
not
useful
on
their
own
they're,
mainly
proxies
for
other
measurements.
So
when
do
we
put
them
all
together,
they
give
us
a
good
picture
of
how
well
note
is
going
and
then
the
kinds
of
things
that
we
monitor
over
time
to
understand
and
improve
and
to
find
places
where
we
know
we
can
get
better.
A
So
this
this
graph
here
is
comparing
2005
to
2016
the
number
of
total
contributors
over
time
over
the
whole
length
since
2009,
when
node
style
and
how
many
people
have
made
commits
that
are
in
the
node
repository
and
the
node
get
a
repository,
so
that
obviously
increases
over
time.
It's
always
going
to
increase
it's
easy.
A
The
interesting
thing
you
know
about
this
graph,
though,
is
that
it's
actually
increasing
at
a
accelerating
rate,
so
that
is
the
the
gap
between
those
two
lines
is
increasing
over
time
and
we
can
see
that
by
breaking
them
down
into
some
different
metrics,
the
unique
contributors
per
month.
So,
every
month,
if
you
take
a
a
month
isolated
month-
and
you
count,
the
number
of
unique
individuals
that
have
contributed
code
in
that
month
is
increasing
over
time.
A
So
every
node
release
is
put
together
by
an
increasing
number
of
people
over
time,
and
this
is
a
great
metric
to
understand
how
many
people
are
collaborating
around
this
bass
and
remember
here
that
the
note
Co
bass
is
not
huge.
We
have
this
small
coil
philosophy,
it's
not
about
you
know
putting
more
and
more
things
into
it.
It's
about
refining
it
and
perfecting
it
and
then
so.
A
lot
of
people
are
collaborating
on
this
new
people.
A
This
you've
heard
this
from
a
number
of
people
at
this
conference,
but
one
of
the
values
that
we
set
up
with
the
new
foundation
was
we
wanted
to
be
inclusive.
We
wanted
to
be
welcoming
as
a
community
and
to
do
that
as
a
core
community.
There's
a
number
of
ways,
we've
heard
about
:
loan
and
other
initiatives
and
and
you'll,
hopefully
be
hearing
more
from
from
Tracy
on
the
next
talk
as
well
about
how
we
can
continue
to
do
that.
A
It's
something
that
we
focus
on
and
we
try
and
do
better
over
time
and
the
numbers
are
telling
us
that
things
are
going
pretty
good,
because
in
terms
of
agreeing
to
compare
this
year
to
last
year,
we
have
twice
as
many
per
month
new
people
contributing
to
the
code
base
as
2015
200%,
which
is
extremely
encouraging
number.
You
can
see
there,
the
September
numbers,
it
was
a
quite
a
blip
there
and
that
was
I
think
largely
due
to
the
code
and
Loan
activities
in
node,
interactive
Hamsterdam.
A
So
there's
a
lot
of
activity
there
and
the
unique
contributors
month
is:
that's
one
point
five
times
the
number
I'm
in
2015,
so
things
are
looking
pretty
healthy.
This
is
accelerating
in
terms
of
top
contreras
shout
out
to
these
people.
There's
three
of
these
people
in
the
in
the
room
today,
I
think
so
rich
trot
is,
is
actually
at
the
moment
by
father.
A
A
A
These
people
are
all
on
the
the
node
CTC
as
well,
which
is
a
pretty
common
pattern
that
they're
the
most
active
people,
the
people
that
are
contributing
a
lot
of
code
that
are
there
to
help
guide.
The
project
tend
to
be
get
raised
up
to
the
CGC
pretty
easily.
The
interesting
thing
about
this,
though,
is
this
is
not
about
making
celebrities
out
of
coders.
A
That's
not
something
that
we're
really
that
interested
in
and
it's
not
that
healthy
either,
and
what
we
want
to
do
here
is
is
have
more
of
these
people
and
if
you
look
at
the
numbers
and
see
the
share
of
work
done
by
those
top
contributors
is
decreasing
over
time,
which
means
the
long
tail
is
actually
getting
further.
So
in
2016
52%
of
the
commits
we're
done
by
the
top
contributors,
the
top
10
contributors
this
year
that
numbers
down
to
46,
so
two
more
of
the
work
is
being
done
by
that
at
long
tail.
A
A
A
Our
preface
this
by
saying
that
note
chorus
is
fairly
strict
about
its
idea
of
churn,
so
you
can't
just
get
a
comedian
that
just
shuffles
things
around
I'm,
even
if
that
might
make
slightly
nicer
code,
it
has
to
be
justified,
so
is
not
appreciated,
but
we
do
get
occasional
churn
with
with
something's
coming
in
overtime.
So
it's
not
a
it's.
Not
needless
churn
going
on
here
commit
sir.
You
know
packaged
together
when
they
can
landed.
A
Where
rich
does
a
lot
of
work,
that's
very
active
over
time
and,
interestingly,
the
main
source
code
of
node,
the
stuff
in
in
the
source
directory
and
the
Lib
directory
the
things
that
compiled
down
into
the
node
binary
it's
actually
fairly
stable
over
time.
So
you're
not
seeing
a
huge
amount
of
bloat
going
on
there
and
so
I
think
these
are
really
encouraging
details.
A
It's
Lalla
coding
in
those
kibbutz
37%
of
the
JavaScript
and
C++
code
was
changed
in
that
source
in
2016
that
might
sound
like
Cho
him,
but
it's
and
he's
absolutely
not
shown
yeah.
It's
a
pretty
raw
measure,
because
git
is
not
great
at
measuring
actual
changes,
but
in
terms
of
the
lines
of
code,
30-some
percent
were
touched
in
node
core.
A
A
58
percent
of
the
code
in
the
test
directories
changed
that's
massive
in
in
a
year
for
a
project
that's
been
around
for
so
long
and
227
new
unit
to
unit
test
files
were
added
and
it's
23
percent
increase.
The
the
state
of
testing
in
the
core
is
doing
amazing
in
2016
we're
getting
a
much
more
solid
test
framework
test
coverage.
Now
this
is
only
a
new
measure.
We've
got
thanks
to
honor
contributed
this
one.
A
We
have
coverage
nodejs
dog,
which
you
can
go
to
its
run
every
night
to
look
at
our
code
coverage
during
the
year.
It
roughly
increased
from
85%
to
89%,
so
code
coverage
is
something
that
we're
tracking
as
well.
It's
not
a
great.
It
doesn't
tell
us
that
we
are
measuring
all
the
way
people
use
node,
because
we
are
consistently
surprised
with
where
we
get
reports
for
things
that
have
broken
or
things
that
aren't
working
quite
right.
We're
consistently
surprised
the
way
that
people
are
using
node.
A
So
it's
a
challenge
for
us
to
constantly
keep
up
with
understanding
how
the
massive
user
base
is
applying
node
and
making
sure
we
test
and
understand
those
as
you've
heard
I
think
come,
throw
that
these
laughter
last
few
days.
That's
something
that
we're
trying
to
do
and
the
docs
again
90%
of
the
lines
in
the
API
documentation
were
changed.
A
This
is
something
that's
been
a
problem
for
node
for
its
whole
life
and
it's
one
of
the
the
biggest
black
holes
I
think
in
terms
of
nodes
features
in,
and
we
hear
it
all
the
time
that
nodes
hard
to
debug
it's
hard
to
inspect
it's
hard
to
understand
the
asynchronous
programming
model
and
the
available
who
process
actually
makes
it
quite
difficult
to
diagnose,
to
see
where
your
programs
at
what
it's
done
and
how
things
are
tracking
over
time.
But
we're
seeing
a
lot
of
work
in
this
area.
A
A
It's
not
Chrome
specific
and
you
can
deeply
inspect
and
debug
node,
while
it's
running
using
the
inspector
currently
experimental,
but
going
so
well
that
that
the
experimental
status
will
probably
come
off
soon
and
that'll
be
an
official
feature
and
the
old
debugger
may
actually
find
myself
going
away
because
it's
not
well
maintained-
and
this
is
so
much
better
I-
think
hooks,
which
was
previously
known,
as
hasten
grap,
easy,
node,
four
and
six
and
seven
it's
just
not
an
official
feature.
Yet
it's
still
tagged
experimental.
A
This
is
being
finished
up,
documentation
being
worked
on
as
we
speak,
and
this
will
allow
people
deep
insight
into
the
event
loop
accident
currents,
activities
that
are
happening
really
low-level
hooks,
but
they
should
enable
an
ecosystem
of
tools
to
build
on
top
of
them
and
do
some
creative
things
across
those
event.
Boundaries
and
v8
trace
events
is
a
currently
a
pull
request
in
core.
This
is
hooking
into
the
tracing
API
that
comes
with
v8,
the
Chrome
in
chrome.
A
That's
similar
to
you
might
have
seen
dtrace
those
sort
of
tools,
but
in
a
slightly
higher
level
at
the
at
the
the
node
level,
rather
than
system
level,
and
so
there's
some
interesting
tooling
in
a
commander
that
I
think
and
well
note
is
another
great
project
started
by
a
few
door.
It's
a
ll
DB
plug-in
that
lets.
You
use
ll
DB
to
debug
JavaScript
code,
not
just
just
a
C++
but
JavaScript.
You
can
expect
that
and
use
the
low-level
debugger
and
node
reports.
Another
one,
that's
coming
to
the
core
ecosystem.
A
It
allows
you
to
get
some
diagnostic
reporting
about
to
behavior
and
of
you
know,
an
application.
That's
topic
that
so
many
people,
love
is
JavaScript
over
time.
We
are
obviously
you
know:
v8
is
chasing
the
feature
set,
and
so
are
we
by
Brock
C
in
node
version,
6
and
onwards.
We
have
97
percent
of
es6
covered
unflagged.
A
You
can
get
99
percent
by
handing
some
harmony
flags,
wouldn't
really
advise
that
in
production,
though,
because
they're
not
quite
ready
and
version,
seven
of
node
boosts
a
seventh
Ward
up
to
fifty
five
percent
and
including
in
that
is
the
async/await
which
everyone
111
with
a
lot
of
people
came
for.
I
think
wait
is
in
is
in
that
version
of
V
April's
behind
a
flag.
It
may
be
coming
soon
to
version
seven
and
on
their
topic,
we're
gonna
have
increased
v8
upgrades
during
nodes
lifetime.
So
this
is
the
change
of
policy
and
noted
core.
A
Normally
we
would
in
the
past
we
would
have
waited
for
a
major
version
to
bump
a
major
version
of
the
game.
That's
to
maintain
stability
of
your
add-ons,
but
we've
decided
that
if
we
can
upgrade
v8
will
maintain
the
stability
of
your
add-on.
So
you
don't
have
to
recompile,
then
we'll
do
it.
So
we
have
a
currently
q--
version:
5.5
a
v8
waiting
to
go
into
node
version.
A
Seven,
there's
still
some
things
we're
discussing
there,
but
we,
you
will
see
increased,
we
go
upgrades
over
time
and
they
will
happen
during
the
lifetime
of
a
major
version
and
another
great
topic.
Collaboration
with
tc39
is
improving,
since
we
don't
own
a
vm,
we
don't
have
a
natural
voice
there,
but
we
have
a
number
of
member
companies
and
heavy
node
using
companies
that
are
on
tc39
the
discover
that
are
discovering
that
it's
in
their
interest
as
well
to
advocate
for
node,
and
we
also
have
some
specific
node
representation,
including
bradley,
make
who's
here
as
well.
A
You
may
have
seen
his
talk.
Apparently
mech
has
been
doing
champion
work
on
his
hiest
modules.
He
did
a
talk
about
that
a
bit
earlier
and
he's
he's
representing
GoDaddy
on
tc39,
but
GoDaddy
is
actually
sponsoring
that
seed
so
that
he
can
advocate
on
behalf
of
nodes,
pacifically
and
James
Neil
I
think
he's
gonna
be
joining
tc39
on
behalf
of
IBM.
To
do
the
same
thing,
so
we
have
now
no
dedicated
node
representation
on
1639
and
will
be
contributing
to
the
future
of
JavaScript
state
of
releases.
How
do
we
go
with
releasing?
A
Well,
we
have
a
lot
of
releases
in
2016
63
different
releases
and
they
were
done
by
seven
different
people.
So
it's
not
just
one
person
gating
this
thing
we
actually
have
a
crew
of
dedicated
release.
Managers
that
are
is
authorized
by
the
CTC
and
with
63
releases
came
out
across
our
multiple
release
lines.
We
managed
some
key
ones
in
there
highlighted
and
the
style
of
version.
Six
happened
in
April.
The
last
release
of
version.
A
Five
happened
in
June,
so
if
you're
still
on
version
five
like
a
lot
of
people,
are
you
really
need
to
get
that
off
that
the
last
release
of
version
zero?
Ten
will
happened
in
October?
Quite
painful
I'll
talk
about
that
in
a
minute.
The
switch
to
LTS
for
version
six
health
so
happen
in
October.
So
now
version
six
is
about
two
main
relief,
LTS
branches
and
the
start
of
versions.
Haven't
happened
also
have
been
in
October.
So
that's
a
current
release.
A
Oh
man,
how
they're
being
used
well,
we
didn't
really
have
an
increase
in
the
number
of
releases
over
time.
So
when
we
look
at
the
downloads
from
nodejs
org
there,
it's
not
an
increase
because
there's
more
releases,
it's
an
increase
because
there
are
more
people
downloading
node.
The
difference
between
2015
and
2016
is
two
hundred
and
twenty
percent.
So
one
of
the
metrics
that
we've
had
since
the
beginning
of
the
foundation
was
that
node
is
growing
at
the
pace
of
increase
very
two
times
every
year.
A
We
can
see
that
one
of
the
most
interesting
things
there
is
that
version,
six
actually
overtook
version
four,
and
you
can
see
in
that
graph
because
it's
their
monthly
aggregates
but
version
six
overtook
version
for
the
week.
Then
it
became
LTS.
So
there
was
some
a
few
weeks
ago,
but
now
version
six
is
the
most
downloaded
version
of
known
with
versions
for
behind,
but
but
they're
you
know
crossing
over.
So
a
lot
of
people
are
doing
that
migration
version.
Zero
twelve
is
still
around,
but
it's
it's
decreasing
over
time
and
a
fairly
consistent
rate.
A
So
we
would
expect
to
see
that
phase
out
I
think
a
lot
of
people
that
jump
to
version
1204
whole
have
been
fairly
confident,
upgrading
to
version
four
version.
Zero
team
is
still
hanging
on
it's
decreasing,
but
not
as
the
best
hustle
rate,
as
some
of
us
will
hope.
I
wasn't
entertaining
I'm,
calling
our
it
our
Windows
XP
0
10
was
a
really
good
release
of
note.
I
mean
that
was
that
was
at
a
time
when
a
lot
of
us
saw
known
as
being
ready,
I
suspect
a
lot
of
people
who's
written.
A
That
felt
the
same
way
that
it
got
to
this
point
where
it
was
something
that
you
can
use
seriously.
People
were
taking
note
seriously.
The
code
base
was
fantastic,
contribution,
levels
were
awesome,
everything
was
maturing,
0/10
was
a
fantastic
release,
and
people
continue
to
think
that,
unfortunately,
a
solid
upgrade
failed
to
materialize.
For
a
long
time.
In
the
case
of
Windows
XP,
we
can
sort
of
write
off
Windows
ma
as
people
held
off.
It
was
a
long
time
coming
before
people
had
a
confident
upgrade.
We
know
it's
the
starting
node
0:10.
A
In
that
way,
three
is
really
until
we
had
souls
alternatives,
so
he
got
entrenched
and
then,
when
we
got
those
alternatives
in
the
form
of
zero,
twelve
and
there's
some
problems
with
zero.
Twelve,
a
lot
of
people
opted
not
to
adopt
it,
and
the
version
four
in
particular
was
quite
a
big
jump
for
a
lot
of
people,
and
so
it
wasn't
as
smooth
as
a
lot
of
people
would
like
in
hub
creating.
So
it's
been
difficult,
so
they're
a
ten
still
around
he's
not
officially
supported.
We
cannot
continue
to
support
zero.
A
Ten
anymore,
particularly
the
version
of
OpenSSL,
is
too
old
and
we
have
to
draw
a
line
somewhere.
So
to
look
at
those
lines.
He's
our
release
plan
you'll
notice.
That
0
tends
not
on
there
anymore
he'd
finished
in
October,
so
it's
it's
dropped
off
the
list.
There
will
be
no
more
releases
for
zero.
Ten
officially
from
the
project,
you're
welcome
to
take
the
codebase
patch
it
in
any
way
you'd
like
and
use
it
is
there
there's
no
problem
doing
that.
0:12
is
going
to
in
at
the
end
of
this
year.
A
The
support
is
going
to
cease
and
one
of
the
important
points
there
is
that
open
SSL
version
one
zero
one
which
is
in
both
node
0
10
and
node
0
12
he's
also
ceasing
support.
So
not
only
will
you
get
no
support
from
the
from
the
official
no
project,
but
you
don't
even
get
open
SSL.
So
this
it's
just.
It's
not
a
good
idea
to
be
on
those
branches,
as
time
goes
on
version
five
ended
long
ago.
If
you
don't
get
the
memo,
a
lot
of
people
still
downloading
it.
A
These
odd
release
numbers
are
only
supported
for
six
months,
and
then
they
get
an
extra
two
months
of
maintenance,
really
where
we
will
still
release
patches
for
them.
So
in
June
this
year,
version
5
stopped
being
supported
and
version.
7
is
on
the
way
as
well.
It's
only
got
7
months
to
live
and
then
you'll
no
longer
be
supported.
So
those
those
odd
numbers
are
not
where
you
want
to
be
so
we
want
to
be.
If
you
want
stability,
I
don't
know.
A
Actually,
if
you
want
to
have
the
latest
and
the
greatest
and
participate
in
the
active
development
of
node
version,
7
is
great.
It's
a
great
choice.
It's
solid.
We
are
confident
in
every
release.
We've
won
out,
but
if
you,
if
you're
in
a
particularly
large
company-
and
you
do
stability
over
everything,
the
LTS
branch
is
anywhere.
You
want
to
be,
and
you
can
see
here,
we've
got
two
of
them
at
the
moment
and
they're,
both
inactive
LTS,
so
we're
actively
doing
releases
and
putting
committing
to
them.
A
We
have
argon
version
six
and
boron,
which
is
our
version.
Sorry
Huggins
version
four
porins
version.
Six
and
soon
we
will
version
note
version.
Eight
will
come
out
and
turn
into
LTS
after
six
months,
and
it
will
have
a
code
name
starting
with
C,
so
stay
tuned.
For
that
one
and
you'll
see
that
there's,
like
quite
a
large
overlap
window
between
those,
so
you
actually
have
a
lot
of
latitude
to
plan
your
map
migration
strategies.
If
you
are
using
node
in
a
large
environment,
you
need
to
have
a
migration
strategy.
A
You
need
to
know
when
you're
going
to
start
and
finish
your
migration
between
these
versions,
so
you
don't
get
stuck.
Thankfully,
the
Delta
between
each
of
them
is
actually
fairly
small,
going
from
version
four
to
version.
Six
is
fairly
painless.
Very
few
deployments
are
going
to
experience
pain
there.
Most
of
them
will
actually
experience
joy,
just
so
quickly,
I
think
my
times
up,
but
quickly
runs
through
state
of
the
build.
This
is
one
of
my
favorite
areas,
because
I
do
a
lot
of
work
here.
A
How
build
resources
are
we're
really
proud
of
this
and
for
good
reason?
We
have
donated
resources
from
the
companies
listed
here,
particularly
digitalocean
and
Rackspace,
who
have
been
with
us
from
the
beginning,
donating
resources.
We
don't
pay
for
these
things,
but
they
give
a
sizable
donations
and
we
continue
to
thank
them
because
we
use
a
lot
of
their
resources
for
our
testing
and
release
infrastructure
following
up
close
behind
that
Microsoft
Azure
joint,
particularly
after
the
acquisition
of
Samsung,
have
really
stepped
up
their
contributions
to
no,
it's
been
fantastic
and
IBM
as
well.
A
We
have
Gloucester-
and
this
is
a
this-
is
a
large
chunk
of
our
arm
customers,
because
cluster
it's
in
one
place,
because
these
things
are
hard
to
come
by
in
terms
of
infrastructure
as
a
service.
So
you
can
see
here.
We've
got
banks
of
rather
different
versions
of
raspberry
PI's.
We
got
some
other
different
arm
devices,
including
some
version
8
I'm
64
machines
on
the
Omni
in
there
we've
got
some
other
arm
resources
a
little
located
elsewhere,
but
this
one's
home.
A
We
run
this
from
one
location
and
a
lot
of
those
resources
just
saw
there
are
contributed
by
individuals
there,
a
few
companies
in
this
list,
but
mostly
we
do
these
donation
drives
and
we've
had
individuals,
contribute
and
I
like
cows,
counting
before
the
presentation
I
think
there
are
seven
people
on
this
list
who
are
here
with
us.
If
you
donated
and
you're
on
this
list,
you'll
put
your
hand
up.
A
And
so
we're
they've
actually
got
their
names
little
sticker
on
each
of
these
nodes
and
they're
also
identify
honey
now
cluster,
so
you
can
see
whose
machine
you're
running
on
it's.
So
it's
a
big
cluster,
it's
configured
to
run
a
test,
node
libuv
v8
and
also
do
smoke
testing
using
Sikkim,
which
you
might
have
heard
from
miles.
There's
a
hundred
and
forty-one
different
build
tests
and
release
nodes
connected
full-time
to
this
cluster.
A
We
have
25
different
operating
systems
and
versions
of
those
operating
systems,
not
everything
that
we
that
node
runs
on
is
supported
here,
but
it's
expanding
over
time.
Any
different
architectures
vary
represented
here
and
across
10
different
hosting
providers
they're
highly
parallelized
for
some
of
this
slower
platforms
that
we
test
on
particularly
arm.
When
you
run
a
test
suite
in
node,
it
runs
across
six
raspberry
PI's
at
a
time
for
those
three
different
generations
of
raspberry
pi.
So
we
can
get
it
done
quicker.
A
Every
commit
is
fully
tested,
I
think
goes
into
core
unless
has
been
fully
tested.
Every
release
is
fully
smoke
tested
across
a
batch
of
ecosystem
libraries
from
NPM
just
quickly.
Now
last
topic
is
native
security.
Our
security
processes
are
firming
up
over
time
and
we
expect
these
to
be
more
rigorous
with
the
formation
of
a
new
security
working
group.
We
receive
reports
but
to
this
email
address
security
at
node
s,
that
all
guess
where
we
try
and
funnel
all
of
our
reports
to,
if
you
have
something
you
think,
is
a
security
bug
in
node.
A
That's
where
you
need
to
send
it.
It's
also
the
only
email
address
on
the
website,
I
think
so
we
get
some
interesting
emails
there
as
well.
There's
a
private
group,
including
the
CTC
and
against
them,
and
a
number
of
other
domain
experts
who
review
a
lot
of
these
things
that
can't
be
fixes
or
policy
regarding
them
and
then
do
something
about
it.
We
provide
as
much
notice
as
we
can
via
the
no
dialogue
website,
via
the
blog
there,
and
also
a
node.js
tech
mailing
list,
which
you
should
be
subscribed
to.
A
If
you
want
to
be
notified
of
releases
of
security
releases,
once
we
put
out
releases,
we
do
full
disclosure,
you
don't
hold
anything
back.
Release
comes
out
with
disclosure
of.
What's
what's
going
on
so
that
you
can
make
a
full
analysis?
Lts
release
mine's
only
received
minimum
changes,
who,
if
you
are
say
on
node
version,
4
6
0.
We
had
a
security
release
come
out
of
there.
We
didn't
add
anything
else,
but
those
fixes
for
security.
So
you
have
maximum
assurance
that
you
will.
A
A
The
lion's
share
of
those
were
open
SSL,
but
you
know,
makes
open
SSL
look
bad,
but
most
of
them
didn't
impact
node
because
they
are
older,
ciphers
or
things
or
they
just
didn't
impact
things
that
node
was
using,
but
there
are
a
few
in
there
most
of
them.
Weren't
very,
very
critical
at
all.
Https
continues
to
be
a
ripe
source
of
vulnerabilities
in
core,
largely
to
do
with
HTTP,
spec
and
they're
now
relaxed
handling
of
it.
So
that's
another
thing:
we're
gonna
be
focusing
on
over
time
is
improving
HTTP.
A
Tighten
it
up,
make
sure
that
we
stop
seeing
these
security
issues
being
coming
out
and,
lastly,
the
node
security
project.
As
you
heard,
this
is
being
donated
to
the
node
foundation
by
lift
we're
starting
a
working
group
public
work
group
to
talk
about
how
to
integrate
this
into
core
o
speed
to
the
core
technical
activity.
It'll
include
professionals,
including
lift
security,
Adam,
Baldwin
and
others
other
other
people
that
are
just
interested
in
security.
So
you
can
go
to
the
down
the
bottom.
There
there's
a
security,
don't
be
daft
or
ug.
A
You
can
go
to
and
put
your
name
down.
If
this
is
a
topic.
You're
interested
in
this
group
will
facilitate
the
healthy
ecosystem
of
security
service
and
end
product
providers.
It's
not
there
to
replace
that
ecosystem.
We
expect
to
see
lift
security
and
sneak
and
all
these
other
companies
that
are
building
products
and
services
around
security
to
thrive,
and
this
is
what
the
working
group
will
focus
on
not
replacing
what
they
do
just
augmenting
it,
and
it
also
bring
more
rigor
to
our
processes.
A
We
don't
have
our
current
process
as
well
document
documented,
and
there
are
single
points
of
failure
in
terms
of
people,
so
we're
gonna
improve
that
they're,
not
gonna.
This
group
is
not
gonna,
be
responsible
for
handling
private
security.
Disclosures
so
don't
decide
life
expecting
to
have
access
to
all
of
these
gory
details
about
those
vulnerable
to,
but
it's
gonna
be
handling
some
of
the
processes
there
and
deciding
how
we
do
that,
then.
That's
it
for
me,
and
thanks
very
much
for
listening
and
thanks
for
coming
to
node,
interactive
and
thanks
for
the
organizers
as
well.