Sander Verweij sverweij

- Use yarn to avoid accidentally running code from un-installed packages
sh-3.2$ npx tsc --init

                                                                               
                This is not the tsc command you are looking for                
                                                                               

To get access to the TypeScript compiler, tsc, from the command line either:

for the package in your npmjs account set the publishing access to "Require two-factor authentication or an automation or granular access token" (with just two-factor auth publishing will bork).
in your npmjs account create an automation token (or a 'finegrained' one) and remember the key to paste ...
under your repo's settings -> secrets and variables -> actions add an NPM_TOKEN and paste the key from your npmjs account in it
add below workflow files to .github/workflows
the setup uses npm clean-install (= npm ci) so it needs a package-lock.json
- change .npmrc so it allows for package locks
- ensure .gitignore doesn't contain a line for package-locks
- run npm i to generate the package lock
commit & push the shebang
on GitHub create a release (or prerelease)

Fixing a security problem: Polynomial regular expression used on uncontrolled data

Using cookies as an attack vector on your server

You have a cookie that stores a client's session id. To validate the session you probably need to check it against a server. An attacker might exploit this. E.g. with the big list of naughty strings [^0], or with a big string crafted for the occasion.

We're going to look at one such example and try to find a way to prevent these attacks

What do we want?

Exactly the same build on all environment, so we can just promote instead of rebuild each time.
Preferably source maps because debugging on test might be useful.
No source maps on production, though.

Proposal

Always generate source maps, but as hidden

What's this?

A dependency-cruiser reporter plugin to calculate Robert C. Martin's dependency metrics with dependency-cruiser.

How do I run it?

copy depcruise-config-force-dependents.js and metrics-reporter-plugin.js to the working directory
run this:

	UUID - canonical, base16 format;UUID - compact, base64 format
	298f5a8e-fa69-45d6-bae5-2171e7203903;KY9ajvppRda65SFx5yA5Aw
	8613ce49-8f78-4a3a-86f8-bc4f36d6f999;hhPOSY94SjqG-LxPNtb5mQ
	fea5edc6-15ab-4f31-9493-b1a2ae6febf4;_qXtxhWrTzGUk7Girm_r9A
	988a42fe-4126-49fd-b176-8e72328f81d5;mIpC_kEmSf2xdo5yMo-B1Q
	90293ab9-b554-4ea2-8fc1-5fcb043e9e1e;kCk6ubVUTqKPwV_LBD6eHg
	501e3cc8-f4b5-483c-ad0d-e671213e5cc2;UB48yPS1SDytDeZxIT5cwg
	bfc37ad4-da42-4e03-996a-f4d227eafaa9;v8N61NpCTgOZavTSJ-r6qQ
	10a7b0db-944e-4dfe-a2bd-9325a82f7939;EKew25ROTf6ivZMlqC95OQ
	10cc9c3e-119b-42e4-9e1a-1300d6ef909f;EMycPhGbQuSeGhMA1u-Qnw

	#!/bin/bash
	set -e

	RANDOMNAME=$(mktemp).html \|\| exit 1
	cat /dev/stdin > $RANDOMNAME
	open $RANDOMNAME

	# to open with an other browser (or program) replace the above line with
	# something like ...
	# open -a safari $RANDOMNAME

	# This is Git's per-user configuration file.
	[user]
	name = redacted
	email = [email protected]
	signingkey = REDACTED3REDACTE
	[credential]
	helper = osxkeychain
	[format]
	pretty = %Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset
	[alias]

	# the grep --invert-match to prevent deletion of branches you'd want to keep no matter what
	git branch \| grep --invert-match master \| sed s/^/git\ branch\ -D/g \| sh