Rule of Tech

technology shall have no dominion

Year: 2022

  • Override nested NPM dependency versions

    Sometimes your JavaScript project’s dependency contains a library which has a vulnerability and you’re left with a question how to solve the issue. If the nested dependency (with vulnerability) is already fixed but the main dependency isn’t, you can use overrides field of package.json as explained in StackOverflow answer. You’ll need a recently new version…

  • Using CASL and roles with persisted permissions

    Using CASL and roles with persisted permissions

    How do you implement user groups, roles and permissions in a multitenant environment where you have multiple organizations using the same application and each have own users and groups and roles? There are different approaches to the issue and one is to implement Attributes-based access control (ABAC) in addition with roles (RBAC).… Jatka lukemista →

  • Short notes on tech 15/2022

    Week 15 of 2022 Before leaving for a short Easter holiday here are some links to go through. Security Top10 CI/CD Security Risks Automagically Auditing GitHub (Actions) Security using OpenSSF Scorecards “How to use the OpenSSF Scorecards GitHub Action to audit your GitHub and GitHub Actions configuration, and a breakdown of some of the issues…

  • Short notes on tech 13/2022

    Learning Personal Goal Setting Playbook“Setting personal goals can be used in many contexts to help people achieve tasks, objectives or improvements of any kind, big or small.” Design A Designer’s Guide to Documenting Accessibility & User Interactions Understanding Figma’s interactive components feature (from WDRL) Backend How to design better APIs15 language-agnostic, actionable tips on REST…

  • Learning secure code by identifying vulnerable code and solutions

    Learning secure code by identifying vulnerable code and solutions

    The DevOps Conference was held this week and on the Expo there were companies showing their services. One of those was Secure Code Warrior which provides a learning platform for teaching developers the skills they need to produce secure code. Last year I wrote about their bootcamp but now it was time to participate in…

  • Short notes on tech 10/2022

    Week 10 of 2022 Web development The State of JavaScript 2021 Survey Results“69% use TypeScript; React held the top spot for 6 years; Vue.js is on track to overtake Angular as the second place framework; 2021 has been the year of Vite with 98% satisfaction.” (from WDW) The baseline for web development in 2022“Now that…

  • Short notes on tech 7/2022

    Short notes on tech, week 7 of 2022 Software development Frontend Predictions for 2022The return of micro-frontends, functional JavaScript & the death of Jamstack as we know it. (from Web Design Weekly) Cloud AWS Elastic Kubernetes Service (EKS) Review“If you are considering going with EKS, understand you are going to need to spend a lot…

  • Short notes on tech 5/2022

    Software development How to tame the devDependencies of your project?tl;dr; Use mrm. trpc“tRPC allows you to easily build & consume fully typesafe APIs, without schemas or code generation.” Cypress vs Selenium vs Playwright vs Puppeteer speed comparisontl;dr; Playwright is faster vs. Cypress. There’s a good thread of Playwright vs.… Jatka lukemista →

  • Short notes on tech 2/2022

    Week 2 of 2022 JavaScript for impatient programmers“This book makes JavaScript less challenging to learn for newcomers, by offering a modern view that is as consistent as possible.” Software architecture patternsTake a deep dive into several common software architecture patterns. Checklist DesignA collection of the best design practices.… Jatka lukemista →