#472 The Other Kind of Staff Software Engineer
sponsor
10 npm Security Best Practices
Adding passwords to the npm package you publish? Don't make this classic mistake! Open source security auditing is a crucial part of shifting security to the left, and npm package security should be a top concern. Learn top ten npm security best practices and productivity tips for both open source maintainers and developers from this cheat sheet.
this week's favorite
The Other Kind of Staff Software Engineer
Let’s talk about a career in tech, but not the usual boring stuff about salary or how to pass the interview process at the place with the most oversized comp packages. Instead, let’s talk about how your relationship to how the company accomplishes its goals influences what your job is like and what skills and strengths you’ll develop there.
The intention is clear enough: match two sets of two digits separated by a comma, a dash, or a period. Of course, it shouldn’t work. Dashes in character classes are special because they’re used for ranges (like [a-z] to match lower-case ASCII letters). If you want - in a character class you put it at the beginning, or the end, never the middle. So this should be [-,.] not [,-.].
Last few months I have spent a lot of time doing code reviews. During the code review exercise I also pair with developers to refactor and improve the quality of their pull requests (PR). I care about two things in code reviews – correctness and understandability.
Web styling features of today and tomorrow, as seen at Google IO 2022, plus some extras.
How We Solved the Thundering Herd Problem
We have many merchants using our Disputes API, some in real-time in response to a webhook, and others on a daily schedule. That means our traffic is highly irregular and difficult to predict, which is why we try and use autoscaling and asynchronous processing where feasible.
books
Free eBook: Try Infrastructure as Code
This ebook is meant to be a step-by-step guide for you to learn how to use some of the most in-demand IaC tools that exist: Terraform, Ansible, Puppet (and Puppet Bolt), Chef, and Salt. Each tool is covered as mostly a stand-alone-project that focuses on deploying a simple Docker-based Python web application from Github.
newsletters
Would you like to become a sponsor and advertise in one of the issues? Check out our media kit and get in touch.