Digests » 472


10 npm Security Best Practices

Adding passwords to the npm package you publish? Don't make this classic mistake! Open source security auditing is a crucial part of shifting security to the left, and npm package security should be a top concern. Learn top ten npm security best practices and productivity tips for both open source maintainers and developers from this cheat sheet.

this week's favorite

The Other Kind of Staff Software Engineer

Let’s talk about a career in tech, but not the usual boring stuff about salary or how to pass the interview process at the place with the most oversized comp packages. Instead, let’s talk about how your relationship to how the company accomplishes its goals influences what your job is like and what skills and strengths you’ll develop there.

The regex [,-.]

The intention is clear enough: match two sets of two digits separated by a comma, a dash, or a period. Of course, it shouldn’t work. Dashes in character classes are special because they’re used for ranges (like [a-z] to match lower-case ASCII letters). If you want - in a character class you put it at the beginning, or the end, never the middle. So this should be [-,.] not [,-.].

Why naming stuff is hard?

Last few months I have spent a lot of time doing code reviews. During the code review exercise I also pair with developers to refactor and improve the quality of their pull requests (PR). I care about two things in code reviews – correctness and understandability.

State of CSS 2022

Web styling features of today and tomorrow, as seen at Google IO 2022, plus some extras.

How We Solved the Thundering Herd Problem

We have many merchants using our Disputes API, some in real-time in response to a webhook, and others on a daily schedule. That means our traffic is highly irregular and difficult to predict, which is why we try and use autoscaling and asynchronous processing where feasible.


Free eBook: Try Infrastructure as Code

This ebook is meant to be a step-by-step guide for you to learn how to use some of the most in-demand IaC tools that exist: Terraform, Ansible, Puppet (and Puppet Bolt), Chef, and Salt. Each tool is covered as mostly a stand-alone-project that focuses on deploying a simple Docker-based Python web application from Github.

Join over 15,200 readers for a free weekly email with fresh news, articles and tutorials.