No matter how much you trust in the npmjs package registry in general and in packages you are using in particular, Bad Things™ always happen. They happen to the best of us. Even a small Node.js project may have thousands of dependencies, which makes it virtually impossible for a developer to monitor and audit them all.
An NPM package has two main ways to harm you: the first one is when you install it, and the second one is when you actually use it. The first way is possible because of the so-called “lifecycle scripts” run by npm. And even though one of the earliest attacks exploiting lifecycle scripts dates back to 2017, developers still do not take measures to protect their data.
This post explains how to protect sensitive information (such as authentication tokens) when running CI builds.
Because large queries can hurt site performance, WordPress caps per_page REST parameter at 100 records. However, there are situations when you need to override this value. Luckily, this is easy to do, and this post explains how to do that.
When experimenting with Docker Swarm, I decided to set up five more nodes on my local computer. I used Alpine images in the LXC, and tried to use Docker in them. Although docker stared successfully, it was impossible to deploy any services to Alpine nodes, deployment failed with “cgroups: cannot find cgroup mount destination: unknown” error message.
Because I dislike when something that should work, does not work the way I expect it to work, I decided to dig deeper and try to fix the problem.
When I tried to use unistore instead of redux in one of my pet projects, I discovered that its TypeScript typings are not very accurate. In this post I try to come up with better typings for unistore’s connect() function.
There may be a situation where you need to mock methods or properties on window.location in Jest. However, because of peculiarities of jsdom, this could be challenging. In this post there is one of the possible solutions to this problem.
When using sass-loader 8.0.0 with preact-cli 3.0.0-next.19, preact build fails with an error: Invalid options object. Sass Loader has been initialised using an options object that does not match the API schema. options has an unknown property ‘includePaths’. Quick fix: use sass-loader 7.3.1.