6 Node.js Modules You Should Be Using

Continued from page 1

But when exactly does next() get called? This is all tricky and important in understanding how promises work. One great way to learn is by doing. Think about the questions I posed and how you would have to answer them. Try writing some code that does exactly what I just described. You'll quickly see what must take place inside someDataLookup, what it must return, what the next function must do, and what the two other functions must do. Then you'll be ready to make use of some sophisticated libraries that help you with promises. One is called Q. Q takes away the hard work of building your own promise system. For example, if you have to do a series of database calls and want to use promises to make them happen, that's where Q can help.
Note that if you want to learn Q, take a look at a GitHub Gist that I created a couple years ago that explains some basic features. Also look at the forks; several people have forked it and created some even better examples.

HTTP Requests and API Calling: request

Since this is ProgrammableWeb, you're likely to be calling API calls. Many APIs include SDKs that provide functions to call the API. (And, when they do, when coded correctly for Node.js, they're likely to be asynchronous.) But in a lot of cases, it's easy to just make the HTTP call yourself. That's where the request module comes in.
The request library is incredibly easy to use. Suppose you want to grab an HTML page. You just call request, passing a string with the URL, and a callback function that receives the page data:

var request = require('request');

request('http://www.example.com', function(err, resp, body) {



This is perhaps the simplest example of request. The body parameter is the actual text of the Web page. But you can do much more: You can full control over the HTTP protocol (HTTP, HTTPS), the method (GET, POST, PUT, etc.), the data you send and how it's sent, the headers, and so on. To see what all is available, scroll down on the documentation page to the detail on the request method itself.
Request also supports OAuth, but only version 1. If you want to make client calls with OAuth 2.0, you'll need another library. There are several available, including simple-oauth and node-oauth.

Encryption: bcrypt

When you create Web server software or access other servers (such as through APIs), you sometimes need to do some encryption. There are many times and places you would need encryption, and there are many types. One type in particular deals with hashes. Essentially a hash is a long number that's calculated from an existing string of text (or any type of data). The hash is supposed to work one way: You can figure out the hash from the string, but in theory you can't go the other direction.
The bcrypt algorithm was created with the purpose of calculating hashes. One thing that makes it unique is that as computer become more powerful, the algorithm can be adapted with faster computers and basically told to take longer to essentially slow down login processes and ward off brute-force attacks. This may or may not fit into your own needs, but if it does, the bcrypt module is a great option.

However, I want to provide an important caution: If you're not familiar with encryption and security, please don't try to build your own login system. Instead, use one that is built by security experts and well-tested (such as Passport, which is an entire system for adding login and session capabilities to your app.). While programmers are usually encouraged to learn as much as they can and write code based on learning from others, security is the exception: Security code should only be created by the experts. If you're learning security, great; but don't deploy your code to production until you are an actual expert in security. Otherwise you're just asking for trouble. But on the flip side, security code should be inspected by everyone. The creators of encryption and security code typically want as many eyes on it as possible to find any holes.
The usual Node.js module for bcrypt is bcrypt.js. Because using any kind of security and cryptograhy requires making sure you fully understand the details, I'm not going to say much about the how-to here; instead, check out the home page, and carefully read the documentation and explore the examples.

Email With Nodemailer

If your application needs to send out email, you have some options. One of these options isn't very good, although a lot of people use it.

Here's the deal. Sending email isn't anything mysterious. But, for some reason, a lot of email server configurations involve pointing the server to another email server already configured for SMTP access and letting that server do the hard work. But that server needs to know how to send out email. What's the secret that that server knows? The secret is that every domain set up to receive email has a set of DNS records in what's called its zone file that provide the name of the server that receives email. That's it. So, in order to send email without using an intermediate server, you simply access the DNS servers, get the information for the email server, connect to that server, and deliver the message. But instead of doing that yourself, you can let a module do it for you. That's what Nodemailer does, and it allows your software to send email directly out without the need for an intermediate SMTP server. Rather, the code knows the SMTP protocol and does it itself. If you do want it to use an external server to send email, you can go that route, as well. For example, if you have a gmail account and want to send your email from that gmail account, you can do so.
Using Nodemailer requires first creating what's called a transporter object that configures your email-sending, and then calling a sendMail function. You can include the usual fields such as from, to, cc, bcc, and so on. You can also specify both a text version of the email and an HTML version of the email, and you can even include file attachments.
As usual, the approach is asynchronous, meaning you provide a callback function that gets called after the email is sent. If an error occurs, you'll be notified in the callback, as well. The callback function receives two parameters: an error and a result. The documentation provides the full details.

Processing HTML with Cheerio.js

As a final module, one problem I've encountered is processing HTML. If your Node.js application needs to retrieve HTML from a remote site, pulling the information you need out of it can be a headache. You can try to scan the HTML as a string or use regular expressions, but an easier approach is a module called cheerio. With cheerio, you read in some HTML and process it using the same syntax as jQuery. So, for example, if the HTML has a DIV element with an ID and you need the text inside the element, you can simply use the good old jQuery selector syntax of $('#id').html(). One reason I've found cheerio to be so helpful is the HTML I've had to process isn't always well-formed; that is, tags don't always have closing tags. And some characters such as less-than and greater-than might appear in the HTML (instead of using entities). Trying to parse that manually is difficult. The cheerio module takes care of all that.
If you have a string containing HTML, all you need to do is call cheerio's load function, which returns an object that contains all the jQuery methods. Most people save that object into a variable called $, giving you the usual $ syntax of jQuery.
With cheerio, you can also modify the document. You add and remove elements and attributes and classes, like you can with jQuery itself. Cheerio effectively manages a document object model itself just like the browser does. Then, grab the HTML as text with a simle html() call:



Whenever I build a project, I usually add most of these modules to my project. Together they make up a framework upon which I build my Node.js applications. Even if I do a quick little test app, I still will likely have some of these because they help me code more quickly.

Have you had success with these modules? What are some of your favorites? Please let us know in the comments section.

Be sure to read the next Application Development article: Daily API RoundUp: Euclid Analytics, giflayer, Mendix