Ouch, macaddress package are vulnerable to command injection

Scaffolding a new React app this morning and here is the npm audit security report I got:

Screenshot from 2018-05-20 06:18:50

This npm audit command is really helpful, and it’s available on npm@6. See the vulnerability report here.



Using spread operator to split your string

There are two obvious interesting ways to split your string:

If you are interested to use the spread operator, consult the following compatibility tables before you use it in your environment:

What I can do with JavaScript’s Array.filter()?

I wonder what I can do with JavaScript’s Array.filter() and I think there is a lot of things I can do with it.

Filter my list of cars

Filter my list of heroes

Filter my dirty clothes…

Filter my favorite shoes…

Filter my favorite foods…

Filter the candidate to be included in my crew…

I think there is a lot of things we can filter out of an Array. A lot of things…

Have not used Array.filter() before? If yes, then consult the complete reference at MDN.

Firefox browser console: Hint when there is an error thrown by JS

I rarely use Firefox when working on front-end, but since I read one of an article from MDN, I learned that Firefox browser console will give me a hint when there is an error thrown by JavaScript. See the screenshot below, on the left is Firefox version 58 and on the right side is Chrome version 64.


I think this nice, and in the future, I will suggesting my mentee to consider to use Firefox in their learning session instead of Chrome, because if there is an error thrown by JavaScript they might be able to figure it out faster.

Using jsinspect to detect duplicate codes

As a JavaScript software developer, we occasionally find ourselves writing duplicate codes and keep moving forward without even considering to clean up the code. We may also find ourselves working in a codebase without knowing how much of duplicate codes have been written to and not sure where to start the cleanup.

There are tools built specifically to help for this purpose, jsinspect. I found this gem when I watched a talk by Elijah Manor: Eliminate JavaScript Code Smells.

Curious enough to give it a try, I installed jsinspect to see how it goes. I ran the tool to inspect several of my JavaScript files and here is the jsinspect returned in my console:

It’s cool, isn’t it? Imagine if we can tap this tool into build process to keep the codebase as clean as possible. But, if you guys also curious enough about jsinspect like myself, try to use it in your daily workflow, see how the tool can help you find the duplicate code easily.

Quote: The most important characteristic of promises

The most important characteristic of promises is that it normalizes into predictable form how we handle the success or failure of any function call, especially if that call may be asynchronous in nature.

And in that normalization, it leaves our program in a position to control and trust how it will proceed, rather than handing that control (via a callback continuation) off to an untrustable third-party.