Javascript

As mentioned in my previous post, I’m reading JavaScript for the Impatient. Something I really like about it is that the author, Cay S. Horstmann is opinionated. Technical books need to have a point of view. If you disagree with it, fine. You can take another path but part of the value of reading a technical book is to understand better ways to do it and that is almost always an opinion.

As I’ve been experimenting with Svelte, I wanted to hone my JavaScript skills. I’ve done some development in the past but it’s been a while and things have changed. I did some research to figure out what might be a good resource and ended up reading Modern JavaScript for the Impatient to get back up to speed. As it says on the tin, it’s all about modern JavaScript and skips much of the old and weird stuff that you really don’t need to know in favor of getting to the point for developers who know other languages.

I went through the rest of the Svelte tutorial to understand the basics. It’s a nicely structured tutorial and I was able to get the gist of the major features of Svelte by going through it. Svelte has a lot of power and the compilation process makes it simpler to deal with than some of the other modern frameworks. The proof is in the pudding though and I’ll need to actually build something to see how it all fits together.

The next interesting bit about Svelte is the reactive functions. Often code needs to do something in response to a variable change. Svelte makes that easy by automatically rendering the view when a variable is reassigned on the next browser paint. That’s nice but sometimes you need to react to a variable change inside of the script before it gets rendered. For example, if you need to get new data from the backend on the change of a variable.

I’ve been doing some more digging on Svelte and have learned some interesting stuff. A basic thing is the way that Svelte just uses {brackets} to demarcate dynamic content. Everything that is inside the brackets is just JavaScript. Another very basic thing is how the control flow works. It’s very much as expected and supports {if} with multiple {:else if} branches all closed with a final {/if} as well as {#each} for iterating through a list.

Yet Another JavaScript Framework has caught my attention. This time, it’s Svelte. I don’t build web pages often, but it’s good to know how to use a framework to be able to build the simple stuff I do. I’ve experimented a bit with the mainstream ones (Vue and React) but they are a little much. I need something simple and it looks like Svelte fits the bill. I heard of Svelte in a newsletter from The Economist where they described how they produce some of their interactive web presentations and mentioned the Svelte framework (among a few other things).

Since I just completed Developing Secure Software and got my certificate, I’ve been paying more attention to the security aspects of the process of developing software. This article about npm and PyPi security caught my eye. The article describes a paper that evaluates the security practices for these widely used software repositories and finds them lacking. They do follow many of the best practices but fall short on some others. The number of packages that were found to have vulnerable patterns is less than 1%, but that doesn’t help you if you use one and get attacked.