Do you like AI, but hate sharing data? What if I told you all the fun of Large Language Models like ChatGPT is available quickly, locally, and privately? With Langchain JS, an open-source framework for developing applications powered by language models, this dream becomes reality!
In this workshop, you will go from zero to hero by learning how LLMs and Langchain work and then we will build a node.js app bringing together your data with publically available LLMs - while also preventing your data and responses from going through third parties & keeping your data private.
Have you ever written an object literal and wanted to know how you can extract types from it? Ever wondered how Zod.infer works? Wonder no more! We will build the types for a rich Zod-like schema validator from the ground-up, leveraging the full range of TypeScript advanced types. We will cover mapped and conditional types, as well as other advanced patterns. By the end you will be a true TypeScript expert!
Have you ever thought about the carbon footprint of your Node.js or JavaScript app? If so - Nice one! Let’s push it further. If not, our workshop provides a starting point for you! We give a short intro about the carbon footprints of humans, clouds, and apps / packages. We explore some open codebases with the focus: how they can be made be more sustainable at scale. We analyze them via CodeQL, find potential sustainability-blockers and show how to “decarbonize node”.
Malicious code is out to get you. Can you keep your app working as expected and hold on to your secrets? Come to this workshop and try! The entire workshop will be delivered as bite-sized hands-on exercises where increasingly advanced threats are presented and you get to defend.
We'll explore techniques allowing cooperation with packages that intend to steal your secrets and mess with built-in functionality of JavaScript via prototype-poisoning.
Preparation for Training
In this workshop you're going to learn about many strategies to get to 100% test coverage when working with Node.js projects. Learn how to make sure that one edge case can be successfully asserted or how to catch that unexpected error that should never really happen in production.
You can also expect to be introduced to new Node.js test frameworks including the recent built-in test runner.
If you’re a JavaScript developer, chances are, you’ve heard about TypeScript. In this talk, I want to share an alternative approach to incrementally enable type-checking without all the tooling.JSDocs allows you to can introduce type-checking into your project bit-by-bit as it makes sense. You can stick to working within JavaScript projects, or adopt TypeScript syntax when and were it makes sense for you and your team.I break it into four stages:- Enabling type-checking in a JavaScript file- Enabling type-checking in a whole JavaScript project- Integrating type-checking into CI/CD Pipeline- Generating type definitions for Open-Source Libraries
Key/value (KV) data stores like Redis, Cloudflare KV, and Deno KV provide a fast and flexible database option for web apps, without having to take on the complexity of SQL or document databases. In this session, we'll explore the differences between different KV databases, examine use cases where KV databases might be a better choice over other database types, and demonstrate how to efficiently work with KV databases in JavaScript and TypeScript. You can expect a mix of presentation and hands-on activities, so make sure to bring your laptop with you and expect to write some code!
Promises and async/await are the right way to work with asynchronous code in Node.js. They're also both the easiest code constructs to introduce bugs with - and can be some of the hardest code to debug. We'll walk through:
- Refactoring pre-Promise callback hell to Promises
- Refactoring pre-async/await Promises to async/await
- Debugging with console logs and node --inspect
- "Floating" Promises (those created and not handled): detection with TypeScript ESLint, and error handling
- Sinking" Promises (those created and handled improperly): detection with TypeScript ESLint, and error handling
By the end of this workshop, you'll be fully prepared to debug even the gnarliest asynchronous shenanigans and write production quality asynchronous code.
Most app teams use external vendors for their authentication flow. Few teams actually understand whats happening under the hood. In this workshop we will give participants the opportunity to look beyond the shiny interfaces provided by oauth2 providers and gain an insight into the different stages of third party authentication.
Once participants have been introduced to these topics we will develop a barebones auth flow implementation using fastify and a third party oauth2 provider (Google, Facebook, Ping, Github, Microsoft etc)
A time to meet and discuss with people from the community while working on different topics which can include - but not limited to
- strategic initiatives
- brainstorming
- core subject
Linters are a great tool that enable developers to create static analysis rules for their code base. While most coders use pre-built sets of rules baked into their linter of choice, these can also be adapted to custom needs.
Today's linters are highly evolved and make it possible to avoid static code and even to run SA checks through the development and CI cycles, but they are even more powerful and few developers take advantage of their many advanced features. With ESLint it is quite easy to create custom rules that can for both general usage––such as duck typing, code styling, or type checks, through more customized usage like maintaining clarity around internals, and enforcing org guidelines.
You will learn about the most common security vulnerabilities in node.js and see how you can fix them with real life code examples. I'm going to bring my experience as Node.js core collaborator and member of the security working group, and we will go through some of the vulnerabilities that have been fixed in the past. The goal of this workshop is to spread security best practices and spread awareness about some of the most common security vulnerabilities such as ssrf, csrf, injections, malicious json etc.
Have you ever wanted to build a truly cross platform application? Have you dreamed of writing your code once and running it anywhere? Maybe you don’t know where to start. Maybe you always assumed that it was “just a dream.” Join experienced react native developers who will guide you through building your first (or second or third) react native application They will be available to help troubleshoot any development environment issues and also to provide guided tours through specific areas of react native development. Attendees of all skill levels and experiences are welcome (learning the development process is beneficial to everyone involved in a project). Come and make your first React Native application!
Rafael is a Staff Engineer at NearForm, working full-time on the Node.js runtime as a TSC (Technical Steering Committee) member, especially in the security working group. He's also the maintainer of popular JavaScript libraries such as Fastify and Clinic.js, and he's specialized in performance enhancements and software architecture optimization
Have you ever wanted to contribute to a foundational open source project like Node.js? Maybe you don’t know where to start. Maybe you always assumed that was work reserved for “someone else.” Join experienced contributors who will guide you through your first (or second or third or fourth) commit to the Node.js core. They will be available to help troubleshoot any development environment issues and also to provide guided tours through specific areas of the Node.js core source code. Contributors of all skill levels and experiences are welcome (not every contribution has to be a code change). Come and make your first Node.js core contribution!