Nov 15th, 2016 Assuming there was no fatal error, should the first argument to an asynchronous callback be `undefined` or `null`? Best practices for passing the first argument to an asynchronous callback This is the short and sweet version. If you find it helpful, you might want to check out the entire gist. In your implementation, if you always do one…

Jan 28th, 2016 TL;DR — If you just installed a new version of Node, check your NPM version. If you’re using NPM v3.3.12 (the default for Node 5.5.0), you could run into issues when installing dependencies in your Sails app. …

Dec 22nd, 2015 1. Recursive invocation (and maximum call stack protection) just added support for maxRecursion in the machine runner. It’s a top-level property that lets you configure the built-in maximum call stack protection now included in the machine runner (defaults to 250.) Only works for recursion invoked via env.thisMachine(). For example: var result = env.thisMachine({ stuff: inputs.i+1…

Oct 20th, 2016 The Node Security project just released an advisory about the CORS implementation in Sails. tldr; If you are using CORS in your Sails app, review your configuration to be sure it is secure. If your app has vulnerable CORS configuration, there are two ways to resolve it: …

Sep 22nd, 2016 Just reached the next milestone on the road towards Sails v1: As of today, you can add a line of code to your HTML to directly expose data from your server-side view locals to client-side JavaScript, with built-in XSS attack prevention. This eliminates the need to hand-roll…

Aug 1st, 2016 This is a patch release, so there shouldn’t be any breaking changes. The release notes are included below for reference, and to point out what’s changed and what’s new. …

Jun 17th, 2016 The Node Security project released an advisory yesterday about the negotiator package, a dependency of Sails, Express, Socket.io, and Connect. tldr; Everything is cool. Neither Sails nor Socket.io touches the problematic code paths inside of the negotiatorpackage. And even though the warnings aren’t pertinent in this case, we know they’re still annoying for folks with automated builds, so the core team is working on taking care of them ASAP.

Apr 1st, 2016 Sails 0.12.2 will be published later today. At the moment, the pre-release is available when you run npm install sails@beta. If anyone wants to try it out and let us know how it goes, the core team would greatly appreciate it! The documentation has been updated for…

Jan 12th, 2016 This week, @rachaelshaw and @mikermcneil cleaned up the process for contributing to the Sails docs (removing lots of old branches) and spiffed up the meta-documentation, especially when it comes to versioning and translations. From now on, translation projects will run as forks rather than branches. …