As the temperature gets warmer the LoopBack team is spending this summer releasing hot deliverables. In June we focused on various enhancements such as releasing version 2.0.0 of @loopback/build, replacing strong-docs, and improving @loopback/testlab. We also focused on authentication, inclusion of related models, and other improvements. You can see the June milestone for an overview of what we have worked on, and read on for more details.

Version 2.0.0 of @loopback/build

In the past months, we have significantly evolved our build tooling. The last major change was the switch from tslint to eslint for linting. We decided it’s time to clean up the code, remove unused parts and release a new major version.

The release introduced the following breaking changes:

  • lb-apidocs helper is no longer available.
  • lb-tslint helper is no longer available.
  • lb-tsc is no longer choosing outDir for you, you have to specify it explicitly.
  • It is no longer possible to the specify compilation target via a non-option argument like lb-tsc es2017.

See the release notes for more details and instructions on migrating your existing projects.

As part of these changes, we removed vulnerable dependencies and thus npm install in newly scaffolded projects reports zero vulnerabilities 🎉.

Replacing strong-docs with tsdocs

In PR#3055, we replaced strong-docs with @loopback/tsdocs. We use @loopback/tsdocs to generate markdown files on our website. With this change, we changed the home for our API docs; you can visit the new home on our website to see the docs.

This change was a breaking change: as mentioned before, lb-apidocs is no longer available for use, as it was removed as part of this PR. For alternate solutions, you can use Microsoft’s api-extractor and api-documenter.

On the brighter side, by removing strong-docs we also removed dependencies on 3rd party modules that have known security vulnerabilities but are no longer maintained.

Jest and @loopback/testlab

We improved our testing helpers to support Jest testing framework.

  • PR#3013 fixed typings for itSkippedOnTravis to remove an implicit dependency on Mocha typings, which was causing conflicts when using our testlab from Jest.

  • PR#3040 introduced a more generic helper skipOnTravis which supports any BDD verbs like describe and it.

      skipOnTravis(it, 'does something', async () => {
        // the test code
      });
    
  • PR#3138 added even more generic helper skipIf that allows you to skip a test case or a test suite on arbitrary condition.

      skipIf(someCondition, it, 'does something', async () => {
        // the test code
      });
    

We are also looking into ways to migrate our test suite from Mocha to Jest. Stay tuned for updates!

Authentication

In PR#120, the shopping cart application was updated to utilize the latest authentication package @loopback/authentication2.x. You can read more about our latest authentication package in our blog What’s New in LoopBack 4 Authentication 2.0.

In PR#2977, we introduced some new documentation to the authentication package we’ve been updating these past few months. See Authentication for details.

In PR#3046, a new authentication tutorial on How to secure your LoopBack 4 application with JWT authentication was added.

We released the new adapter for passport-based strategies as @loopback/authentication-passport; now you can follow the guide in Use Passport-based Strategies to learn how to create and register a passport strategy and plug it into the authentication system.

getJsonSchema Enhancement

A community user, @samarpanB, has contributed PR#2975 adding a new option includeRelations to the helper getJsonSchema. When the option is enabled, the helper adds navigational properties for inclusion of related models in the emitted model schema.

As part of our Inclusion of Related Models Epic, we updated our TodoList example to also include navigational properties. After the work done in PR#3171, now when getting a Todo with an inclusion filter, its included TodoList will be a part of the response and vice versa.

When you call GET todos/2, you get the following response:

{
  "id": 1,
  "title": "Take over the galaxy",
  "desc": "MWAHAHAHAHAHAHAHAHAHAHAHAHAMWAHAHAHAHAHAHAHAHAHAHAHAHA",
  "todoListId": 1
}

And now when you call GET todos/2 with the filter {include: [{relation: 'todo-lists'}]}, you get the following response:

{
  "id": 1,
  "title": "Take over the galaxy",
  "desc": "MWAHAHAHAHAHAHAHAHAHAHAHAHAMWAHAHAHAHAHAHAHAHAHAHAHAHA",
  "todoListId": 1,
  "todoList": {
    "id": 1,
    "title": "Sith lord's check list"
  }
}

You can check out the new full example by calling lb4 example todo-list.

Partial Updates via PATCH

In PR#3199, we enabled added a partial option for JsonSchemaOptions. This addition allowed us to emit schema where all the model properties are optional. By doing this, this lets us to now do PATCH requests without having to include all required properties in the request body.

For example, before when trying to update a Todo from our Todo example, you’d have to include the title property in the request body:

PATCH todos/1

{
   "title": "Take over the galaxy", 
   "desc": "get the resources ready" 
}

But now even though title is still required, it is optional when doing a PATCH request. So now the following is a valid request body to pass to the following request:

PATCH todos/1

{
   "desc": "get the resources ready" 
}

All newly created projects generated through the CLI will allow partial updates through PATCH.

New GitHub Issue Templates

In PR#3202, we updated the GitHub issues template, so that when you open a new issue, you’re taken to a page (see image below) where you can choose the type of issue to open. The options we offer are: bug report, feature request, question, and security vulnerability. With these new more specific templates, it will be easier for the team to go through and understand new issues.

Issue template

CLI Improvement

In PR#2989, we made some improvements to the CLI:

  • Changed/unified the naming convention to eliminate bugs causing by the input. See the naming conventions we follow in LoopBack 4.
  • Added a prompt message to warn/notify users the change to their inputs and file names in advance. For example:
      $ lb4 controller
      ? Controller class name: todo
      $ Controller Todo will be created in src/controllers/todo.controller.ts
    

We also made some fixes to our lb4 discover command:

  • In PR#3127, we fixed a bug so that the prompt exits properly when using the command.
  • In PR#3015, community member @samarpanB contributed a fix that would properly stringify modelSettings that go into the @model decorator.
  • In PR#3115, community member @marvinirwin contributed a fix that makes the schema field in modelSettings use the owner of the schema.

New Team Member

We have a new addition to our LoopBack team: Agnes (@agnes512 on GitHub) has joined the team as our intern for the next year. She has already contributed improvements to our documentation, our cloudant connector, our CLI, and more. We’re happy to have her on our team and look forward to see what she accomplishes in the future.

Other Changes

  • We introduced a shared test suite that allows us to test any Repository implementation against any supported connector, e.g. DefaultCrudRepository against loopback-connector-mongodb. This suite will help us to catch database-specific problems that went undiscovered so far. See PR#3097.
  • We reworked the cloudant connector test setup so that both juggler versions 3.x and 4.x are triggered. So far connectors mongodb, postgresql, kv-redis, cloudant run the shared tests. See PR#206.
  • We honoured the arguments for another two LoopBack 3 CLI commands: lb remote-method and lb middleware. See PR#410.
  • We deprecated the @loopback/openapi-v3-types package. See PR#3220.
  • We improved the documentation for our shopping cart application. See PR#183.

We have finished the migration from GreenKeeper to RenovateBot and added documentation for LoopBack developers describing how to work with RenovateBot’s pull requests. Learn more in the new section Renovate bot in our documentation for developers.

We have upgraded our eslint-related infrastructure to eslint version 6 and added few more rules to the default eslint config to catch even more programming errors:

  • no-floating-promise to detect & reject usage of Promise-like values in statements without handling their errors appropriately. We used to have this rule enabled in our old tslint-based setup but had to switch it temporarily off because it was not available in typescript-eslint until recently.
  • no-prototype-builtins to detect code that can introduce Prototype Poisoning vulnerability. This rule was promoted to recommended rules in eslint version 6.
  • require-atomic-updates to report assignments to variables or properties where a race condition may be introduced. This rule was promoted to recommended rules in eslint version 6.

Looking for User References

As you might be aware, the loopback.io website has a brand new look. We’d like to rebuild the “Who’s using LoopBack” section and showcase our users and their use cases. If you would like to be a part of it, see the details in this GitHub issue.

What’s Next?

If you’re interested in what we’re working on next, you can check out the July milestone.

Call to Action

LoopBack’s future success depends on you. We appreciate your continuous support and engagement to make LoopBack even better and meaningful for your API creation experience. Please join us and help the project by: