TypeScript, Security, and Type Juggling with Ariel Shulman & Liran Tal - JSJ 679
JavaScript Jabber29 Touko

TypeScript, Security, and Type Juggling with Ariel Shulman & Liran Tal - JSJ 679

In this episode, we dove headfirst into the swirling waters of TypeScript, its real-world use cases, and where it starts to fall short—especially when it comes to security. Joining us from sunny Tel Aviv (and a slightly cooler Portland), we had the brilliant Ariel Shulman and security advocate Liran Tal bring the heat on everything from type safety to runtime vulnerabilities.


We started off with a friendly debate: Has TypeScript really taken over the world? Our verdict? Pretty much. Whether it’s starter projects, enterprise codebases, or AI-generated snippets, TypeScript has become the de facto standard. But as we quickly found out, that doesn’t mean it’s perfect.


Key Takeaways:
-TypeScript ≠ Security
We tend to trust TypeScript a bit too much. It’s a build-time tool, not a runtime enforcer. As Liran pointed out, “TypeScript is not a security tool,” and treating it like one leads to dangerous assumptions.
-Type Juggling is Real (and Sneaky)
We explored how something as innocent as using as string on request data can open the door to vulnerabilities like HTTP parameter pollution and prototype pollution. Just because your IDE is happy doesn’t mean your runtime is.
-Enter Zod – Runtime Type Checking to the Rescue?
Zod got some love for bridging the dev-time/runtime gap by validating data on the fly and inferring TypeScript types. But even Zod isn’t foolproof. For example, unless you're using .strict(), extra fields can sneak past your validations, leading to mass assignment bugs.
-Common Developer Fallacies
We discussed the misplaced confidence developers have in things like code coverage and TypeScript alone. One of the big takeaways: defense in depth matters. Just like testing, layering your security practices (like using Zod, type guards, and proper sanitization) is key.
-TypeScript Best Practices Are Evolving
From discriminated unions to avoiding any, from using Maps over plain objects to prevent prototype pollution—TypeScript developers are adapting. And tools like modern Node.js now support type stripping, which makes working with .ts files at runtime a bit easier.


Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Jaksot(734)

What has Changed with htmx 2.0 with Carson Gross - JSJ 604

What has Changed with htmx 2.0 with Carson Gross - JSJ 604

Carson Gross returns to the show to talk about htmx 2.0. He begins by explaining what's new with htmx, its interesting features, the services it offers to its users, misconceptions about it, and many more! Moreover, he talks about his book, "Hypermedia Systems," and discusses what it is about. SponsorsChuck's Resume TemplateMiroBecome a Top 1% Dev with a Top End Devs MembershipLinksHypermedia SystemsSocialsCarson GrossPicksCarson - UnpolyCarson - Alpine.jsCharles - Dungeon and DragonsCharles - Traeger GrillsDan - JavaScript JabberSupport this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

24 Loka 20231h 21min

Harnessing Module Federation and Micro Front-Ends in JavaScript Development - JSJ 603

Harnessing Module Federation and Micro Front-Ends in JavaScript Development - JSJ 603

Vitor Alencar is a technical lead, speaker, and creator. He joins the show to talk about module federation, its benefits, and how it works. Additionally, they dive into an insightful discussion on micro-front ends, the exciting evolution of front-end development, simplifying the adoption of new frameworks, and much more!SponsorsChuck's Resume Template Raygun - Application Monitoring For Web & Mobile AppsBecome a Top 1% Dev with a Top End Devs MembershipSocialsLinkedIn: Vitor AlencarVitor AlencarTwitter: @VitorMalencarPicksAJ - Spawn WaveAJ - Suzanne Venker (Be Counter-Cultural)AJ - Alison Armstrong (The Queen's Code)Steve - First pig-to-human heart transplantationSteve - What are passkeys? Everything you need to know about the death of passwordsVitor - The Creative Act: A Way of BeingVitor - The Stoic MindSupport this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

17 Loka 202357min

View Transitions API with Noam Rosenthal - JSJ 602

View Transitions API with Noam Rosenthal - JSJ 602

Noam Rosenthal is a Web platform engineer. They dive into the importance of standards in API behavior for browsers. Noam shares insights on the need for consistency in implementing standards across different programming languages and developers. They also discuss the balancing act between working on standards and collaborating with developers inside and outside of Google. Additionally, they cover some interesting topics like the fascination with the "bun" technology, the challenges of implementing transitions in web development, and the impact of licensing changes on open-source projects. SponsorsChuck's Resume Template Developer Book Club Become a Top 1% Dev with a Top End Devs MembershipPicksAJ - Gran TurismoAJ - Suzanne VenkerAJ - Alison Armstrong (The Queen's Code)Dan - UnityDan - Ongoing war in UkraineNoam - State of UtahSteve- Spy Ops (TV Series 2023Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

10 Loka 20231h 26min

Accessibility in Component Libraries with Maya Shavin - JSJ 601

Accessibility in Component Libraries with Maya Shavin - JSJ 601

Maya Shavin is a Senior Software Engineer at Microsoft. She joins the show to talk about accessibility in component libraries for developers. They talk about choosing component libraries when creating projects, the current state of component libraries, determining good accessibility levels, and many more!SponsorsChuck's Resume Template Raygun - Application Monitoring For Web & Mobile AppsBecome a Top 1% Dev with a Top End Devs MembershipSocialsLinkedIn: Maya ShavinTwitter: @MayaShavinPicksCharles - Risk Legacy | Board GameSupport this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

3 Loka 20231h 16min

Unraveling the CSS Revolution, Podcast Growth Tactics, and More - JSJ 600

Unraveling the CSS Revolution, Podcast Growth Tactics, and More - JSJ 600

Robbie Wagner and Charles Carpenter from "Whiskey Web and Whatnot" join this week's episode, featuring some exciting updates in the world of web development. CSS enthusiasts will be thrilled to hear about the introduction of container queries and anchor positioning, which offer new possibilities for dynamic and responsive layouts. They also dive into the latest trends in podcasting, including the power of live streaming and the growing importance of video content. SponsorsChuck's Resume Template Developer Book Club Become a Top 1% Dev with a Top End Devs MembershipLinksWhiskey Web and WhatnotSocialsLinkedIn: Robbie WagnerTwitter: robbiecoreTwitter: @CharlesWthe3rdPicksCharles Carpenter - ILCE-7M3/ILCE-7M3KCharles Wood - Canvas | Board GameDan - Front Conference ZurichRobbie - BARRELL WHISKEYSupport this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

26 Syys 20231h 21min

Redwood JS in Action with Tom Preston-Werner - JSJ 599

Redwood JS in Action with Tom Preston-Werner - JSJ 599

Tom Preston-Werner is the Cofounder at Preston-Werner Ventures. They dive into the world of React, Redwood JS, and the evolving landscape of JavaScript development. They discuss the importance of keeping up with the JavaScript world, the benefits of learning SQL, and the challenges of using ORMs. They also explore the upcoming Redwood JS conference, the future of React Server Components, and the motivations behind building open-source projects. SponsorsChuck's Resume Template Raygun - Application Monitoring For Web & Mobile AppsBecome a Top 1% Dev with a Top End Devs MembershipLinksRedwoodJS: The App Framework for Startups | RedwoodJS.comRedwoodJS ConferenceChatterbug SocialsLinkedIn: Tom Preston-WernerTom Preston-Werner PicksAJ - "If you enjoy switching between feeling like the smartest person on earth and the dumbest person in history all in the same day, programming may be the career for you!" - https://redwoodjs.com/docs/tutorial/intermissionAJ - SemVerAJ - Suzanna Venker (be countercultural)AJ - Amazon FBA Honest ResultsCharles - Risk Legacy | Board GameCharles - Wednesday (TV Series 2022Dan - The Peacemaker (1997)Dan - The Faithful and the Fallen Series by John GwynneSteve - The Spy (TV Mini Series 2019)Tom - Monopoly Deal Card GameSupport this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

19 Syys 20231h 32min

Exploring the True Measure of User Experience: Core Web Vitals & Beyond - JSJ 598

Exploring the True Measure of User Experience: Core Web Vitals & Beyond - JSJ 598

Barry Pollard is the Web Performance Developer Advocate on Google Chrome. They dive into the world of website performance metrics and the complexities surrounding them. From the confusion around reliability to the impact of front-end optimization, they explore it all. They discuss the importance of Core Web Vitals, the influence of user location and device speed, and the challenges in presenting aggregated information about website performance. They also touch on the ongoing debate between front-end and back-end optimization, as well as the current state of website scores and metrics. SponsorsChuck's Resume Template Developer Book Club Become a Top 1% Dev with a Top End Devs MembershipSocialsLinkedIn: Barry Pollard PicksBarry - HolidaysDan - Silicon Valley (TV Series 2014–2019)Dan - War in UkraineDan - Fight for Democracy in IsraelCharles - Women's World CupCharles - The Crew: Mission Deep Sea | Board GameSupport this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

12 Syys 20231h 31min

What if your JavaScript Validations Looked like Tests? - JSJ 597

What if your JavaScript Validations Looked like Tests? - JSJ 597

Evyatar Alush is a Frontend Engineer at Meta. He joins the show to talk about Vest. It is a declarative validation framework. He begins by explaining Vest, how it works, its features, what it can offer to the users, the future of validations on the web, and many more!SponsorsChuck's Resume Template Raygun - Application Monitoring For Web & Mobile AppsBecome a Top 1% Dev with a Top End Devs MembershipLinksGitHub: VestVest SocialsLinkedIn: Evyatar AlushPicksCharles - Risk Legacy | Board GameDan - Oppenheimer (2023)Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

5 Syys 20231h 16min

Suosittua kategoriassa Liike-elämä ja talous

sijotuskasti
psykopodiaa-podcast
rss-rahapodi
mimmit-sijoittaa
ostan-asuntoja-podcast
pomojen-suusta
rss-seuraava-potilas
taloudellinen-mielenrauha
rss-neuvottelija-sami-miettinen
rss-porssipuhetta
rss-lahtijat
rss-bisnesta-bebeja
rss-sisalto-kuntoon
rss-paasipodi
leadcast
sijoitusovi-podcast
rss-rahamania
jahtaa-unelmiasi
rss-ammattipodcast
rss-turvacast