Category Archives: JavaScript

Yarn: A new package manager for JavaScript

Facebook fixes several problems with npm; will yarn become the new standard, will npm make changes, or will developers not care?

 

We’ve used the npm client successfully at Facebook for years, but as the size of our codebase and the number of engineers grew, we ran into problems with consistency, security, and performance. After trying to solve for each issue as it came up, we set out to build a new solution to help us manage our dependencies more reliably. The product of that work is called Yarn — a fast, reliable, and secure alternative npm client.

Read more at Facebook Code

The target=”_blank” phishing attack vector

If you use target=”_blank” you need to also use rel=”noopener noreferrer”

 

Ben Halpern writes:

If you use the target=”_blank” attribute on a link, and do not accompany it with a rel=”noopener” attribute, you are leaving your users open to a very simple phishing attack.

When a website uses target=”_blank” on their links in order to open a new tab or window, that website gives the new page access to the existing window through the window.opener API, allowing it a few permissions. Some of these permissions are automatically negated by cross-domain restrictions, but window.location is fair game.

In order to restrict the behavior window.opener access, the original page needs to add a rel=”noopener” attribute to any link that has target=”_blank”. However, Firefox does not support that tag, so you should actually use rel=”noopener noreferrer” for full coverage. Some amount of prevention can be acheived through scripting, though, as observed with Twitter, this seems to fail on Safari.

Read more from The Practical Developer

What are Unit Testing, Integration Testing and Functional Testing?

Test units of code, pieces together, or the full-fledged application

 

Finding your way around the maze that is JavaScript testing can sometimes be difficult. There are unit tests, integration tests, functional tests, E2E tests, browser tests… With so many buzzwords, who knows what they do and which one to use, what for, and when?

To help with that problem, in this article I’ll give you a guide comparing the different kinds of testing types available, and some recommendations for their use.

Read the article at codeutopia.net

Previewing ES6 Modules and more from ES2015, ES2016 and beyond

MS Edge adds ES6 features including import and export

 

Most of ES2015 (aka ES6) language support is already available in Edge, and last week’s Windows Insider Preview build 14342 brings more ES6 capabilities including modules, default parameters, and destructuring. We’re not stopping there – Edge also supports all ES2016 (aka ES7) proposals – the exponentiation operator and Array.prototype.includes – as well as future ECMAScript proposals such as Async Functions and utility methods like Object.values/entries and String.prototype.padStart/padEnd.

Read more from the source: Microsoft Edge Dev Blog