Building a chat with Twilio, lit-html, Parcel and TypeScript

When building a web application you often reach a place where you’ll have to render a similar element multiple times and as efficiently as possible. That’s when a lot of web developers start reaching out to frameworks and libraries such as React, Vue or Angular. But what if we only want to do efficient templating and don’t want the tooling & code overhead of these libraries? One… Read More

Creating and Publishing Web Components with Stencil

decorative header image

Web Components is a technology I’ve been excited about for years. The idea is that you can create your own UI components that are supported in the browser regardless of which framework you are using (or none at all for that matter). However, there wasn’t much traction around them until recently. The web components APIs are pretty low level by themselves but projects like Polymer are trying to… Read More

Going surfing – Protect your Node.js app from Cross-Site Request Forgery

One classic attack when working with web applications is Cross Site Request Forgery aka CSRF/XSRF (read C-Surf). They are used by attackers to perform requests on behalf of users in your application without them noticing. Let’s look at how they can pull this off and how we can protect our applications from these type of threat. Let’s talk theory Before we can prevent CSRF attacks we need to… Read More

Putting the helmet on – Securing your Express app

Express is a great way to build a web server using Node.js. It’s easy to get started with and allows you to configure and extend it easily thanks to its concept of middleware. While there are a variety of frameworks to create web applications in Node.js, my first choice is always Express. However, out of the box Express doesn’t adhere to all security best practices. Let’s look at… Read More

Building a TodoMVC with Twilio Sync and JavaScript

Sharing information between different devices in real-time is difficult but with Twilio Sync it’s just a matter of a few lines of code. To see how Sync works let’s create our own version of the TodoMVC application using Twilio Sync to store our data and share it across multiple devices. We’ll base our version on a copy of the Vanilla JS version of TodoMVC and alter the storage… Read More

Working with Environment Variables in Node.js

Working with environment variables is a great way to configure different aspects of your Node.js application. Many cloud hosts (Heroku, Azure, AWS, now.sh, etc.) and Node.js modules use environment variables. Hosts, for example, will set a PORT variable that specifies on which port the server should listen to properly work. Modules might have different behaviors (like logging) depending on the value of NODE_ENV variable. Here are some of my tricks… Read More

JS 💖 Hardware – Getting started with Nodebots and Johnny-Five

Getting started with hardware hacking can be quite intimidating for some folks. The world of electronics is completely foreign for most developers; additionally, it requires you to write C/C which is efficient but not everyone feels comfortable with. However, the Nodebots movement is a nice way to get started with hardware development using JavaScript. In this article, I want to guide you through some very basic things… Read More

Scan your projects for crossenv and other malicious npm packages

On August 1st, Oscar Bolmsten tweeted about how he found a malicious npm package called crossenv that scans for environment variables and POSTs them to a server. @kentcdodds Hi Kent, it looks like this npm package is stealing env variables on install, using your cross-env package as bait: pic.twitter.com/REsRG8Exsx — Oscar Bolmsten (@o_cee) August 1, 2017 This is particularly dangerous considering that you might have secret credentials… Read More