惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recorded Future
Recorded Future
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
WordPress大学
WordPress大学
博客园 - 聂微东
L
LINUX DO - 最新话题
月光博客
月光博客
小众软件
小众软件
T
Troy Hunt's Blog
A
Arctic Wolf
量子位
I
Intezer
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
Schneier on Security
Schneier on Security
Schneier on Security
NISL@THU
NISL@THU
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园_首页
有赞技术团队
有赞技术团队
N
News and Events Feed by Topic
美团技术团队
The Cloudflare Blog
P
Privacy International News Feed
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
N
News | PayPal Newsroom
Apple Machine Learning Research
Apple Machine Learning Research
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
Application and Cybersecurity Blog
Application and Cybersecurity Blog
IT之家
IT之家
Hacker News: Ask HN
Hacker News: Ask HN
雷峰网
雷峰网

ashishb.net

A day in Luxembourg - the richest country in the world I was asked to install malware during a fake interview Book summary: Breakneck - China's quest to engineer the future by Dan Wang Book summary: How to Teach Your Baby to Read Book Summary: The Discontented Little Baby Book by Pamela Douglas Introducing Amazing Sandbox - run third-party tools and AI agents securely on your machine Why software outsourcing gets a bad reputation? Book summary: The Natural Baby Sleep Solution by Polly Moore A day in Antwerp, Belgium Journey of online influencers Two days in Brussels, Belgium Shortcuts - when we love them and when we don't A visit to Rakhigarhi Three days in overhyped Paris Empty Japan, crowded Tokyo The real lock-in in GitHub is not the code, but the stars 11-day Norwegian Breakaway East Caribbean cruise Sanskrit and Sri Lankan Air Force Use REST with Open API The Achilles heel of American capitalism Costa Rica in 4 days At a juice stall in Sri Lanka A short stay at Warsaw, Poland Best practices for using Python & uv inside Docker Two days in Vilnius, Lithuania How IntelliJ IDEs waste disk space Pregnancy Why there aren't many digital nomads from India Two days in Riga, Latvia To keep your machine secure, run third-party tools inside Docker Family Ties in Your DNA: Some relatives are closer than others Doctors per capita Two days in Tallinn, Estonia Ship tools as standalone static binaries Made in America Two days in Helsinki, Finland Maintaining an Android app is a lot of work The land of good deals Two days in Oslo, Norway FastAPI vs Flask performance comparison Google Search is losing to Perplexity Two days in Dublin, Ireland Continuous integration ≠ Continuous delivery World's simplest project success heuristic London in 5 days It is hard to recommend Python in production Inflation, IRS, Credit cards, and Vendors Temu and the Chinese approach Things to do in Miami Florida Revenue vs Cost Axis Language learning as an adult The unanchored babies of the green card limbo Price variance in the United States A day in Louisville, Kentucky A surprisingly positive experience with Air India Unhospitable Airports Android: Don't use stale views USA = Union of Sales and Advertisement A day in Nashville, Tennessee A day in Birmingham, Alabama In defense of ad-supported products Real vs artificial world The science behind Punjabi singers Hiking Mt. Fuji The Indian startup bubble is insane Repairing database on the fly for millions of users Book Summary: One up on Wall Street by Peter Lynch It is hard to recommend Google Cloud At the Prague airport Kyoto in three days Migrating from WordPress to Hugo Book summary: Sick Societies by Robert B. Edgerton Statistical outcomes require statistical games Illegal immigrants to Europe via Cairo Tokyo in three days Mobs are Status Games Writing Script matters as much as the spoken language Sri Lanka in 5 days LLMs: great for business but bad business Book Summary: Safe Haven by Mark Spitznagel Mac shortcut for typing Avagraha symbol On a bus with an asylum seeker Nicaragua in 5 days When to commit Generated code to version control Why I always buy a local SIM in a foreign country Use Makefile for Android Four days in Guadalajara, Mexico Android Navigation: Up vs Back Hotels vs Airbnb vs Hostels Currency issues in Argentina Abstractions should be deep not wide Some data on podcasting Always support compressed response in an API service A day in El Calafate - Patagonia, Argentina Hermetic docker images with Hugging Face machine learning models American Elections The sound of "ch" API services should always have usage Limits Hiking in El Chaltén - trekking capital of Argentina Natural Laws vs Man-made Laws
Minimize Javascript in your codebase
Ashish Bhatia · 2024-11-24 · via ashishb.net

Javascript isn’t a language. It is just a specification. Well, that’s true for many other languages like Python and Java. However, most languages have just one de facto implementation. For example, CPython for Python. Java has two major ones - Oracle’s JDK and Google’s Android Java. That’s not true for Javascript though.

  1. Different implementations - All browsers have slightly different implementations of Javascript. To cover the gaps there are magical libraries called Polyfills. Of course, that doesn’t help with the issue of server-side vs client-side Javascript. All the libraries are on npmjs.com, and it is for you to guess which one works and the subtle differences due to security restrictions that are imposed on browser-side JS.
  2. No built-in libraries (batteries) - Unlike Java, Go, Python, etc. Javascript ships with no batteries included. So, even for simple tasks like padding, there are third-party libraries. The idea that these libraries are not buggy or have security issues is preposterous. While all projects depend on third-party libraries, Javascript takes it to the next level due to a lack of batteries.
  3. Server-side Javascript - Node.js’s founder has moved to Deno. But Deno support is still poor across libraries. You will start with Node.js in 2024 and will be forced to migrate in a few years once everyone moves to Deno. This reminds me of Python of 2015-20 era. Python 2 was deprecated but Python 3 support was poor. You would write code in Python 2 despite knowing its limited shelf-life.
  4. Single backend frontend codebase - Well, good luck with that. God forbid if your engineer is lost where the backend Javascript code ends and the frontend begins leading to leaks of Database credentials.
  5. Typescript - Kotlin is better than Java. I have heard that Swift is better than Objective-C. TypeScript isn’t better than Javascript though primarily because it is a superset of Javascript. It is better than Javascript but not the magic bullet. Further, your gazillion poor-quality Node.js dependencies might still be written in Javascript.
  6. React - React is the most popular framework. Vue, however, is a better framework that neatly separates Javascript, CSS, and HTML into three separate sections of the same component definition file. React, on the other hand, prefers a multi-indented hideous JSX syntax. I can’t imagine why someone feels that HTML embedded inside Javascript is superior. Further, Vue has batteries like redux, etc. built into it.

While Javascript is unavoidable, here’s how I think one should try to limit its spread.

  1. No Javascript for the backend codebases - My preference is Go but even Python is more maintainable.
  2. No React Native for mobile
  3. Use Typescript
  4. And if you can, avoid React. Vue is much superior but about one-fifth of the market share of React.
  5. Run npm and yarn inside docker using Amazing Sandbox to ensure safety from supply chain attacks.