This Week in Meteor #2


by Rishi Goomar

Welcome to issue #2. The first issue was a big hit and now it's time for what has happened in the Meteor universe since then. There are some very exciting updates. I apologize ahead of time for how long this issue is, but there is just so much to cover for this week.

If you would like updates like this emailed to you, subscribe at thisweekinmeteor.com

Updates in Meteor Core (MDG)

Blaze Pull Requests for {{#let}} and @index Were Merged into {{#each x in y}}

Previously, there were three separate pull requests for implementing @index, {{#let}}, and {{#each x in y}}. Now, they are all combined into one big pull request because they are all features that add onto Blaze. 

More Cordova Updates

In my last issue, there were more updates on the Cordova pull request. Cordova updates have now been merged into devel branch and added to History.md file, so expect them in the next release. 

Lots of Changes Coming in the Next Release

The History.md file in the Meteor repository is very large for the next upcoming release(s). I suggest reading it so that you are ready for what is coming up next!

Discussion About Blaze Native

So, recently, Facebook released information about React Native and how it uses JavaScript to generate native Android and iOS components. There seems to be a lot of buzz around Meteor HQ about doing something like that for Blaze. I think that is awesome! Creating Blaze components that take the isobuild to a new level... native applications. The future for Meteor is looking very bright. :-)

Proposal to replace allow/deny with insert/update/remove methods

Sashko Stubailo created a proposal to change the way security rules are created. Currently, allow / deny make it hard to maintain and can create security holes that developers may not know about. So, here is what Sashko proposed:

The gist is that when you remove the `insecure` package, you then manually define server-side `insert`, `update`, and `remove` methods for any collections where you do client-side modifications. Inside these methods, everything is the same as in a regular method defined with `Meteor.methods` - you can access the user ID, the connection, etc.

This is very exciting as it allows you to customize those methods in an easier and simpler fashion that will also be easier to present to a new developer going into a Meteor project. 

Blaze 2 Proposal

This is a HUGE proposal / discussion on how Blaze v2 should operate and has a lot of discussion within the hackpad. Honestly, this is far too large of a discussion to summarize, but I wanted to make all of you aware of it. I highly recommend going through and reading through it and keeping up with it. Although, based on the brainstorming going through this hackpad, it is a way to step towards a way for Meteor to generate native mobile components like in the discussion about Blaze Native above. 

Proposal for Deprecating User Profile

Currently, the profile field on users documents are susceptible to insecurities. It is automatically published to the client and it allows regular users to take valuable information if developers are not safe in the way information is handled in the users documents. For example, if you put OAuth token within the profile field, someone could access that information in the client due to the way it is exposed. 

The proposal to fix it is the following:

1) Remove the code from core which allows writing to `profile` and always publishes it
2) Add a new `allow` rule on `update` and `delete` which warns people if the new document includes a `profile` field or the update touches the `profile` field
3) Build a package with an `allow` rule that allows writing to profile, removes the warning, and adds back in the publication.

This is a very important change that can help improve the security of Meteor applications.

Proposal for a Stream-based Build Tool

This is another large and complicated proposal that can take quite awhile to change and can really change how some developers use Meteor. 

Slava Kim stated the problem is the following:

Currently the build tool of Meteor has several drawbacks, both developers at MDG and the Meteor users suffer:
- The build time is too big -> users need to wait tens of seconds before their app reloads
  - Not a lot of caching
  - A lot of blocking calls
  - Loading big files into memory
- The tool has a lot of complicated concept and very tangled control-flow -> hard to maintain by MDG developers (especially for those who didn't design the first tool)
- Inflexibility in configuration -> users want to be able to configure the load order, plugins use, minification options, etc

Slava goes on to explain his proposed solution and benefits behind that. It is a very complicated part of the Meteor platform and I suggest reading through the proposal, but it is not something I can summarize unfortunately. 


Updates in the Meteor Community

Meteor Debugging in Chrome Dev Tools

This is an awesome combination of a Meteor package along with a chrome extension to allow you to perform CRUD actions on your Session variables and Users collections. That is all it can do for now, but there is more planned for the future. It makes it easy to debug a Meteor application and speed up development by doing direct manipulations in the browser. 

Meteor Multi-core Support: Passenger vs Cluster

The MeteorHacks team has been hard at work on improving Meteor's currently scalability and they have figured out how to add multi-core support to their Cluster package. They compared it to a popular modified version of nginx called passenger. Passenger has been one of the best ways to add multi-core support to various types of applications ranging from RoR (Ruby on Rails) applications to Node & Meteor applications. The MeteorHacks Cluster package matches it in performance!

Meteor-Up has SSL Support

Meteor-Up (commonly known as MUP) now supports SSL! This is big for developers that have been using MUP for deploying their Meteor applications because now they can trivially have SSL setup on their servers rather than having to do the entire process manually. 

Using React components in Blaze

This is a package that allows React components to be used in Blaze. This was made by one of the Meteor Core Developers, Avital. This is an interesting package for a few reasons. For one, it was made by a core developer, which shows that they are interested in what the community is looking into and what is buzzing in the JavaScript universe. Secondly, it makes it easier to integrate React in your Meteor projects along with Blaze! 

Package for calling Meteor methods inside template helpers or autorun instances

There is a problem with calling Meteor methods within template helpers or autorun instances and this package solves that by synchronously calling those methods The source code is pretty simple. 

One Day Sprint with the Velocity Team

Velocity, the official test framework for Meteor, is having a one day spring to work on the project at Meteor HQ on Sunday, Feb 22nd. For those of you interested in working on Velocity, I recommend you go down to Meteor HQ on that Sunday and start developing with the Velocity team!

Mongol - development package for modifying Mongo data and checking security

This is a development-only package that allows you to visually manipulate your Mongo data. 

Debugging a Meteor Cordova App

This is an awesome blog post made by our own Spencer Carli. It is a great overview of ways to debug a Cordova application. 

That's it for this week! Stay tuned for a new post next week!

If you would like updates like this emailed to you, subscribe at thisweekinmeteor.com

Share Share on Twitter Share on Facebook Share on LinkedIn

How Can We Help?

Reaching out doesn’t mean you’re ready to start a project, but we’d love to learn more about the challenge you’re facing, answer any questions, and see if we might be a good fit for working together.

Contact Us