Contributions
Article
Have I gone mad? Do I actually recommend not using an ORM and actually gaining a security advantage? Sort of. It's more nuanced but if we're trying to fix SQL injection and related vulnerabilities then I invite you to take a read.
Article
Sasha shares how they inadvertently wrote a React Server Component code that would have resulted in a security breach, if not refactored in time to fix the issue. What can we learn and how to avoid security risks that developers easily repeat, especially as it blurs the line between client-side and server-side React code.
Article
A break-down of how to set up Fastify to work on serverless Firebase Functions and access the request's rawBody to validate incoming HTTP webhooks requests from Lemon Squeezy.
Article
Get started with deploying your Node.js applications to the cloud using the new Node.js-specific runtime hosting platform: Platformatic.
Article
Do you ever struggle to come up with creative presentation titles? Let's build that while learning how to use Generative AI, Express and Trigger.dev with the OpenAI integration.
Article
Process long-running tasks in Node.js with background jobs. Learn how to use BullMQ and Redis on Heroku to create a scalable and reliable background job processing system.
Article
Developers are embracing WebAssembly for its ability to accelerate complex algorithms, enable gaming and multimedia applications, and provide a secure sandbox environment for running untrusted code. However, before adopting WebAssembly, it’s crucial to consider its security implications and how to mitigate the risks.
Article
Learn how to use Changesets to manage package versioning, package publishing with full monorepo support. you're missing out if you haven't checked out how Changesets provides a different workflow to publishing new versions.
At its core is Changesets - an open source npm package ⬡💚
At its core is Changesets - an open source npm package ⬡💚
Article
In this article, we will explore how to deploy a Vue 3 static site to Heroku with a Fastify Node.js backend server to serve the static files. By the end, you’ll have a clear understanding of the process and be able to deploy your own static site with ease.
Article
Yagiz Nizipli alerted long-time maintainers to about the real-world risk related to data compromise and this sets a great example of how important it is to minimize the risks of arbitrary command execution with package managers, such as those employed via npm’s postinstall lifecycle hooks. This article further unfolds these security concerns.
Article
The recent growth of published malicious packages is clearly an increasing trend. During 2021, Snyk added 82 new malicious packages, but in 2022 and 2023 the scale is totally different. Snyk added more than 9900 impactful malicious packages, which is an increase of 11,973% in comparison to 2021. But what is the actual impact of all of these malicious packages? is it really as doom and gloom? This article shares data on the topic.
Article
This article discusses the security implications of using the Node.js VM module to execute dynamic JavaScript originating from end-users. While the VM module is useful for creating a JavaScript sandbox, it can still be exploited by attackers to manipulate other variables than those that were originally assigned, resulting in a security risk.
Article
Vue 3 released and you want to catch up on the buzz that is Tailwind CSS? now you can
This blog post from Mary goes through installing a base Vue 3 projects, adding Vue components and styling them with TailwindCSS. At the end of it you'll learn how to style a blog post card and deploy it to Netlify!
This blog post from Mary goes through installing a base Vue 3 projects, adding Vue components and styling them with TailwindCSS. At the end of it you'll learn how to style a blog post card and deploy it to Netlify!
Article
Doing some Vue.js or Nuxt app development? check out Jakub Andrzejewski article on how to sprinkle security magic on-top of it
Article
PageFind client-side search for Astro is simple but if you want to add search capabilities to a personal blog then you might think of Algolia first. However, let me show you how an easy PageFind integration would be more suitable for a static-site generation type of blog tech.
Article
Hi folks! full disclaimer first off - I work at Snyk! One of my favorite conference talks is around proactive security controls for JavaScript supply chain security. I spent some time turning the slides, my insights and the list of tools that I cover in an article and sharing it here for everyone else too.
Article
Finally enjoy writing End-to-End tests ⭐️❤️
If you’re like me, you really appreciate a test automation step as part of your pull request (PR) CI for that added confidence before merging code. I want to show you how to add Playwright tests to your PRs and how to tie it all together with a GitHub Actions CI workflow.
If you’re like me, you really appreciate a test automation step as part of your pull request (PR) CI for that added confidence before merging code. I want to show you how to add Playwright tests to your PRs and how to tie it all together with a GitHub Actions CI workflow.
Tutorial
I wrote a tutorial that teaches you how to write a Slack bot in JavaScript or Node.js. It shows how to create Triggers and Actions workflows in Zapier to post messages to a Slack channel, using Reddit public JSON endpoint and account API to retrieve posts and wire it all up with built-in Zapier feature-rich ecosystem and Zapier’s HTTP webhooks.
Article
Where do open source dependencies go to die, and why do they come to an end?
What happened to the npm faker module?
Can it happen again?
What happened to the npm faker module?
Can it happen again?
Tutorial
There’s a better and more programmatic way of building your presentation slides — Slidev, the open source project that allows you to code your presentations with Markdown. How awesome is that?
Article
Yarn 2 is out! 🎉 Do you want to give it a try? We shared some of the highlights and how to get started with it.
Tutorial
We all know AngularJS is outdated but apparently quite still in maintenance for legacy apps so I wrote a pretty extensive AngularJS Security Fundamentals cheatsheet and blog post with code examples on how to properly maintain secure coding practices.
If you saw it relevant to share and help devs build secure Angular applications :)
If you saw it relevant to share and help devs build secure Angular applications :)
Article
Let's explore both the Angular and the React project security postures. This includes secure coding conventions, built-in in secure capabilities, responsible disclosure policies, and dedicated security documentation for the project.
Article
It is a common practice to start up projects with the Angular CLI or the Create React App tool, but security vulnerabilities exist in the ecosystem modules that we add to build on top of these scaffolds.
👉 https://snyk.io/blog/angular-vs-react-the-security-risk-of-indirect-dependencies/
One example is an unfixed XSS affecting
👉 https://snyk.io/blog/angular-vs-react-the-security-risk-of-indirect-dependencies/
One example is an unfixed XSS affecting
Article
Refactoring test code is important in order to make sure you are writing maintainable tests. Your future self will thank you when you debug them!