Adding Automated Penetration Testing to Continuous Integration Pipelines Testing, particularly around security, is a core part of the ethos of all nearForm development teams. In many organisations, penetration testing can often happen just before a product first pushes to production, and periodically thereafter. Penetration testing is performed by external teams and is focused on finding…

ElasticSearch is a great technology for a wide variety of use cases from autocompletion to log management, and is likely to be part of your stack for many complex projects. In ElasticSearch, you put your data in indices. An index is a collection of documents, that shares the same mapping and settings. We have found that Index management can be hard to manage over time:…

In this article I’m going to be setting up an example network and deploying a transparent proxy to it. To make this repeatable and to show exactly how it can be deployed in AWS VPC, I am using Terraform. Terraform is an excellent tool for describing and automating cloud infrastructure. All of the terraform code…

At NearForm, we specialize in building practical software solutions for our clients. A part of designing and building a modern solution is making it secure. In today’s world where almost everything is connected and operated by computers, adding security on-top, as an afterthought no longer works. As software architects and engineers, we also focus on…

Why do developers skip writing tests for some code? Perhaps because it relies on the file system or an external API. Perhaps because we think it’s too difficult, or a test account to an external API is not guaranteed to be available. Perhaps it’s because an external API may not be accessible from the CI…

I am so excited to be able to release the new version of readable-stream, v3! For all of you that might not know, readable-stream is the most downloaded module on NPM, and part of practically any dependency chain of any JavaScript application. readable-stream is a userland port of the Node.js require(‘stream’) module, so that module authors could have a stable…

If you’ve not heard of Pino before, it’s a low-overhead, newline-delimited-JSON logger with close compatibility to Bunyan. The idea behind Pino is to provide the lowest overhead JSON logging possible in order to keep Node’s event-loop as free as possible to handle the most critical work, such as request-handling. For information on Pino, in general, see Pino –…

Building a Q&A machine learning model, for answering White House Press Briefing questions about Brexit, using Latent Dirichlet Allocation. Image: unsplash-logopalesa

Back in January, we announced the Node Clinic project and the first tool in Clinic, Doctor. After many intensive months of work by the team, we’re more than a little excited to announce Clinic Bubbleprof! Bubbleprof has a unique new approach to profiling your Node code so that you can visualise exactly where and how that code is busy….

How Web Push Notifications can help increse the user engagement in PWAs