Transcript from the "Upgrade Node.js" Lesson
>> Jem Young: And speaking of upgrade, let's go into upgrading node now, the default installation is node eight. I wouldn't say there's any major security updates as far as I know, there might be to move into node ten. But let's just do it because the syntax a little better. MPM is a little bit cleaner on the newer version of node.
[00:00:16] And to do this, we're gonna use this command called curl, which is short for client URL. It's probably a command you've seen for and it's one of the more common commands for just reading and writing external sources. And in this case, because when we did app install yesterday, we had to use whatever the app repo is using, which is always an older version of node, and we wanna upgrade that.
[00:00:40] So we're actually gonna connect directly to Node Source, the Debian repo, and Debian is a flavor of Linux that maintains these packages. What we're doing, and I think I put it in the notes here, I did. And if you're curious about what we're doing most of the time, I'm gonna use this thing called Explainshell.
[00:01:00] And I'm using curl. And this is one of my favorite tools, cuz remember when I said man pages are kind of like, here's some knowledge. Explainshell does it much simpler. So if you're trying to look at the man page for what curl-sl does, it's kind of opaque. But using Explainshell, it's really helpful that we know that it's silent and it's just going to run.
[00:01:21] The L means it's gonna check the HTTP is available. And the O means it's gonna output to a file.
>> Jem Young: Because I am lazy, hm?
>> Speaker 2: [INAUDIBLE]
>> Jem Young: You will see a file output. It's pretty fast, within a second so.
>> Jem Young: And if you do an ls, you'll see a node source setup.
[00:01:55] Actually I'm gonna remove that test log.
>> Jem Young: And if you wanna take a look at it, which, generally if you're running downloading scripts on the Internet, this is a safe site. It's well known, the repo's maintained, it doesn't have too many security issues. But generally, you wanna be careful about downloading running scripts on the Internet because you don't know what it's doing.
[00:02:16] But let's take a look at what that script is doing. And it's a lot, I'm just showing you this just because I couldn't go through all of it. But I do trust the Debian repo and I know that this is a known way of installing the latest version of node.
[00:02:33] But in general, if someone gives you a script to run on your server, don't do it [LAUGH]. There's no good reason to do it. And we're just gonna run this as a bash script. So sudo bash that file we just created.
>> Jem Young: Clear sudo bash.
>> Jem Young: And what that script is doing, it's not actually downloading node, it's just setting the apps pointer to nodejs to a different source.
[00:03:04] So it's saying, hey, I want to download nodejs. Here's a newer version of it and just point to that. So now we can say sudo apt install nodejs. And yes.
>> Jem Young: Nice, so now when I do node --version, see I'm on node 10 rather than node 8, a little friendlier.
[00:03:36] And if you're wondering, Gem, node 11 and 12 are out, why aren't we using those? I think 12 is out. 10 is the LTS version, and you remember earlier we talked about LTS, which means long-term support. Node 10 will be maintained, that means security upgrades, fixing zero days, fixing minor bugs until 2021.
[00:03:55] That's why we use the LTS version versus the modern cutting edge version is probably gonna have more bugs that haven't been discovered yet. Maybe some security exploits we don't know. So we generally, if we're talking about servers, run the LTS. Your personal server, you run whatever version of node you want, whatever makes you happy.
[00:04:11] You want to use asynch 08 and all that good stuff, run the latest version of node.
>> Jem Young: And we can update our outdated packages. We only have one right now and that was npm2. So we don't actually have to update it cuz we just installed it yesterday. But if you wanted to, you can run sudo npm update -g.
[00:04:28] That'll update all your global packages. And that covers the section on security. We spent a long time on it. But we talked about some the consequences of not securing your application. We talked about firewalls, and controlling ports, and controlling file permissions using the least permissive permissions as possible.
[00:04:46] And we talked about just keeping your application up to date to prevent vulnerabilities.