sverweij

# the grep --invert-match to prevent deletion of branches you'd want to keep no matter what
git branch | grep LCM | grep --invert-match master | sed s/^/git\ branch\ -D/g | sh

sverweij

• in your npmjs account set the publishing access to "Require two-factor authentication or an automation or granular access token" (with just two-factor auth publishing will bork).
• in your npmjs account create an automation token (or a 'finegrained' one) and remember the key to paste ...
• under your repo's settings -> secrets and variables -> actions add an NPM_TOKEN and paste the key from your npmjs account in it
• add below workflow files to .github/workflows
• the setup uses npm clean-install (= npm ci) so it needs a package-lock.json
  • change .npmrc so it allows for package locks
  • ensure .gitignore doesn't contain a line for package-locks
  • run npm i to generate the package lock
• commit & push the shebang
• on GitHub create a release (or prerelease)

sverweij

Fixing a security problem: Polynomial regular expression used on uncontrolled data

Using cookies as an attack vector on your server

You have a cookie that stores a client's session id. To validate the session you probably need to check it against a server. An attacker might exploit this. E.g. with the big list of naughty strings [^0], or with a big string crafted for the occasion.

We're going to look at one such example and try to find a way to prevent these attacks

sverweij

{SAFe} ∩ {Agile} = ∅

sverweij

# This is Git's per-user configuration file.
[user]
    name = redacted
    email = redacted@users.noreply.github.com
    signingkey = REDACTED3REDACTE
[credential]
    helper = osxkeychain
[format]
    pretty = %Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset
[alias]

sverweij

What do we want?

• Exactly the same build on all environment, so we can just promote instead of rebuild each time.
• Preferably source maps because debugging on test might be useful.
• No source maps on production, though.

Proposal

• Always generate source maps, but as hidden

sverweij

What's this?

A dependency-cruiser reporter plugin to calculate Robert C. Martin's dependency metrics with dependency-cruiser.

How do I run it?

• copy depcruise-config-force-dependents.js and metrics-reporter-plugin.js to the working directory
• run this:

sverweij

create a GPG keypair

gpg --full-generate-key

And follow the instructions. For e-mail address us the yourusername@users.noreply.github.com from your github profile

Create an 'armor' text to paste in github profile

sverweij

// bookmarklettalize with e.g. https://chimurai.github.io/bookmarklet/
/* global document */
/* eslint-disable no-console, unicorn/prevent-abbreviations, security/detect-object-injection */
function htmlCollectionToArray(pElementArray) {
  let lReturnValue = [];
 
  for (let lElement of pElementArray) lReturnValue.push(lElement);
 
  return lReturnValue;
}

sverweij

defaults delete com.apple.systempreferences AttentionPrefBundleIDs

Where I'm fast with upgrading most software I tend to wait out with major OSX upgrades till the kinks get ironed out. So today I set my machine to upgrade itself (took a few hours likely) and after logging on preference panel had a little nag icon. Apple apparently wants me to sign into their 'iCloud' offering. As I only use my laptop for writing code and making music (and an occasional youtube bing) I don't see the added value. I'm glad I took this long to upgrade because now there's all kinds of answers to fix it: