The Blog

Sharing my thoughts and experience on attending JSConf Budapest for the first time

npm security tips to keep you safe of malicious modules

what makes a test case good? how can we improve the developer friendliness when writing test code?

June 4th is a historic date where the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages.

Sometimes, when building an application inside a Docker image, you need secrets such as an SSH private key to pull code from a private repository but you may be going about it the wrong way by leaking secrets into the image. Here is how to avoid it.

Docker provides two commands for copying files from the host to the Docker image when building it: `COPY` and `ADD`. which one should you use?

When a Dockerfile doesn't specify a USER directive, what's the worst that can happen?

a malicious version of a Ruby gem used in a Rails application leads to remote code execution on vulnerable servers

It is likely you experienced the painful situation of deploying to production only to find out that an API service you integrate with has…

npm project health assessment

installing dependencies is not the same for development as it is for continuous integration systems, in this post I share why.

10 awesome npm security tips to keep you safe!

The JSHeroes conference will take place this year in April and bring in people from all over the world to connect with new and old friends…

In an effort to better promote and increase engagement in the Node.js Security WG we would like to share highlights more often, ideally…

Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the…

I guess naming is a hard task in general, and for the npm registry, the naming rules have evolved from what they were to begin with, much…

There are several traps that are easy to fall to when it comes to async testing. Moreover, there are several methods of achieving the same…

What if someone was able to directly publish a new vulnerable React version?

Let's assume you are tasked with hiring a VP Engineering for a relatively small team, say 10 engineers, which is on a growth trend as the company gets bigger.

Oh yes. The Developer Experience with Jest is transforming the act of writing tests from a chore to hell of a fun time, promise! 🤓

We had Tape, Mocha, Ava, and now Jest. Let’s see what this is all about!

In this post I would like to acquaint you with the work being done by the Node.js Security Working Group (WG) and how we’re improving the…

The use of Regular Expressions (RegEx) is quite common among software engineers and DevOps or IT roles where they specify a string pattern…

Side projects are an amazing thing.We learn, experiment, and collaborate with the world through them.

A crucial part of being an engineering manager is on-boarding to a new team, or on-boarding others to yours. The important bits there is…