Build the future of communications.
Start building for free
  • By Dominik Kundel
    Serving Coffee with Twilio Programmable SMS and React Ie8YJ4I72qt7ELPDoawakLnVNA0F3FWcZfNOmKmjcHpaSfSH7OC0wejncohs3vEVBOJL-mlHV_wLRXmeYtb0YQgFv7dxV5B08V4lJT8Onzw3ZJ2w6BWJYuB3LNrVQ94vHRPVJj0y

    Turning coffee into some sort of API has probably been the dream of a lot of developers. In fact today marks the 20th birthday of the IETF RFC 2324 suggesting the Hyper Text Coffee Pot Control Protocol (HTCPCP). Last year, together with a friend, I hacked a coffee machine using JavaScript, but what do you do if you want to bring a bit more comfort to coffee served by baristas? Nobody wants to stand in a queue, especially at a conference!

    For the last couple of years we’ve started serving coffee at various events using Twilio Barista, combining different Twilio APIs, such as Programmable SMS, Twilio Sync, and other web technologies. This way you can send an SMS to order your coffee, and get notified as soon as your coffee has been prepared by the barista.

    On the birthday of the HTCPCP we figured it’s time to teach ...

    Read More
  • By Dominik Kundel
    Creating and Publishing Web Components with Stencil KKHDtbA8w0TBRK4yJvTGhTHqDS4cDnlcooCnDzIpRHgbcmFWLQapZQ1YBpihOtbgjhD6TUKr3nY7IqNEa7MT8GGt_yvInzwr5SfW1nEZi_fXAFuByCx6l-52CkwhM7OVnK00v076

    Web Components is a technology I’ve been excited about for years. The idea is that you can create your own UI components that are supported in the browser regardless of which framework you are using (or none at all for that matter). However, there wasn’t much traction around them until recently.

    The web components APIs are pretty low level by themselves but projects like Polymer are trying to improve the developer experience and recently more tools came along to help with authoring web components. One of these tools is Stencil from the Ionic team.

    If you are not yet familiar with web components, I suggest you check out this short introduction on to get an idea of Custom Elements and Shadow DOM. If you want to have a better idea of why web components might be of interest for you, even if you don’t author ...

    Read More
  • By Dominik Kundel
    Going surfing – Protect your Node.js app from Cross-Site Request Forgery mRMN3UYfzX8BjZ-_AVS4s_fF9250cHvOqDncnx3omhfqvNiYVg2VldUd5IBJTnI-Gss2wN5UpkCwxi0MgkNOuoKtLS2m41LsK6u0QHcl3n_rZIja6s0flrEEDS4wwWWVSlkjyiY0

    One classic attack when working with web applications is Cross Site Request Forgery aka CSRF/XSRF (read C-Surf). They are used by attackers to perform requests on behalf of users in your application without them noticing. Let’s look at how they can pull this off and how we can protect our applications from these type of threat.

    Let’s talk theory

    Before we can prevent CSRF attacks we need to understand how they work. Typically these attacks are executed on the functionality of web applications that use form-based submissions like POST requests and cookie-based authentication.

    An attacker places a hidden form into their malicious page that automatically performs a POST request to your page’s endpoint. The browser then automatically sends all the cookies stored for that page along with the request. If a user is logged into a current session, the attacker could, for example, post a message ...

    Read More
  • By Dominik Kundel
    Putting the helmet on – Securing your Express app 4Txtn2Pl8SQnB241Dz1jvqSmUCLJksk6M97TAJYyNHPsIZE8Q9PA1NKBYZtua-v2C5UqpyBKBCFr2SaljImM2DGDGkK-XfJs1mfMkbJ7_Sc_hGP4Q70cnqgJHpVjd7NYIgjU4AJj

    Express is a great way to build a web server using Node.js. It’s easy to get started with and allows you to configure and extend it easily thanks to its concept of middleware. While there are a variety of frameworks to create web applications in Node.js, my first choice is always Express. However, out of the box Express doesn’t adhere to all security best practices. Let’s look at how we can use modules like helmet  to improve the security of an application.

    Set Up

    Before we get started make sure you have Node.js and npm (or yarn) installed. You can find the download and installation instructions on the Node.js website.

    We’ll work on a new project but you can also apply these features to your existing project.

    Start a new project in your command line by running:

    mkdir secure-express-demo
    cd ...
    Read More
  • By Dominik Kundel
    Building a TodoMVC with Twilio Sync and JavaScript icpvM7iV5ZfjEqqS0XzipFTaeSJxcohcgg5eWCcyEsuKdWBiTqraS2VwI5qW-Ev_cgbnkzdlL5kgByrYabGYJpKo1V0iDclKIzr3eZpWme2Tqms3qhL_bXunccJjIFsffXlMqFYo

    Sharing information between different devices in real-time is difficult but with Twilio Sync it’s just a matter of a few lines of code. To see how Sync works let’s create our own version of the TodoMVC application using Twilio Sync to store our data and share it across multiple devices.

    We’ll base our version on a copy of the Vanilla JS version of TodoMVC and alter the storage that is currently local storage to Twilio Sync. However, you can use the same code with your favorite framework as well.


    Before we get started make sure that you got the following things:

    Start by cloning the template branch of this repository and install the dependencies:

    git clone -b template ...
    Read More
  • By Dominik Kundel
    Working with Environment Variables in Node.js h6p92574BnyPzrK_d-MEH0rJ7nVcFBfbPfOXlnf5tWFT12Y74mxqvutrSBRw3ntDM4es5ThipSUtWr3SafnUd27s1-gcRU1JURKJxbNfPrvbQDCDr8Uri4OP4rNNf5fcWJSs6w3k

    Working with environment variables is a great way to configure different aspects of your Node.js application. Many cloud hosts (Heroku, Azure, AWS,, etc.) and Node.js modules use environment variables. Hosts, for example, will set a PORT variable that specifies on which port the server should listen to properly work. Modules might have different behaviors (like logging) depending on the value of NODE_ENV variable.

    Here are some of my tricks and tools when working with environment variables in Node.js.

    The Basics

    Accessing environment variables in Node.js is supported right out of the box. When your Node.js process boots up it will automatically provide access to all existing environment variables by creating an env object as property of the process global object. If you want to take a peek at the object run the the Node.js REPL with node in your command-line and type ...

    Read More
  • By Dominik Kundel
    Trabajando con Variables de entorno en Node NDz61rOWf_XldyuJlfY70wQMvGZBLNBUiiBEdQqTMcpGKzqWaoWqv49q8EgsmIkkjofkp501ywNyGjeDmhHeZIRut2zCZbxXC9RILMwwrbQkrKhn4LvtJKLtLmIb2C6iMsE9-QTo

    Trabajar con variables de entorno es una gran manera de configurar diferentes aspectos de su aplicación Node.js. Muchos proveedores de servicios en la nube (Heroku, Azure, AWS,, etc.) y los módulos de Node.js utilizan variables de entorno. Los proveedores, por ejemplo, establecerán una variable PORT que especifica en qué puerto del servidor debe ubicarse para que funcione correctamente. Los módulos pueden tener diferentes comportamientos (como registrarse) en función del valor de la variable NODE_ENV

    Éstos son algunos de mis trucos y herramientas cuando se trabaja con variables de entorno en Node.js.

    Lo Básico

    El acceso a las variables de entorno en Node.js es compatible desde el primer momento. Cuando el proceso Node.js se inicia, proporcionará automáticamente el acceso a todas las variables de entorno existentes mediante la creación de un objeto env  como una propiedad del objeto global process. Si quieres echar un ...

    Read More
  • By Dominik Kundel
    JS 💖 Hardware – Getting started with Nodebots and Johnny-Five hgPflcjLxl8z2pszNezLEBSYf8UGKfN0TCns15wZTYPH45aU6-lGO18UIvgEU2XSVt6g_NJwNGwbfy1CQ48vJZHnXViT5IpoQhTaE8D7fvSA3euieDePS3IQQasH66m-k1kQlLOT

    Getting started with hardware hacking can be quite intimidating for some folks. The world of electronics is completely foreign for most developers; additionally, it requires you to write C/C which is efficient but not everyone feels comfortable with. However, the Nodebots movement is a nice way to get started with hardware development using JavaScript. In this article, I want to guide you through some very basic things to get started.

    JavaScript && Hardware? How?


    There are quite a few different projects aimed at hardware development with JavaScript. Some come with special hardware like the Tessel or Espruino. Both of them are great projects but in this post we will focus on another option.

    The option we’ll use is the npm module johnny-five. Johnny-Five isn’t limited to certain hardware but instead supports a wide range of different microcontroller platforms (including the Tessel) using various I/O plug-ins. The ...

    Read More
  • By Dominik Kundel
    Scan your projects for crossenv and other malicious npm packages JDKpeyemdlB4gEQtUasRJc3TLJX2YMezcWfZ2spVkziJYzm6qHB1Gh8ppP31XiLeqfL60kz8DzePc3qYncMPAjqg_nAaXqr-zLETqo1lsrxy_SHjKnaQrg7UeNter8tyzft_Zz18

    On August 1st, Oscar Bolmsten tweeted about how he found a malicious npm package called crossenv that scans for environment variables and POSTs them to a server.

    This is particularly dangerous considering that you might have secret credentials for different services stored in your environment variables. Apparently it’s also not limited to just crossenv, but a series of packages — all of them are names of popular modules with small typos such as missing hyphens.

    Check your project for malicious packages

    These packages have been taken down by npm, but since credential theft happens upon installation, you should check if you have installed one of them. Ivan Akulov was so kind to compose and publish a list of ...

    Read More
  • By Dominik Kundel
    Building the IT Crowd Answering Machine with Twilio Functions and JavaScript Picture of Roy from IT Crowd answering the phone

    One of my favorite things from IT Crowd is their “Hello IT” machine. It’s the perfect solution for lazy people who are tired of answering the same IT support questions again and again. With Twilio Functions and the new Speech Recognition we can build our own version of this machine with just a few lines of code.

    If you are not familiar with the answering machine from IT Crowd make sure to check out this video of it in action.


    You can also check out the final result by calling one of these numbers:

    • 🇬🇧 +44 20 3389 5853
    • 🇺🇸 (415) 702-4376

    Before we get going make sure you have a Twilio account. Sign up for free.

    Now let’s get coding!


    “Hello IT”

    The first thing we need to do is create a new Twilio Function that will handle all of our requests. Twilio Functions allows you to host Node ...

    Read More
  • Newer
    Sign up and start building
    Not ready yet? Talk to an expert.