|
Sulla-Marius 88 posted:Does anybody have a good 'best practices' guide for npm security? i want to check out angular but i also remember the flatmap (flatstream?) fiasco a few months ago and i must suck at googling because i cant find a good, plain retrospective on how to offset npm's inherent security risks Jake Archibald's most recent blog post addresses the topic, but it's focus is on catching issues and mitigating threats. Bottom line is that there's still way more risk than there are ways to adequately address it. https://jakearchibald.com/2018/when-packages-go-bad/
|
# ¿ Dec 21, 2018 14:43 |
|
|
# ¿ May 21, 2024 05:29 |
|
If you don't want to roll your own styles, Bootstrap 4 is still a fantastic way to go assuming you don't mind your site looking bootstrappy to anyone in the know. They haven't removed their dependency on jQuery for their scripts, for whatever reason, but you can either leave the scripts out or accept the slightly larger payload.
|
# ¿ Feb 19, 2019 13:51 |
|
Vincent Valentine posted:Hey guys I just managed to forget how to open my Dev tools which I do hundreds of times a week to the point of it being pure muscle memory. Took about thirty seconds to get them open.
|
# ¿ Jan 28, 2020 07:12 |
|
I've had the bad luck of working with designers that were print media focused throughout much of their careers with only a vague grasp that the web is a whole different beast. They've also mysteriously been unable to recognize the need to maintain consistency when iterating on an established foundation. Like, I couldn't put together a particularly compelling design for the life of me, but I can at least recognize that consistent patterns throughout the application reduce cognitive load for the user (and, as an added bonus, are typically faster to develop). Small sample size, though, and each was open to well-meaning, constructive feedback. Just have to hope they find the time to explore what it means to design for the web a bit further.
|
# ¿ Feb 2, 2020 00:39 |
|
Stupid question. I've seen a lot of talk about the benefits of dynamic loading, but the examples used are almost always route-based. Is this just because this is the most obvious initial implementation or are there costs that I'm not seeing to going more granular? For example, I've got five weighty components that may or may not be present on the page at initial load. If I add a loading fallback and handle the error scenario in which they fail to load for any reason, is there anything else I should consider when deciding to make them dynamic imports?
|
# ¿ May 5, 2020 16:49 |
|
Had a coworker who pronounced www "dubdubdub", which I and my other coworkers never heard before and, coming from any other source, might have enthusiastically adopted for the sake of brevity. Problem was, the guy was a giant rear end and got fired for being such (well, plus being an outright bad front-end dev) and permanently set me against it. Also pronounced URL "Ural", which was mildly off-putting and my brain always first processed as the mountain range. Gods, that guy. Only one I know who, on being gently told in an early performance review that he needed improvement, but that the team was there for him along the way, angrily doubled- and tripled-down saying he had years of experience and knew exactly what he was doing.
|
# ¿ May 8, 2020 14:50 |
|
teen phone cutie posted:i dunno if this is a hot take or not, but I hate typescript enums. They don't work with intellisense and they feel pointless: TypeScript code:
|
# ¿ Oct 16, 2021 03:07 |
|
I've got a meddlesome problem that I'd love to solve with pure CSS to avoid the need for a janky JS implementation that would have to account for page resize, but a solution eludes me. Basically, I want an image to "fill" the height of a container that gets its height from the other items in it, plus have a specific aspect ratio (1:1; 3:2; etc.)HTML code:
The padding top/bottom trick doesn't work as it defines the height by the width, which is the opposite of what I need. Cugel the Clever fucked around with this message at 03:48 on Oct 17, 2021 |
# ¿ Oct 17, 2021 03:46 |
|
So I've solved at least the "fill" part of the equation with flex, but it's non-viable as it's treated as having no width, despite visually appearing to, resulting in the other items in the container potentially overlapping the image div... And it still doesn't work without aspect-ratio, regardless. Glitch sandbox and screenshot, if anyone's interested in a brain teaser and loving wonky browser flex/grid behavior:
|
# ¿ Oct 17, 2021 17:51 |
|
Marak Squires, developer of the popular Faker.js and Colors.js libraries, has apparently continued his downward spiral from allegedly setting his home on fire with possible bombmaking materials back in September to publishing breaking changes for both libraries with weird right-wing Aaron Schwartz conspiracy theories, cries of liberty, and American flags. GitHub and NPM have, understandably, banned him for this and removed the broken versions. Dude's clearly got some significant mental health issues and is going through a lot right now, so I hope someone will be able to get him the help he needs. Unfortunately, there look to be at least a few folks on social media confusing the above for "evil corporations stepping all over the independent open source developers!!" and trumpeting him striking against the system. There are real discussions to be had about things like supporting open source projects or even the risks of tech giants monopolizing major dev tooling, but hooboy is this incident ever not a rallying cry for that. JavaScript code:
|
# ¿ Jan 10, 2022 06:18 |
|
A rant: I'm having a tough time getting a firm idea for how mobile Web Views work and the documentation for both iOS and Android seems piss poor (or expects broader familiarity with mobile development, which I'm awfully lacking in). Basically, I need validate that the rendering engine used by the Web View component on our supported OS versions has a specific modern JS primitive available—if not, have to do some janky poo poo with a third party library with equivalent functionality (but is not a 1:1 polyfill). The understanding I've arrived at is that iOS Web View makes use of the device's version of Safari, which is pinned to the loving iOS release, for some reason. I guess it's the same on Safari for MacOS? We "officially" support Safari, but it has such low usage and we're so stretched thin we've never given it attention. On Android, meanwhile, it looks like Android 4.4+ Web View uses Chromium/Chrome on Android, such that it will stay evergreen assuming the user hasn't manually toggled off updates (or installed something that supplants the system web view with FF or something). So theoretically we can impose the burden of keeping up to date just like we do for our web browser support (last X versions of all evergreen browsers). Thing is, the above assessments aren't from any explicit documentation, just cleaned hodgepodge from miscellaneous, sometimes conflicting sources. I'll need to actually go in and validate the primitive is available before I have any degree of confidence.
|
# ¿ Jan 13, 2022 04:28 |
|
I've now lost my entire morning attempting to get an iOS 14 simulator installed through xcode. Fucker just stalls out ~66% and nothing I do resolves it.
|
# ¿ Jan 13, 2022 21:51 |
|
Thanks for the recs. Fifth attempt was the charm and, after being stalled for 30+ minutes at 66%, it finally started (slowly) moving. Maybe it would have done so the other times! Either way, it's utterly mind-boggling to me... is it expected that simulator install takes over an hour with no meaningful user feedback??? Why does the install max out my fans?? Android simulator installations take ten minutes, tops. This, plus other arcane and poorly documented nonsense, has turned a task that should have taken at most a couple hours into a multiday epic of frustration that I'm still not 100% sure on. While I'm sure that mobile devs experience the same frustration of not knowing the little things that are essential for productive development when trying to get something done on the web, it doesn't make it any less excruciating. Siguy posted:Now doing the thing I’ve avoided for years: learning Webpack.
|
# ¿ Jan 14, 2022 07:07 |
|
fuf posted:then typescript complains when I reference post.tags because the Post type created by Prisma doesn't have a "tags" property.
|
# ¿ Mar 9, 2024 18:39 |
|
|
# ¿ May 21, 2024 05:29 |
|
fuf posted:After playing around a bit more, it looks like I can actually reference preset.tags in the same component as the prisma call, because like you say prisma is composing the right type based on what I've asked for. The issue comes when I try to pass the preset to a child component and reference its tags in there
|
# ¿ Mar 9, 2024 21:01 |