April 14 - 17, 2023
Node Congress
Berlin & Online
Node Congress 2023

The biggest event on JavaScript backends

Explore the new frontier of battle-tested backends. A two-day conference on all things Node.js, gathering Back-end and Full-stack engineers across the globe in the cloud is here to help you staying up-to-date on the latest Node.js tech.

9 min
Using Machine Learning to Supercharge Your Node.js App
This talk will explore how machine learning can be integrated into Node.js applications to make them faster, more efficient, and more powerful. We will discuss different approaches for adding machine learning capabilities, including APIs, libraries, and frameworks. We will also demonstrate how machine learning can solve complex problems and create new development opportunities. Finally, this talk will provide tips and best practices for incorporating machine learning into Node.js applications.  
36 min
Deno 2.0
Deno 2.0 is imminent and it's bringing some big changes to the JavaScript runtime. In this talk, we'll introduce the new features including import maps, package.json auto-discovery, and bare specifiers. We'll discuss how these improvements will help address issues like duplicate dependencies and disappearing dependencies. Additionally, we'll delve into the built-in support for deno: specifiers on the deno.land/x registry and its role in providing a recommended path for publishing. Come learn about how these updates will shape the future of the JavaScript ecosystem and improve backwards compatibility with Node applications.
26 min
The Road to Async Context
The AsyncLocalStorage API is arguably one of the most important relatively recent additions to Node.js. Today we are seeing implementations being added to other runs such as workerd, deno, and bun. And there is an effort underway in TC-39 to introduce a new AsyncContext API to the language. This talk will introduce async context tracking with AsyncLocalStorage and AsyncContext and discuss how the model is evolving as it is being implemented across multiple platforms.
26 min
The Edge & Databases: Everything Everywhere All at Once
Cloudflare Workers and Edge Functions bring the Serverless model to the next level by letting developers deploy code instantly globally to give it exceptional performance, reliability, and scale.Having server-side applications execute close to where their users are located brings greater performance and drastically improves the user experience of an app. However, due to their limited runtime environment, working with your favorite traditional database is challenging since it can’t be accessed in CloudFlare Workers directly. Prisma solves this problem in multiple ways.The goal of the talk is for developers to understand what the Edge really means, how it works, and how to work with your favorite traditional database on the Edge.
32 min
How to use ChatGPT with Node.js
ChatGPT is revolutionizing the internet. In January 2023, ChatGPT reached over 100 million users, making it the fastest-growing consumer application to date. Don't miss this talk and learn how to To use ChatGPT in a Node.js application, we will use: OpenAI API to interact with the ChatGPT model, we will get an API key from OpenAI, and then use an API client library to make requests to the API from your Node.js code. Learn hacks on how to optimize your productivity with ChatGPT and have fun with artificial intelligence!
29 min
The tale of avoiding a time-based DDOS attack in Node.js
Web applications are commonly vulnerable to several Distributed Denial of Service attacks, sometimes in unexpected ways. An example is the SlowLoris attack, an exploit that leads to service interruption by simply sending the data to the server as slowest as possible.  In this talk I will tell the tale of how it took almost 13 years for Node to be completely protected by SlowLoris attack. I will also show that sometimes prioritizing performance can lead to incorrect fixes that can result in a false sense of protection.
27 min
Prototype Pollution in JavaScript
In 2018, a new attack vector against JavaScript codebases has been published: Prototype Pollution.
At first glance, it seemed pretty limited in impact: it would basically be a good way to crash some code. However, multiple cases of Remote Code Executions have happened based on this vector.
In this talk, we will clarify what are prototype pollutions, their real impact and of to prevent them from happening in your codebase.
33 min
JS Character Encodings
Character encodings can be confusing for every developer, providing pitfalls even for the most experienced ones, so a lot of the time we want to end up with something that “just works” without an in-depth understanding of the involved concepts. In this talk, Anna will give an overview over what they are, what the JavaScript language provides to interact with them, and how to avoid the most common mistakes in Node.js and the Web.
31 min
Monitoring, Alerting, And Visualizing your Node.JS server infrastructure with Open Source tools
When monitoring Node.js, you can track your applications’ performance and availability by finding bottlenecks and fixing errors. You can identify issues by specifically looking at metrics like Process memory usage, Average response time, CPU usage, and more. If you add monitoring of the other components of your entire stack, you will gain a comprehensive view of what could be impacting application performance.  At that point, it can point out the problem at the code level — allowing you to track down and fix those issues before they negatively impact end user experience.  This talk will focus on the tools available from the Open Source time series database InfluxDB. It will be using the open source node.js telegraf plugin, so you can easily collect key metrics to help you get that view into your application. We will be using the Node.js Monitoring Template which is prebuilt and equipped to monitor an applications' performance and availability. All code examples will be in Javascript, and we will also go over the javascript library for those who are working in other javascript server environments, or who want to export data to their preferred visualization tools. 
29 min
Bun, Deno, Node.js? Recreating a JavaScript runtime from Scratch - Understand magic behind Node.js
Bun, Deno, and many other JavaScript runtimes have been hyped, but do you know why? Is it that easy to make a runtime from scratch?

I've been researching the secret behind Node.js' power and why there are so many new JavaScript runtimes coming up. Breaking down each key component used on Node.js I've come to interesting conclusions that many people used to say whereas in practice it works a bit differently.

In this talk, attendees will learn the concepts used to create a new JavaScript runtime. They're going to go through an example of how to make a JavaScript runtime by following what's behind the scenes on the Node.js project using C++. They'll learn the relationship between Chrome's V8 and Libuv and what makes one JavaScript runtime better than others.

This talk will cover the following topics:
- What's a JavaScript Engine - V8
- Why Node.js uses Libuv
- How to create a JS Runtime from scratch
30 min
Next Generation Code Architecture for Building Maintainable Node Applications
In today's fast-paced software development landscape, it's essential to have tools that allow us to build, test, and deploy our applications quickly and efficiently. Being able to ship features fast implies having a healthy and maintainable codebase, which can be tricky and daunting, especially in the long-run.In this talk, we'll explore strategies for building maintainable Node backends by leveraging tooling that Nx provides. This includes how to modularize a codebase, using code generators for consistency, establish code boundaries, and how to keep CI fast as your codebase grows.
31 min
Things I learned while writing high-performance JavaScript applications
During the past months, I developed Lyra, an incredibly fast full-text search engine entirely written in TypeScript. It was surprising to me to see how it could compete with solutions written in Rust, Java, and Golang, all languages known for being typically "faster than JavaScript"... but is that even true? In this talk, I will share some lessons I learned while developing complex, performance-critical applications in JavaScript.
8 min
Eval all the strings! - Hardened JavaScript
This talk is about SecureEcmaScript and Compartments which are TC39 proposals, and I'm working on tooling to make these concepts usable with people championing those proposals.
This is a first-hand account of the future of JavaScript security.
SES + tooling (LavaMoat or Endo) is making limiting access to network, fs, core modules or globals possible on a per-package basis.
I want to show how they work, what possibilities they open and how to make that future happen today with some effort.
To me this is the final step in securing npm supply chain - even if a package gets taken over by bad actors, it won't be able to hurt me.
8 min
Tools for better Observability in NodeJS Serverless IoT Applications
Observability is crucial for successfully operating large IoT fleets. IoT incorporates different components, including hardware, network, on-device software, and cloud. Devices operate under unreliable conditions and constraints, and need to be monitored remotely. Cloud applications become complex and costly, as they are built to handle device activity at scale. Answering questions such as:
-    Do I have a problem in my IoT application?
-    Where is the problem?
-    What is causing the problem?
-    How much of my fleet is affected?
-    Is my code expensive to run and if yes, how can I fix that? ,
can be challenging. Logging, monitoring and tracing are fundamental observability pillars. However, they are often viewed as non-functionals in IoT applications, and can fall off the radar, or are not standardized during development.

This session will show how to leverage Open Source tools, such as AWS Lambda PowerTools, in a fully functional Serverless IoT application, to ease adoption of best practices for modern application development, and integrate services such as Amazon X-Ray, Amazon CloudWatch and AWS IoT Core features, to achieve end-to-end observability.
8 min
Game Changer! Building Search Into Your Applications
Building search into applications can be quite easy. This talk has been really fun for audiences because I often get audience members involved, often building out the code themselves, while they try to stump each other by naming the hardest things to find. The application is hosted in a Code Sandbox, so the audience takes the code home with them. Also, I can do the same presentation with movies, if the organizers prefer.
28 min
Node.js startup snapshots
V8 provides the ability to capture a snapshot out of an initialized heap and rehydrate a heap from the snapshot instead of initializing it from scratch. One of the most important use cases of this feature is to improve the startup performance of an application built on top of V8. In this talk we are going to take a look at the integration of the V8 startup snapshots in Node.js, how the snapshots have been used to speed up the startup of Node.js core, and how user-land startup snapshots can be used to speed up the startup of user applications.
30 min
Building a modular monolith with Fastify
In my journey through Nodeland, I saw most teams struggling with the free-form nature of Node.js development: there are no guardrails for maximum flexibility. Yet, not all paths offer a smooth ride.
How to build applications that are well-organized, testable, and extendable? How could we build a codebase that would stand the test of time?
In this talk, we will explore how to avoid the trap of Singletons to create robust Node.js applications through the use of Fastify plugins: we will build a modular monolith!
21 min
Bring Node.js into your browser with WebContainers
In this talk, I'd love to inform and inspire the community to push the limitations of web development running Node.js inside the browser. I will cover how and why we developed WebContainers, what our roadblocks and limitations were and are, how we've worked with the community to make the technology better and what has already been enabled and built with WebContainers.
24 min
Tale of Two Repos
Not all monorepos are made the same, and not all teams are equal. Managing a monorepo is way more than just ""let's select this tool or that tool"". It comprises many design decisions that you need to make for the product and for the developers. 
In this talk, I will go over the main monorepos challenges - packages installation and linking, development and deployment processes - and describe the possibilities that exist for each stage. 
At the end of the talk, you will have a simple and powerful model that will help you in making the right choice of tools and processes for your monorepo. 
7 min
Measuring the Cost of a GraphQL Query with mercurius-explain
The development experience with GraphQL makes for a simple and immediate way to access data. Working on the backend means focusing on how and where the data is obtained from, whereas the frontend focuses on retrieving the data necessary for computation and display. This freedom of action, however, hides some possible performance problems. Fragments let you construct sets of fields, and then include them in queries where they’re needed. Often a client requests unnecessary data in an API call with the assumption that the extra fields are free. Instead, they are the cause of extra queries, sometimes even expensive ones. Not knowing the cost of a query makes it impossible to perform optimisation correctly.
8 min
Supply Chain Security Experience
Developers are flooded with tools and worries provided by security vendors. From researchers finding theoretical attacks, to time spent dealing with package updates, to simple accidents causing downtime all of these exist. Taking some history into account to understand the basic categories of attacks and how practical they are to exploit or even how common they are will give some assurance and guidance on where a developer can focus their limited energy and get the most out of their efforts.
26 min
Parse, Don’t Validate
Most JavaScript applications use JSON.parse to create any object first, and then validate and narrow the data type to the expected one. This approach has performance and security problems, as even if the data is invalid, the whole JSON string needs to be parsed first before the data is validated, instead of failing at JSON parsing stage (e.g., if number is passed instead of string in some property).
Many languages support parsing of JSON strings directly into the expected types, but it is not natively supported in JavaScript or TypeScript.In this talk we will show how the powers of TypeScript combined with the new specification JSON Type Definition (RFC 8927) and Ajv library can be used to parse your data directly into the expected application-defined type faster than JSON.parse, and also how to serialize data of a known type approximately 10 times faster than JSON.serialize. 
21 min
Securing Your Software Supply Chain
The software supply chain is under constant attack and threat actors are finding new ways to exploit and profit off the cracks in its foundations. Of course, the JavaScript ecosystem is at the heart of this problem as it has grown accustomed to relying on small, interdependent modules made available through the largest software registry in the world (npm). Learn more about the current and future state of the ecosystem as well as dive into new tooling and resources you'll need to protect yourself and your projects this year and beyond.
22 min
Type-safe bindings for Node.js with Rust and WebAssembly
This talk will teach you how to write performance-critical Node.js modules without the burden of distributing platform-dependent artifacts and using the C/C++ toolchain. You will discover how to smoothly integrate Rust code into your Node.js + TypeScript application using WebAssembly. You will also learn how to avoid the typical WebAssembly serialization issues, and understand when other alternatives like Neon or Napi.rs are preferable. Together, we will cross the language bridge between Rust and Node.js while preserving the familiar DX you're used to.