Going surfing – Protect your Node.js app from Cross-Site Request Forgery

One classic attack when working with web applications is Cross Site Request Forgery aka CSRF/XSRF (read C-Surf). They are used by attackers to perform requests on behalf of users in your application without them noticing. Let’s look at how they can pull this off and how we can protect our applications from these type of threat. Let’s talk theory Before we can prevent CSRF attacks we need to… Read More

Putting the helmet on – Securing your Express app

Express is a great way to build a web server using Node.js. It’s easy to get started with and allows you to configure and extend it easily thanks to its concept of middleware. While there are a variety of frameworks to create web applications in Node.js, my first choice is always Express. However, out of the box Express doesn’t adhere to all security best practices. Let’s look at… Read More

Building a TodoMVC with Twilio Sync and JavaScript

Sharing information between different devices in real-time is difficult but with Twilio Sync it’s just a matter of a few lines of code. To see how Sync works let’s create our own version of the TodoMVC application using Twilio Sync to store our data and share it across multiple devices. We’ll base our version on a copy of the Vanilla JS version of TodoMVC and alter the storage… Read More

Working with Environment Variables in Node.js

Working with environment variables is a great way to configure different aspects of your Node.js application. Many cloud hosts (Heroku, Azure, AWS, now.sh, etc.) and Node.js modules use environment variables. Hosts, for example, will set a PORT variable that specifies on which port the server should listen to properly work. Modules might have different behaviors (like logging) depending on the value of NODE_ENV variable. Here are some of my tricks… Read More

JS 💖 Hardware – Getting started with Nodebots and Johnny-Five

Getting started with hardware hacking can be quite intimidating for some folks. The world of electronics is completely foreign for most developers; additionally, it requires you to write C/C which is efficient but not everyone feels comfortable with. However, the Nodebots movement is a nice way to get started with hardware development using JavaScript. In this article, I want to guide you through some very basic things… Read More

Scan your projects for crossenv and other malicious npm packages

On August 1st, Oscar Bolmsten tweeted about how he found a malicious npm package called crossenv that scans for environment variables and POSTs them to a server. @kentcdodds Hi Kent, it looks like this npm package is stealing env variables on install, using your cross-env package as bait: pic.twitter.com/REsRG8Exsx — Oscar Bolmsten (@o_cee) August 1, 2017 This is particularly dangerous considering that you might have secret credentials… Read More

Building the IT Crowd Answering Machine with Twilio Functions and JavaScript

Picture of Roy from IT Crowd answering the phone

One of my favorite things from IT Crowd is their “Hello IT” machine. It’s the perfect solution for lazy people who are tired of answering the same IT support questions again and again. With Twilio Functions and the new Speech Recognition we can build our own version of this machine with just a few lines of code. If you are not familiar with the answering machine from IT… Read More

Writing a Node.js module in TypeScript

Decorative title image

One of the best things about Node.js is its massive module ecosystem. With bundlers like webpack we can leverage these even in the browser outside of Node.js. Let’s look at how we can build a module with TypeScript usable by both JavaScript developers and TypeScript developers. Before we get started make sure that you have Node.js installed – you should ideally have a version of 6.11 or higher…. Read More

Deploy .NET Core with Docker and now.sh

Image with .NET Core, Docker and Zeit logo

Bundling up your application into a Docker container has many benefits including making deployments really easy without being bound to a particular cloud host. In this post we will containerize a .NET Core application and deploy it using Docker. Setup Before we can get started we need a couple of dependencies installed. Make sure you have the latest .NET Core SDK installed. You can download the SDK for your operating… Read More