Weekly Web Share #2

Weekly Web Share #2

NPM security issues, CDN abuse and more

Discoveries

1. ๐Ÿ’ฅDependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies

Alex Brisan found severe security issues in multiple package managers and coined the term "dependency confusion" for them. This is truly a bomb.

Read more

2. Should you use CDN for libraries?

image.png

As browsers have modified behavior and partitioning cache, shared cache is no longer a strength when weighing CDN vs. package installation.

Why not use CDN?

3. Integrating Serverless Functions with Redis

image.png

This is useful if you are using serverless functions.

Check out

This site also provides some other guides on cloud functions.

4. Using emoji as Git commit type, yay or nay?

image.png

I stumbled upon some Github repos that use emoji as the git commit type. It's clearer than just using fix, refactor etc. when skimming a list of commits, as long as the convention is made clear inside the team. Just as I was about to applaud๐Ÿ‘๐Ÿผ๐Ÿ‘๐Ÿผ๐Ÿ‘๐Ÿผ, I ๐Ÿ‘€ this author uses commit messages as tips to remind him/her what the icon represents. Well, what do you think?

Generally, I follow the commit guidelines proposed by Angularjs in my personal projects.

Angular's standard

Tools

1. Flexbox cheatsheet

Flexbox's learning curve is steep and many rookies have been struggling with it. Personally when I started learning it, CSS tricks's cheatsheet helped a lot in clarifying the concepts. It's been non-stoppingly updating ever since, now it also includes some useful information like polyfills and bug trackings. It also has a similar guide for CSS grid.

2. Compare NPM packages

image.png

When you can't decide on which package to use among serveral similar ones, this site may be helpful.

Play with it

Some rights reserved
Except where otherwise noted, content on this page is licensed under a Creative Commons Attribution-NonCommercial 4.0 International license.