Skip to content

Instantly share code, notes, and snippets.

View exogen's full-sized avatar

Brian Beck exogen

148 followers · 28 following
View GitHub Profile
@exogen
exogen / diff-create-react-app.sh
Last active November 22, 2017 03:19
Show divergence from create-react-app as a diff.
#!/usr/bin/env bash
#
# Determine divergence from create-react-app!
# Use this if you've ejected from create-react-app and want to see how its
# latest output would differ in key areas (package.json, config, scripts).
#
# - Assumes you can run create-react-app, so make sure it's installed.
# - Only shows files you've modified or removed from create-react-app.
# - Runs $FORMAT_COMMAND below on the create-react-app directory so formatting
# differences don't show up. Use something like Prettier, eslint --fix, etc.
@joepie91
joepie91 / random.md
Last active May 11, 2024 10:28
Secure random values (in Node.js)

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

@exogen
exogen / script.js
Last active October 8, 2015 21:49
Correct atomic-callback-on-execute async script loading
/**
* Script loading is difficult thanks to IE. We need callbacks to fire
* immediately following the script's execution, with no other scripts
* running in between. If other scripts on the page are able to run
* between our script and its callback, bad things can happen, such as
* `jQuery.noConflict` not being called in time, resulting in plugins
* latching onto our version of jQuery, etc.
*
* For IE<10 we use a relatively well-documented 'preloading' strategy,
* which ensures that the script is ready to execute *before* appending
@exogen
exogen / play
Last active August 29, 2015 14:13
Instantly play the first result from YouTube
#!/bin/bash
# Usage: play bizarre love triangle
# Arguments are joined so no quotes are needed.
# NOTE: $TMPDIR (on Mac at least) already ends in a slash.
youtube-dl --default-search "ytsearch" \
--restrict-filenames \
--output "${TMPDIR:-/tmp/}%(title)s-%(id)s.%(ext)s" \
--exec afplay "$*"
@exogen
exogen / watch
Created September 15, 2011 23:22
Generic file watcher script.
#!/bin/bash
#
# Author: Brian Beck <exogen@gmail.com>
# Usage: watch PATH COMMAND...
#
# This script watches PATH and runs COMMAND whenever PATH or a descendent
# of PATH is modified. COMMAND is everything after the first argument.
#
# If PATH is "-", then the list of paths comes from standard input.
#