You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I tried the WSL and it isn't quite seamless enough for me. I ran in to problems when editing in VSCode and having watchers on my files (ng serve, dotnet watch run, etc.). In addition, I kept running in to problems that only manifest themselves when running in WSL. For example, this issue with doing production builds and the terser plugin has made many a developer rage-quit on using WSL. Just figuring out that it was an issue with the WSL took a lot of time.
That terser plugin issue was never resolved and I ended up having to keep a git bash window open in addition to my WSL console window so I could do production builds. To make matters worse, my npm packages were platform-dependent so I couldn't use the same project folder. So, my procedure was: commit whatever changes to test branch, push to repo, git pull on my "windows" project folder, and do a production build there
Not all random values are created equal - for security-related code, you need a specific kind of random value.
A summary of this article, if you don't want to read the entire thing:
Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.