• Avoiding CSRF Attacks with API Design

    Cross-site request forgery (CSRF) attacks are a type of attack where a website you don’t control tries to send commands to your website, using your customer’s cookies. Today we’re going to look at a few ways you can avoid CSRF attacks, mostly just by being careful about how you design your API.

  • Using GitHub Actions for Continuous Integration!

    Right now GitHub Actions is in Beta, but it’s due to come out of beta soon! This tutorial will run you through how you can configure GitHub Actions (using the new YAML based interface) to build and test your javascript app, from simple apps to complicated ones. Lots and lots of examples to get you going.

    Since GitHub Actions is in beta, to get any of these examples to work you’ll need to apply for the beta program.

  • Use eslint with Typescript, today!

    A couple of months ago Typescript team revealed that they were formally adopting eslint as the linter for Typescript, and that they were actively working to improve compatibility between eslint and typescript. What you might not know is, you can use eslint with Typescript today! Read more to see how to set up eslint on your typescript project.

  • Why are Weakmaps in Javascript not Enumerable?

    Recently a colleague of mine noticed this in the MDN description of WeakMap:

    Because of references being weak, WeakMap keys are not enumerable (i.e. there is no method giving you a list of the keys). If they were, the list would depend on the state of garbage collection, introducing non-determinism. If you want to have a list of keys, you should use a Map.

    My co-worker wondered what this meant exactly? Where does the non-determinism come from? Doesn’t the state of WeakMap still depend on garbage collection even if you can’t enumerate the keys?

  • Using Swagger/OpenAPI 2.0 in Node.js

    OpenAPI is a specification that lets you write a document which describes a REST API. From this document, you can generate documentation, generate stubs to call into your API in a variety of languages, and automatically validate requests on the server, and much more. Swagger is a set of tools that work with OpenAPI. This will walk through setting up an OpenAPI document for a typical MongoDB/Express/Node.js app.

    This is the first of a three part series.

subscribe via RSS