lirantal

A break-down of how to set up Fastify to work on serverless Firebase Functions and access the request's rawBody to validate incoming HTTP webhooks requests from Lemon Squeezy.

Get started with deploying your Node.js applications to the cloud using the new Node.js-specific runtime hosting platform: Platformatic.

Do you ever struggle to come up with creative presentation titles? Let's build that while learning how to use Generative AI, Express and Trigger.dev with the OpenAI integration.

Process long-running tasks in Node.js with background jobs. Learn how to use BullMQ and Redis on Heroku to create a scalable and reliable background job processing system.

Developers are embracing WebAssembly for its ability to accelerate complex algorithms, enable gaming and multimedia applications, and provide a secure sandbox environment for running untrusted code. However, before adopting WebAssembly, it’s crucial to consider its security implications and how to mitigate the risks.

Learn how to use Changesets to manage package versioning, package publishing with full monorepo support. you're missing out if you haven't checked out how Changesets provides a different workflow to publishing new versions.

At its core is Changesets - an open source npm package ⬡💚

In this article, we will explore how to deploy a Vue 3 static site to Heroku with a Fastify Node.js backend server to serve the static files. By the end, you’ll have a clear understanding of the process and be able to deploy your own static site with ease.

Yagiz Nizipli alerted long-time maintainers to about the real-world risk related to data compromise and this sets a great example of how important it is to minimize the risks of arbitrary command execution with package managers, such as those employed via npm’s postinstall lifecycle hooks. This article further unfolds these security concerns.

The recent growth of published malicious packages is clearly an increasing trend. During 2021, Snyk added 82 new malicious packages, but in 2022 and 2023 the scale is totally different. Snyk added more than 9900 impactful malicious packages, which is an increase of 11,973% in comparison to 2021. But what is the actual impact of all of these malicious packages? is it really as doom and gloom? This article shares data on the topic.

This article discusses the security implications of using the Node.js VM module to execute dynamic JavaScript originating from end-users. While the VM module is useful for creating a JavaScript sandbox, it can still be exploited by attackers to manipulate other variables than those that were originally assigned, resulting in a security risk.

Vue 3 released and you want to catch up on the buzz that is Tailwind CSS? now you can

This blog post from Mary goes through installing a base Vue 3 projects, adding Vue components and styling them with TailwindCSS. At the end of it you'll learn how to style a blog post card and deploy it to Netlify!

Doing some Vue.js or Nuxt app development? check out Jakub Andrzejewski article on how to sprinkle security magic on-top of it

PageFind client-side search for Astro is simple but if you want to add search capabilities to a personal blog then you might think of Algolia first. However, let me show you how an easy PageFind integration would be more suitable for a static-site generation type of blog tech.

Hi folks! full disclaimer first off - I work at Snyk! One of my favorite conference talks is around proactive security controls for JavaScript supply chain security. I spent some time turning the slides, my insights and the list of tools that I cover in an article and sharing it here for everyone else too.

Finally enjoy writing End-to-End tests ⭐️❤️

If you’re like me, you really appreciate a test automation step as part of your pull request (PR) CI for that added confidence before merging code. I want to show you how to add Playwright tests to your PRs and how to tie it all together with a GitHub Actions CI workflow.

I wrote a tutorial that teaches you how to write a Slack bot in JavaScript or Node.js. It shows how to create Triggers and Actions workflows in Zapier to post messages to a Slack channel, using Reddit public JSON endpoint and account API to retrieve posts and wire it all up with built-in Zapier feature-rich ecosystem and Zapier’s HTTP webhooks.

Where do open source dependencies go to die, and why do they come to an end?
What happened to the npm faker module?
Can it happen again?

There’s a better and more programmatic way of building your presentation slides — Slidev, the open source project that allows you to code your presentations with Markdown. How awesome is that?

Yarn 2 is out! 🎉 Do you want to give it a try? We shared some of the highlights and how to get started with it.

We all know AngularJS is outdated but apparently quite still in maintenance for legacy apps so I wrote a pretty extensive AngularJS Security Fundamentals cheatsheet and blog post with code examples on how to properly maintain secure coding practices.
If you saw it relevant to share and help devs build secure Angular applications :) 

Let's explore both the Angular and the React project security postures. This includes secure coding conventions, built-in in secure capabilities, responsible disclosure policies, and dedicated security documentation for the project.

It is a common practice to start up projects with the Angular CLI or the Create React App tool, but security vulnerabilities exist in the ecosystem modules that we add to build on top of these scaffolds.

👉 https://snyk.io/blog/angular-vs-react-the-security-risk-of-indirect-dependencies/

One example is an unfixed XSS affecting

Refactoring test code is important in order to make sure you are writing maintainable tests. Your future self will thank you when you debug them!