React Summit

React Summit 2023

Is it wise to run code from strangers? Well, we do it all the time and there's no backing out of it. Let's take a look at how a JavaScript project could get hacked and then defend itself from supply chain attacks. Limit access to globals for each package? Sure. Control if a package can access network or file system? Yup, that too. And no more install scripts or prototype pollution.

I Run Code From the Internet!

Hello Ruben, I'm Naukter, you can find me online if you type Naukter anyway. Naukter.pl is my website, it has a bunch of other material on JavaScript security and other things, and today we're going to look at running someone else's code. So speaking of that, if I gave you a string of text and asked you to put it in your application and run it, would you do that? Would you put my code in production without looking at it much? Well, I guess the answer is going to be no, but would it help if I put it in a tar.gz file? Is it more appealing that way? Now it is, because that's what npm packages are, and they're great, and everyone's using them, but they're actually unsanitized input from the internet that we put in our applications and run. So yes, that's what we're doing, we're doing that all the time. I'm installing npm packages all the time. What if some of the packages in there aren't great? And by that I don't mean lousy packages. I published some lousy packages and nothing bad happened, but I mean malicious packages, dangerous packages that want to hurt your application, your users. What do we do about that? Well, there's tools for supply chain security, right? So a tool might say, hey, some researchers found out that this package is not great and they reported it. So that package that you shipped to production a few weeks ago, now we know that it's not a good one. Please do something about it. Is that a great situation to be in? Not necessarily. There's SocketDev, you can use that and get a much better feedback loop, because SocketDev is automating finding suspicious qualities about packages. So SocketDev, within a few hours of the package being published, is going to be able to tell you that there's possibly something wrong with it, but then you need to investigate it. At LavaMote, we decided to be proactive instead of reactive. So we're running with the assumption that one of the dependencies in the dependency graph is already malicious when the application runs. Okay? So how does it work? I do have a demo, if that was a longer talk. You can check that demo out, but let's look at the situation where you install a build tool for your project, and then someone puts this in your build tools code somewhere. So it takes your GitHub token while running in CI and sends it somewhere. Is that great? Probably not. Okay? And what LavaMote is doing, LavaMote is allowing you to generate a policy for your entire application, in this case, a build process that's also an application, and then run it based on that policy. The policy is automatically generated. It detects almost everything that is needed for the app to run. Then you proceed to tweak the policy to the sideline, which things should be okay to allow and which shouldn't. If our analysis fails to find something, it doesn't show up in the policy and is by default not allowed. So in this case, the policy is generated with HTTPS request and process.env being there. What we can do is either remove those or change them to false, which means they are not allowed. And running your build with LavaMote is going to cause one of these errors to show up. Either this evil dependency requesting HTTPS package, which is not available to it, or failing to read env from process because process is undefined. How is that even possible? Well, it's thanks to Hardened JavaScript. We're using Hardened JavaScript behind the scenes to isolate each dependency within the same process. There's no threads, workers, or iframes involved. This is all happening in one realm or context, and we can still get good isolation. Hardened JavaScript is the compartment constructor, which creates a box where you can run code in and decide what globals are going to be available and hook into it importing other things. And then there's Lockdown, which makes sure that the entire environment around it, like global prototypes of object, array, and function, is put in a state where it's impossible to maliciously fiddle with them. So no prototype pollution anymore. And the good news is, this is becoming part of language. Well, not yet. There's an early proposal for introducing compartments in TC39, and some of the people working on it are the people responsible for giving us use strict object freeze or promises. So I'm hoping this gets in. It's going to take a while, but we already have an implementation that works. And LavaMode is not just for Node. We're not at a Node-specific conference. There's also a bundler built on the same technology, on the same ideas, using the same structure for policy. And the bundler that we have working for ManyaMask in production today is browserify-based, because browserify was the most flexible one of the bundlers. And that's been working for about two years now, if I recall correctly. And now we're working on getting a webpack plugin. This is a work in progress, and this is open source. So if you want to help out, please join us. There's a bunch of details about webpack that we still need to figure out to have perfect coverage of all webpack features, and there's a lot of webpack features. So let me show you the bundler now. This is an application, a very simple one, where it can import things, MJS, TypeScript, old packages, everything. And there's a package called CookieMonster that I made. And CookieMonster is giving us a random quote. And there's some environment available. Why am I showing you this? Because CookieMonster is not only giving us quotes, it's also stealing our cookies. So here's a fetch that sends our host name and cookie to the CookieMonster's server. This app is being built with webpack. There's nothing special about this configuration. It's super simple. And then this plugin, the code name for our level mode plugin is Cordwrap. So work in progress, remember. And I have here examples of two builds. Let's run the build without Scortrap first. So if I refresh this page, I'm going to get a message sent to my server. This is a popup from my server. It has the chocolate chip name in the cookies. This is the fetch that happened, and this is the application working. We get the quote from CookieMonster, but at what price? Now in here, this is a build where our plugin was enabled. If I run this, I get undefined instead. And what happened here is I have some diagnostics output. We've been looking at policies for app, leftpad, and CookieMonster. So the app has access to everything. CookieMonster still gives us quotes, but it doesn't have access to location and document because we didn't give it that access. This is for now implemented here in the runtime. I temporarily added these, hardcoded the policy in here. Policy for the runtime for webpack is yet to be implemented, but CookieMonster is only getting fetch, leftpad is getting nothing, and then app is getting pretty much everything. And that's the policy set right now. All right. Going back to this, if you want to know more, there's a bunch of presentations about LavaMode and Horton JavaScript on my website already, and here's a link to Mark Miller talking about his invention of SES and Horton JavaScript and a bunch of principles behind it. Last but not least, I'm offering to help you roll out LavaMode in your project. So if you have a serious project that you need to protect, we can install and run at least some of the LavaMode tooling for your project easily. So let me know if you want to try it out, we're after feedback on where the incompatibilities are because there's a very minor chunk of the NPM ecosystem that might cause trouble under LavaMode, and specifically under lockdown where you can't modify object prototype, etc. So please get in touch if you want to get involved with our open source or get LavaMode installed and stay safe.


Zbyszek Tenerowicz

Performance

Rita Castro

Node Congress

Node Congress 2023

This talk is about SecureEcmaScript and Compartments which are TC39 proposals, and I'm working on tooling to make these concepts usable with people championing those proposals. This is a first-hand account of the future of JavaScript security. SES + tooling (LavaMoat or Endo) is making limiting access to network, fs, core modules or globals possible on a per-package basis. I want to show how they work, what possibilities they open and how to make that future happen today with some effort. To me this is the final step in securing npm supply chain - even if a package gets taken over by bad actors, it won't be able to hurt me.

Eval all the strings! - Hardened JavaScript

I'm Zibi, now Guter, it's in the corner and in the middle. Would you take a string I gave you and run it in your application? That's cool. Raise your hands if you would. No really? Okay, would it help if I put it in the tar.gz file? Because that's what npm packages are and they're glorious, don't get me wrong, but they're also unsanitized inputs from the internet that you run in your application. And we love them. I'm installing npm packages all the time, that's the main thing I do at work. But what if some of them are not great? And I don't mean lousy packages, I published a bunch of lousy packages, nothing bad happened, but actually malicious, dangerous packages. What then? Well, you can wait for someone to find out that the package is malicious, submit it somewhere and then npm audit is going to tell you a few weeks after you shipped your app to production with this package in your dependencies. That works already. You can go with socket dev which has a much tighter feedback loop but it just tells you that stuff is suspicious and you have to investigate. So do you have time to read your dependencies? I don't know. Oh, I don't have a network connection. That's funny. Yeah, there was a logo here. Okay, but with LavaMote, you can be proactive instead of reactive and that's a great thing, being proactive instead of reactive, let me see if I can refresh this now. Okay, I have a demo. I can show you what it does. This is a very brief version of the demo, sorry, there's much more steps, but I have an app here that's using a package to get very valuable data and then it's sending it to a different server with some authorization that's coming from environment variables. Okay, if I run it, I have this local host server running and it's going to pop up the result. Okay, that's what it does. It gets stuff. So what's the package doing? The package is getting this valuable information from somewhere and sending it over. Okay, now what if the maintainer got bored and handed over the package to someone else who had some bad intentions? Okay, so see, live coding, barely any typing. So if they grab your precious secret and send elsewhere, what would happen? Well, they would get it. Okay, so the other server just got the secret, right? And the stuff still works. Okay, so what if we want to prevent it? That's where Lava Mode comes in and Lava Mode generates a policy for you which contains information like this package can access fetch and buffer for other versions of that package that I wanted to demo. Okay, so with Lava Mode, if I do, I have Lava Mode wired as npm test. I'm going to run it and it's going to say this. It's slightly garbled but it says process did not exist. Process was undefined actually. For this package only, so you can use process in the main app or other packages but this package doesn't have access to it. Okay, so let's do some more hacking. Have you heard of prototype pollution? There was a chance to hear about it today. So if I take object prototype and I define a setter as authorization, a field on that, and I pass authorization header to fetch, fetch is going to call my setter that I set on the global prototype. How funny. Okay, so this is still going to work under regular node. And then with, yeah, I got the bearer and the secret. But if I run under Lava Mode, I'm going to get an error that says cannot define property authorization, object is not extensible. Lava Mode is also using a technology behind the scenes called lockdown that locks down everything and it's impossible to tamper with the JavaScript environment itself. Okay, going back here. So what's the magic? It's called hardened JavaScript. Lets you isolate. In our case, we're using it to isolate each dependency within the same process. There's no other context or realms involved in all of this. It has compartment, lockdown, harden, yeah, let's skip over that. It's becoming part of a language eventually. It's an early stage proposal right now, but coming from people who are responsible for stuff like CommonJS, promise in the language, et cetera. If you want to know more, these links are available and I'm offering to help you set up Lava Mode with your project if you get in touch early enough. But I promised I'll evo all the strings, right? So I have one more demo that's, oh, I'm not over time yet, cool. I made this thing, I used this technology to make this thing where I can run any code and get prompted synchronously for everything it reaches for. So I took actual malware from NPM. It's already removed, but it was there. It's, yeah, let's run it. So it's using eval and a bunch of other stuff a bunch of times. And I have to agree to this, but I went through this scenario a bunch of times. So it has four levels of obfuscation. I tried to deobfuscate it and it didn't work after the obfuscating, very clever malware. And now it reveals itself to me. So you want to know what the file looks like? This is the original file I'm running in my tool. And it says require FS. Okay, what else do you require? HTTPS, child process, cool. It tries to exec something and then it requires axios and then it reaches for process. Let's give it a fake process. Env, local app data, okay, okay, I know what you're looking for, cool. Let's give it a string that I can recognize and then it does read or a dir sync on that and tries to analyze it. Then it calls task list process, okay, nice. And then it sends a post to Discord. I didn't have to deobfuscate the file. It revealed itself to me. Thank you. Lava mode. All right. Thank you. All right. Thank you.


Building swift yet functional apps should be what all developers aspire to. And since you do, we put together a collection of talks and tutorials on application performance and made them available for free. Whether your challenge is on the front-end or the back-end, these talks and workshops will give your great tips and inspire you to try new solutions.

Performance is an essential skill for JavaScript developers. Our portal offers a range of talks, workshops, tutorials and presentations to help you become a better programmer and take your coding skills to the next level. Learn the latest techniques and strategies to improve the performance of your code, discover new tools to measure and track performance, and get tips on how to optimise your code for maximum efficiency. Whether youre looking to improve your existing skills or start from scratch, our comprehensive library of resources will provide you with all the information you need. Take your programming skills to the next level with our performance-focused talks, workshops, tutorials and presentations.

Maximising Performance with Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Coding is like a piece of art — in its ideal state, it should be both functional and beautiful. But how to reach that point? Whether you’d like to make your JavaScript code cleaner or just discover how seasoned developers deal with debugging or building a product, the following tutorials will show you how to include best practices in your daily routine.

The page contains talks, workshops, tutorials and presentations about the best practices for JavaScript developers. Learn from experienced professionals about techniques and strategies to optimize your code, debug errors, and enhance your development skills. Get up-to-date information on the latest trends in the JavaScript ecosystem, such as frameworks, libraries, and tools. Discover the best practices for writing efficient, maintainable, and secure code. Take advantage of our interactive sessions and hands-on tutorials that will help you become a better JavaScript developer.

Best Practices in JavaScript Development: Talks, Workshops, Tutorials and Presentations

Blockchain is a distributed ledger technology that uses cryptography to store data securely and immutably across a network of computers. It is a digital ledger of records, called blocks, which are linked together using cryptographic principles. Each block contains a timestamp and a link to the previous block, forming an immutable chain. This makes it virtually impossible to tamper with the data stored in the blockchain, as any changes would be easily detected by the network. In the context of JavaScript, blockchain can be used to create distributed applications (dApps) which are secure, transparent, and decentralized.

This page contains talks, workshops, tutorials and presentations about blockchain technology. Learn more about the fundamentals of blockchain, its applications, and how to build secure distributed systems. Explore the latest trends in blockchain development, including smart contracts, decentralized applications, and distributed ledger technologies. Get up to speed on the most popular blockchain platforms and understand the advantages and disadvantages of each. Discover best practices for designing, deploying, and managing blockchain-based solutions.

Blockchain Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Advanced in the context of JavaScript means having a deep understanding of the language and its features. This includes being able to write complex code that makes use of advanced language features such as closures, prototypes, classes, and asynchronous programming. Advanced JavaScript developers are also capable of creating custom libraries and frameworks to extend the language’s capabilities. Additionally, they should be able to debug and optimize their code to ensure it runs efficiently.

Welcome to the advanced learning portal for JavaScript developers! Here, you will find a selection of talks, workshops, tutorials and presentations to help you take your JavaScript skills to the next level. Our resources cover a wide range of topics, including object-oriented programming, data structures, algorithms, design patterns, web development, and more. Whether youre an experienced programmer looking to expand your knowledge or a beginner looking to get up to speed quickly, this portal has something for everyone. With our cutting-edge content and expert instructors, you can be sure that youll get the most out of your learning experience. Start exploring today and take your JavaScript skills to the next level.

Advanced JavaScript Talks, Workshops, Tutorials & Presentations

Panel discussions are a type of discussion where a group of people with different perspectives, backgrounds and expertise come together to discuss a particular topic. The panel usually consists of an expert moderator, who facilitates the discussion, and a panel of experts, who provide their opinions and insights on the topic. In the context of JavaScript, panel discussions could involve developers, engineers, designers, marketers, and other stakeholders discussing the latest trends, challenges and opportunities associated with the language. Panel discussions can be incredibly insightful and beneficial for everyone involved, allowing participants to gain a better understanding of the language and its potential applications.

Panel discussions are a great way to get different perspectives on a particular topic, and can provide invaluable insights into the current state of the industry. Our talks, workshops, tutorials and presentations about panel discussions will help JavaScript developers stay up to date with the latest trends and best practices in the field. We cover topics such as how to structure an effective panel, how to choose the right participants, and how to ensure that everyone is heard and respected during the discussion. With our comprehensive coverage of this important topic, you will be equipped to lead or participate in successful panel discussions.

Panel Discussions: Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Scalability is the ability of a system, network, or application to handle a growing amount of work in a capable manner or its ability to be enlarged to accommodate that growth. In terms of JavaScript, scalability refers to the ability to quickly and efficiently increase the size and complexity of a website or web application without sacrificing performance or usability. This includes the ability to add more nodes (computers) to a distributed system, as well as the ability to easily add more features and capabilities to an existing system.

Scalability is an important concept for JavaScript developers, and this page contains a variety of talks, workshops, tutorials and presentations to help them understand the fundamentals and best practices of scalability. From understanding the basics of scaling applications to mastering advanced techniques, these resources provide comprehensive coverage of the topic, allowing developers to stay up-to-date on the latest trends and technologies. With these materials, developers can learn how to create scalable applications that can handle increasing workloads and traffic without sacrificing performance or reliability.

Scalability Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Feeling like boosting up your career? In this section, you'll find free JavaScript courses, tutorials, and coding lessons to help you stay up-to-date with the latest developments in the JS ecosystem and take you from basic to advanced. Dive into it, and you'll find out that the world's most popular programming language is easy to learn.

Welcome to the JavaScript Learning Portal! Here you will find a variety of talks, workshops, tutorials and presentations about JavaScript. Whether youre a beginner looking to learn the basics or an experienced developer looking to stay up-to-date on the latest trends in the language, this portal has something for everyone. We have organized our content into different categories so you can easily find what you need. Explore our selection of talks, workshops, tutorials and presentations today and start learning more about JavaScript!

JavaScript Talks, Workshops, Tutorials & Presentations - Learn JavaScript from the Experts!

Build tools are programs that automate the process of creating a software application. They are used to compile source code, run tests, package applications, and deploy them into production environments. Build tools help developers save time by automating the process of building an application from its source code. In JavaScript development, build tools like Grunt, Gulp, Webpack, and Browserify can be used to automate tasks such as minifying code, running unit tests, and compiling Sass or Less files.

This page contains talks, workshops, tutorials and presentations about build tools, a critical component of web development. Learn how to use build tools to automate tasks such as compilation, minification, unit testing, linting and more. Discover the best practices for efficient project management and get tips on how to get started with build tools. Get access to comprehensive resources from experienced professionals and stay up-to-date with the latest trends in JavaScript development.

Learn How to Use Build Tools for JavaScript Development: Talks, Workshops, Tutorials & Presentations

JS tooling is a term used to describe the tools and processes used to develop applications in JavaScript. This includes frameworks, libraries, build systems, task runners, and other tools that help developers create, test, and deploy their applications. We have talks and workshops on this topic to help students learn how to use these tools effectively and efficiently.

This page contains talks, workshops, tutorials and presentations about js tooling - the most up-to-date JavaScript tools and techniques for developers. Learn how to set up a JavaScript development environment, create custom scripts and build applications with the latest technologies. Discover the best practices for using popular tools like Gulp, Grunt, Webpack, Babel and more. Get tips on debugging and troubleshooting common problems. Whether you are a beginner or an experienced developer, these resources will help you get the most out of your JavaScript tooling.

Exploring JS Tooling: Talks, Workshops, Tutorials and Presentations

Node.js is a JavaScript runtime environment that allows developers to run JavaScript code outside of a web browser. It uses an event-driven, non-blocking I/O model to handle requests efficiently and is particularly suited for building scalable network applications. Node.js comes with a built-in package manager (npm) and a large ecosystem of libraries and modules that makes it easy to develop server-side applications.

This page provides talks, workshops, tutorials and presentations about the popular server-side JavaScript runtime environment, Node.js. Learn from experienced developers how to set up Node.js, use its features and build powerful applications. Get up to date with the latest trends in web development and find out how to make use of Node.js for your projects.

Node.js Talks, Workshops, Tutorials & Presentations: Everything You Need to Know About Node.js

WebAssembly (or WASM) is a low-level, binary instruction format for executable code on the web. It is designed as a portable target for compilation of high-level languages like C/C++/Rust, enabling deployment on the web for client and server applications. WebAssembly aims to execute at near-native speed by taking advantage of common hardware capabilities available on a wide range of platforms. It is also designed to be memory-safe, with built-in support for detecting and handling memory access errors. WebAssembly can be used in conjunction with JavaScript, allowing developers to leverage both languages in their applications.

Webassembly is a revolutionary new technology that enables JavaScript developers to create high performance applications with near-native speeds. This page contains talks, workshops, tutorials and presentations about Webassembly, providing an in-depth look at this cutting-edge technology. Learn how to use Webassembly to improve the performance of your web applications and unlock new possibilities for development. Discover the latest trends and best practices in web development with Webassembly and get the most out of this powerful tool.

Webassembly Talks, Workshops, Tutorials, and Presentations for JavaScript Developers

TC39 is an acronym for Technical Committee 39, a committee within Ecma International (formerly known as the European Computer Manufacturers Association) responsible for the development of the ECMAScript programming language. It consists of representatives from various companies such as Microsoft, Google, Apple, Mozilla and Facebook. The committee works on the specification of the language, including new features, syntax, and other aspects of the language. They also work to ensure that the language remains compatible across browsers and platforms.

The TC39 page is the perfect resource for JavaScript developers looking to stay up-to-date with the latest developments in the language. Here you can find talks, workshops, tutorials and presentations about ECMAScript proposals, updates, and implementations from the TC39 committee. With this information, youll be able to keep your code up-to-date with the latest standards, as well as learn more about how the language works. Dive into the world of TC39 today and get the most out of your JavaScript development!

Exploring tc39: Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Security testing is a process used to identify any potential security vulnerabilities in a system, application, or network. It involves testing the system for weaknesses that could be exploited by malicious users and finding ways to fix them. Security testing typically includes testing for authentication, authorization, data encryption, input validation, and other aspects of secure coding practices. In the context of JavaScript, security testing focuses on identifying and addressing any potential XSS, CSRF, and injection attacks that could be possible due to improper use of the language.

Security testing is an essential part of any development process. It is the practice of ensuring that applications are secure and protected from malicious attacks. This page contains talks, workshops, tutorials, and presentations related to security testing for JavaScript developers. Learn the best practices for identifying potential vulnerabilities in web applications and how to protect against them. Get up to speed on the latest tools and techniques for ensuring your code is secure. Discover how to run effective security tests and audits, as well as how to respond to threats quickly and efficiently. Find out how to stay ahead of the curve when it comes to security testing.

Security Testing Talks, Workshops, Tutorials and Presentations for JavaScript Developers

DevTools is a set of web development tools built into the Chrome browser. They allow developers to inspect and debug HTML, CSS, and JavaScript code on any web page. DevTools provides access to the Document Object Model (DOM), allowing developers to view the structure of a page and make changes to it in real-time. It also provides features such as network performance analysis, JavaScript debugging, and memory profiling, which help developers optimize their code.

DevTools Talks, Workshops, Tutorials and Presentations

Discover the power of DevTools with our range of talks, workshops, tutorials and presentations. Our experts will help you understand how to use DevTools to debug, inspect, and improve your code. Learn best practices for debugging, profiling, and optimizing your JavaScript applications. Get up-to-date on the latest trends in DevTools and find out how they can help you become a better developer. Whether youre a beginner or an experienced programmer, we have something for everyone. Come join us and explore the world of DevTools!

DevTools Talks, Workshops, Tutorials & Presentations: Get the Most Out of Your JavaScript Development!

API security is a set of security measures to protect an application programming interface (API) from malicious attacks. It involves authentication, authorization, input validation, encryption and logging. Authentication is the process of verifying the identity of users before they can access the API. Authorization ensures that only authorized users are allowed to access the API. Input validation prevents malicious data from entering the system. Encryption ensures that data is securely transmitted between the client and the server. Logging helps to detect and investigate any suspicious activity.

API Security Talks, Workshops, Tutorials & Presentations

Learn the fundamentals of API security from experts in the field. Get up to speed on the latest technologies and techniques to secure your APIs. We offer talks, workshops, tutorials and presentations covering topics such as authentication, authorization, encryption, access control, and more. Gain the knowledge you need to keep your APIs safe and secure.

API Security: Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Microservices are a software architectural style that structures an application as a collection of loosely coupled services, which implement business capabilities. Each service is self-contained and independently deployable. Services communicate with each other using APIs or messaging systems like RabbitMQ. Microservices are written in any language, including JavaScript, and can be developed and deployed independently. They are often deployed in containers, such as Docker, to provide scalability and fault tolerance.

Microservices are a type of architecture that enables developers to create applications composed of small, independent services. This page contains talks, workshops, tutorials and presentations about microservices and how they can be used to build modern, scalable applications. We cover topics such as service-oriented architectures, distributed systems, application design, scalability, fault tolerance, and more. With our resources, you will gain a better understanding of the principles behind microservices and how they can be applied in your own projects.

Learn About Microservices: Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Fullstack is a term used to describe a developer who is knowledgeable in every layer of web development. This includes the front-end (client side) code such as HTML, CSS, and JavaScript, as well as the back-end (server side) code such as databases, server-side languages, and APIs. A fullstack developer can develop entire web applications from start to finish, including database design, user interface design, and coding.

Fullstack can be a daunting concept for JavaScript developers, but it doesnt have to be. Our collection of talks, workshops, tutorials, and presentations will help you understand the fundamentals of fullstack development, so you can start building powerful applications quickly and efficiently. With our comprehensive resources, youll learn how to use both backend and frontend technologies to create modern web apps, mobile apps, and more. Whether youre just getting started or looking to take your skills to the next level, our fullstack content will give you the knowledge and confidence you need to succeed.

Fullstack Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Soft skills are the interpersonal skills that enable a person to interact effectively and harmoniously with other people. They include communication, problem-solving, teamwork, leadership, time management, and conflict resolution. In the JavaScript domain, soft skills are essential for working with others, understanding user needs, and developing successful applications. Soft skills also help developers to better collaborate with their peers, as well as build relationships with stakeholders.

This page provides talks, workshops, tutorials and presentations on the important soft skills needed to be a successful JavaScript developer. Learn how to communicate effectively, manage your time, collaborate with other developers, and present your work in an engaging manner. Our experienced instructors will provide you with the tools and knowledge you need to become a better programmer and excel in your career.

Develop Your Soft Skills with Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Tool building is a process of creating applications, programs and websites using JavaScript. It involves writing code to create a tool that can be used for specific tasks. Tool building also involves the use of frameworks and libraries to make development faster and easier. We have talks and workshops on this topic that focus on understanding the basics of JavaScript programming, as well as more advanced topics such as creating custom tools and debugging.

This page provides a comprehensive overview of talks, workshops, tutorials and presentations about tool building for JavaScript developers. Here you can find resources to get up to speed on the latest technologies and techniques for creating effective tools for your projects. Our content is designed to help you become an expert in building custom tools that are tailored to your specific needs. We cover topics such as code generation, automation, debugging, testing, and more. With our comprehensive resources, youll be able to create powerful tools that will help you get the most out of your development efforts.

Tool Building Talks, Workshops, Tutorials & Presentations for JavaScript Developers

GitHub Actions is a feature of GitHub that allows users to automate their workflow. It provides a way to create custom software development life cycle (SDLC) workflows directly in a GitHub repository. With Actions, users can set up an automated system of triggers and actions that will run when certain events occur within the repository. This makes it easier to automate tasks such as running tests, building code, deploying applications, and more.

GitHub Actions is a powerful and versatile tool for automating development workflows. This page contains talks, workshops, tutorials and presentations that will help JavaScript developers get the most out of GitHub Actions. Learn how to set up automated triggers and actions, create custom workflows, and take advantage of the many features available in GitHub Actions. Get the most out of your development process with GitHub Actions!

GitHub Actions Talks, Workshops, Tutorials, and Presentations for JavaScript Developers

Deno is a secure, modern JavaScript and TypeScript runtime. It is created by the same developer who created Node.js, Ryan Dahl. Deno is built on the same V8 JavaScript engine as Node.js, but it provides an improved security model, better performance, and a more robust standard library. Deno also supports TypeScript, allowing developers to write their code in a type-safe language, which can then be compiled down to JavaScript for execution. Deno is designed to be a lightweight, secure, and efficient way to develop web applications.

Deno is a secure runtime for JavaScript and TypeScript that is based on the modern JavaScript and web standards. It was created by Ryan Dahl, original creator of Node.js, to provide an alternative, more secure solution to running JavaScript applications. Deno offers developers a powerful new way to build server-side applications using the same language they use for client-side development. Our talks, workshops, tutorials and presentations provide a comprehensive introduction to Deno, covering topics such as its architecture, security model, module system, and more. Whether you’re just starting out with Deno or already have experience developing with it, our resources will help you get up to speed quickly and easily.

Deno Talks, Workshops, Tutorials, and Presentations: An Essential Resource for JavaScript Developers

A Browser API, or Application Programming Interface, is a set of commands, functions, protocols, and objects that allow developers to create web-based applications that can interact with the browser. It helps developers create interactive websites, as well as access and manipulate data stored in the browser. Some of the most common APIs used by JavaScript developers include DOM (Document Object Model), Fetch, WebGL (Graphics Library) and WebRTC (Real Time Communication).

Browser APIs are essential for web developers to create dynamic, interactive experiences. This page contains talks, workshops, tutorials and presentations about browser APIs, covering topics such as HTML5, CSS3, JavaScript, AJAX, and more. Learn how to use the latest browser technologies to create powerful and engaging web applications. Get up to speed on the latest browser API features and capabilities, and find out how to use them in your projects. With these resources, youll be able to create amazing experiences that will take your web development skills to the next level.

Talks, Workshops, Tutorials & Presentations on Browser APIs for JavaScript Developers

Web apps are applications that run on the web and can be accessed through a web browser. They are written using JavaScript, HTML and CSS, allowing them to be accessible from any device with an internet connection. Web apps are often interactive and provide a user interface for users to interact with. They can range from simple one-page websites to complex applications that allow users to perform tasks such as online shopping or banking.

This page contains talks, workshops, tutorials and presentations about web apps, a popular technology for creating interactive websites. Our materials are designed to help JavaScript developers gain the skills they need to build powerful and engaging web applications. We offer a range of topics, from basic concepts to advanced techniques, that will teach you how to create dynamic user experiences using HTML, CSS, JavaScript, and more. Learn how to create responsive designs, use AJAX for data transfer and manipulation, and integrate third-party APIs into your projects. With our resources, youll be able to develop robust, feature-rich web apps quickly and easily.

Web App Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Security is the practice of protecting data, networks, programs and other information from unauthorized or unintended access, destruction or change. It involves a set of measures designed to ensure the confidentiality, integrity and availability of data and systems. In the context of JavaScript, security refers to techniques used to protect code, such as authentication, encryption, and access control. It also includes measures that prevent malicious code from executing, such as input validation, content security policies, and secure coding practices.

Security is an important topic for any JavaScript developer. This page provides talks, workshops, tutorials, and presentations to help developers understand the basics of security and how to protect their applications from malicious attacks. Learn about common security vulnerabilities, authentication techniques, encryption protocols, and more. Get the knowledge you need to keep your applications secure and safe.

Security Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Serverless is a cloud computing model where applications are hosted on a cloud platform without the need for a dedicated server or virtual machine. Instead, cloud resources are allocated and released dynamically depending on the demand of the application. This allows developers to focus more on the development of the application instead of maintaining the underlying infrastructure. Serverless computing is also cost-effective because it only charges for the exact amount of resources used, rather than paying for an idle server.

Serverless is a powerful and cost-effective way to run web applications, mobile backends and more. With serverless, you can save time, money and effort by reducing the need for server provisioning, maintenance and scaling. This page contains talks, workshops, tutorials and presentations about serverless, including best practices for setting up and managing serverless applications, tips and tricks for getting the most out of your serverless architecture, and more. Whether you are new to serverless or an experienced user, this page will provide you with the resources you need to become a successful serverless developer.

Serverless Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Monorepos are a type of source code repository that holds all the code for a single project in one repository. This means that instead of having multiple repositories for different components of the same project, all the code is stored in one place. This makes it easier to manage and track changes across all parts of the project, as well as to ensure that all the components of the project are kept up-to-date. Monorepos are popular among JavaScript developers due to their scalability and flexibility.

Monorepos are a powerful way to manage large-scale JavaScript projects. This page contains talks, workshops, tutorials and presentations about monorepos, designed to help developers better understand the concept and its use in development. Learn how to create, maintain and optimize your monorepo with best practices from the experts. Discover how to scale up projects with monorepos, while keeping code organized and secure. Get insights into the advantages and disadvantages of using monorepos, and learn how to develop an effective workflow that works for you. Improve your development skills and take your project to the next level with monorepos.

Monorepos Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Architecture in the context of JavaScript refers to the overall design and structure of an application. It involves the selection of appropriate technologies and frameworks, the organization of code into logical components, and the development of a coherent plan for how these pieces fit together. Good architecture ensures that the application is maintainable, extensible, and efficient.

This page contains talks, workshops, tutorials and presentations about software architecture for JavaScript developers. Learn the fundamentals of software architecture, including best practices and design patterns used in modern web development. Explore topics such as object-oriented programming, modularity, scalability, maintainability, and more. Get insights from industry experts on how to effectively architect your applications for maximum performance, security, and reliability.

Architecture Talks, Workshops, Tutorials & Presentations for JavaScript Developers

NPM stands for Node Package Manager. It is a package manager for the JavaScript programming language. It is used to install, share, and manage code packages that are used in JavaScript projects. It helps developers to easily find, share, and reuse code with other developers from around the world. It also helps maintain the versioning of libraries, making sure that everyone is using the same version of the code.

NPM (Node Package Manager) is an essential tool for JavaScript developers. It allows you to install, manage, and publish packages of code that can be used in your projects. With NPM, you can easily find, share, and reuse packages of code from the vast online repository of packages. Our talks, workshops, tutorials, and presentations will help you learn how to use NPM effectively and get the most out of it. Well cover topics such as package installation, versioning, publishing, and more. Whether youre a beginner or an advanced user, these resources will give you the skills you need to make the most of NPM.

NPM Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Debugging is the process of finding and resolving errors in a computer program. It involves identifying the source of the problem, analyzing the issue, and then fixing it. Debugging can be done manually or with the help of a debugging tool. In JavaScript, debugging is essential for testing code and making sure it works as intended. It helps developers identify and fix any bugs or issues quickly, allowing them to improve the performance and reliability of their programs.

Description: 
Learn how to debug JavaScript code with our comprehensive collection of talks, workshops, tutorials and presentations. Get tips on identifying errors, fixing bugs and improving performance. Discover best practices for debugging complex JavaScript applications and learn how to use the latest tools and techniques to get the job done quickly and efficiently.

Debugging JavaScript: Talks, Workshops, Tutorials & Presentations

Authentication is the process of verifying the identity of a user or application. In JavaScript, authentication typically involves using credentials (such as a username and password) to access a protected resource. It can also involve using tokens or other methods to securely identify a user. Authentication is important for ensuring that only authorized users are able to access sensitive data or resources.

Authentication is an important aspect of web development, especially when it comes to JavaScript. This page contains talks, workshops, tutorials and presentations that will help developers understand the fundamentals of authentication, as well as best practices for implementing secure authentication solutions. Learn how to create secure user accounts, protect sensitive data, and more. Get the knowledge you need to build secure applications and protect your users data.

Authentication: Talks, Workshops, Tutorials and Presentations for JavaScript Developers

Documentation is the process of providing comprehensive instructions and explanations about a particular piece of software or programming language. It is designed to help developers understand how to use a given technology, as well as provide them with detailed information about its features, functions, and capabilities. In the case of JavaScript, documentation can include tutorials, code examples, API references, and other resources that help developers learn how to use the language to create web applications. Documentation is an essential part of any development process, as it provides developers with the information they need to use the technology effectively and efficiently.

This page provides comprehensive talks, workshops, tutorials, and presentations about documentation for JavaScript developers. Here you can learn the best practices for writing documentation for your code, understand the importance of well-crafted documentation, and find resources to help you create clear and concise documentation. Get up to speed on the latest trends in documentation for JavaScript and stay ahead of the curve.

Documentation Talks, Workshops, Tutorials & Presentations for JavaScript Developers

XSS stands for Cross-site Scripting. It is a type of computer security vulnerability that allows malicious code to be injected into websites and web applications. XSS attacks are used to steal user data, hijack user sessions, and perform other malicious activities. JavaScript can be used to create XSS attacks, as it is possible to inject malicious code into web pages by manipulating the DOM (Document Object Model) of a website.

XSS (Cross-Site Scripting) is a type of computer security vulnerability that enables malicious attackers to inject malicious code into web applications. This page contains talks, workshops, tutorials and presentations about XSS, helping JavaScript developers learn the basics of this important security issue. Topics covered include an introduction to XSS, common attack vectors, prevention techniques and best practices for protecting against XSS attacks. With these resources, developers can become better equipped to protect their applications from XSS and other web-based threats.

XSS Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Developer experience (DX) is the overall satisfaction of a developer when using a particular technology. It encompasses aspects such as ease of use, performance, scalability, security, and documentation. DX helps developers to quickly understand the technology, build applications faster, and provide better user experiences. In the context of JavaScript, DX includes features such as code readability, modularity, reusability, and compatibility with other technologies. It also involves understanding the unique challenges of developing for the web and how to best utilize the language’s features. By having a good DX, developers are able to create applications that run efficiently and offer users a great experience.

Developer experience is a term used to describe the overall satisfaction of developers when using a product or service. It encompasses everything from the design and usability of the product, to the quality of customer support and documentation. At our learning portal, we offer talks, workshops, tutorials and presentations that focus on developer experience. Our goal is to help developers create better products by understanding the needs of their users, improving their workflow, and providing them with the tools and resources they need to succeed.

Talks, Workshops, Tutorials and Presentations on Enhancing Developer Experience in JavaScript Development

Automated security is a process of using automated software tools to detect and prevent malicious activities, such as data breaches, unauthorized access, and other cyber threats. These tools can be used to monitor networks, applications, databases, and system configurations in order to identify and respond to any suspicious activity or potential vulnerabilities. Automation helps to reduce the time and resources needed to manage security, allowing organizations to focus on more pressing tasks. In addition, automated security tools can be used to identify JavaScript-based attacks, such as cross-site scripting (XSS) or SQL injection.

This page provides talks, workshops, tutorials and presentations about automated security for JavaScript developers. Learn how to use automated security tools to protect your web applications from malicious attacks, and discover the best practices for keeping your code secure. Get up to speed on the latest technologies and techniques for preventing data breaches, reducing vulnerabilities, and ensuring the safety of your application. Our experts will guide you through the process of implementing automated security measures in your projects, so that you can stay ahead of potential threats.

Automated Security Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Backend is the part of a website or application that handles data management, business logic, and communication between the frontend, other applications, and databases. It is responsible for providing an interface between the user and the server-side database. The backend includes server-side languages such as JavaScript, PHP, Ruby, Python, and Java, as well as databases like MySQL and MongoDB. Backend development involves writing code to create APIs (Application Programming Interfaces) that allow other applications to interact with the application.

Backend talks, workshops, tutorials and presentations for JavaScript developers. Learn the fundamentals of backend development, from setting up a server to developing APIs and databases. Gain an understanding of how to use the latest technologies and frameworks to create powerful applications. Get hands-on experience with practical examples and challenges that will help you become an efficient backend developer.

Backend Talks, Workshops, Tutorials and Presentations for JavaScript Developers

API stands for Application Programming Interface. It is a set of functions and procedures that allow two or more applications to communicate with each other. In the context of JavaScript, an API is a set of commands, functions, protocols, and objects that can be used to create interactive web-based applications. APIs help developers access data from external sources and integrate it into their own web applications, making them more dynamic and user friendly.

Page Description: 

Explore the latest talks, workshops, tutorials, and presentations about API development for JavaScript developers. Learn from industry experts on how to effectively utilize APIs in your projects and gain a deeper understanding of the technology. Get access to the best resources available to become an API master!

API Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Functional programming is a style of programming that focuses on writing small functions that take input, perform an action, and return output. It emphasizes the use of pure functions (functions which do not modify any data outside their scope) and immutable data (data that cannot be changed after it has been created). This style of programming is often used in JavaScript because it allows for more efficient code and easier debugging.

Functional programming is a powerful and popular programming paradigm that focuses on writing code that is more reliable, reusable and easier to maintain. This page will provide talks, workshops, tutorials and presentations about functional programming, helping JavaScript developers learn the concepts and apply them in their projects. Here you will find information on topics such as higher-order functions, composition, immutability, currying, and more. Learn how to use functional programming techniques to write clean, concise and bug-free code.

Functional Programming Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Fastify is a web framework for Node.js that helps developers create high-performance, low-latency REST APIs quickly and easily. It is based on the popular Express.js framework but provides a much more efficient and streamlined approach to building RESTful APIs. Fastify focuses on providing developers with an easy-to-use API that allows them to quickly set up routes and use various plugins to add functionality to their applications. It also has built-in support for JSON Schema validation, logging, authentication, and other common web development tasks.

Fastify is a web framework for Node.js that offers high performance and low overhead. It enables developers to build fast, secure, and scalable web applications quickly and easily. Our talks, workshops, tutorials, and presentations will help you get up to speed on Fastify and make the most of its features. Learn how to create a basic web server, configure routes and plugins, debug and test your code, and more. With our resources, you’ll have the knowledge to build modern, reliable web apps with Fastify in no time.

Fastify: Talks, Workshops, Tutorials & Presentations for JavaScript Developers

Open-source is a term used to describe software that is made freely available, with the source code open for anyone to view and modify. The source code is usually shared publicly on platforms such as GitHub, allowing developers to collaborate on projects and build upon each other's work. Open-source software can be used, modified, and redistributed freely, making it a great resource for developers who are looking to learn or create new projects.

Open-source is an important part of the JavaScript development world, and our learning portal provides a wealth of talks, workshops, tutorials, and presentations about open-source. Our experts have created content to help developers understand how to use open-source tools and libraries, as well as how to contribute to open-source projects. With our resources, you can stay up-to-date on the latest trends in open-source development and learn how to create powerful applications with open-source software.

Open-Source Talks, Workshops, Tutorials & Presentations for JavaScript Developers

HTML stands for HyperText Markup Language. It is a markup language used to create the structure of webpages. HTML uses tags to define elements on the page, such as headings, paragraphs, images, and links. It also provides a way to add styling to pages with CSS (Cascading Style Sheets) and interactivity with JavaScript. HTML is essential for creating websites and web applications.

This page contains talks, workshops, tutorials and presentations about HTML. Learn the fundamentals of HTML and how to use it to create webpages and applications. Get tips on structuring your HTML code for maximum efficiency and discover new techniques to make your website stand out. Gain insights into the latest HTML trends and stay up-to-date with the latest developments in web development. With our expert-led talks, workshops, tutorials and presentations, you’ll be able to take your HTML skills to the next level.

Learn HTML: Talks, Workshops, Tutorials and Presentations for JavaScript Developers

The future of development is the direction in which software development is heading, with a focus on JavaScript. This includes the use of new technologies such as Node.js and React, as well as more advanced frameworks and libraries to make development faster and easier. Additionally, there is an emphasis on making applications more secure and reliable, while also increasing the speed at which they can be developed and deployed. As JavaScript continues to evolve, developers will need to stay up-to-date with the latest trends and best practices in order to create the most efficient and effective applications possible.

The page for future of development talks, workshops, tutorials, and presentations is your chance to explore the cutting-edge advancements in software engineering and web development. Get a glimpse into the future of coding with this collection of insightful content from leading industry professionals. Learn about the latest trends, tools, and technologies that are transforming the way we develop applications and websites. Discover how to stay ahead of the curve and gain an edge in the competitive world of software engineering. With these resources, youll be able to become an expert in the ever-evolving field of development.

Exploring the Future of Development: Talks, Workshops, Tutorials, and Presentations for JavaScript Developers

JavaScript runtimes are environments in which JavaScript code is executed. They provide an interface for developers to write code and interact with the underlying operating system, allowing them to create dynamic webpages and applications. The most popular JavaScript runtime is the browser, but there are also server-side runtimes such as Node.js and Deno.js, which allow developers to write server-side code in JavaScript.

Description: 
Discover the latest talks, workshops, tutorials and presentations about JavaScript runtimes. Learn from experienced developers and experts in the field as they discuss topics such as runtime performance, memory management, debugging, and more. Keep up to date with the latest trends and technologies for developing with JavaScript runtimes.

Exploring JS Runtimes: Talks, Workshops, Tutorials, and Presentations

Web Workers are a feature of JavaScript that allow for the execution of scripts in the background, independently of the main program. This allows for tasks such as data processing, animation rendering, and other intensive operations to be done without blocking the user interface or slowing down the main thread. Web Workers can be used to improve the performance of web applications and make them more responsive.

Welcome to our comprehensive collection of talks, workshops, tutorials and presentations about Web Workers. Here youll find the latest information on Web Workers, an important part of modern web development. Weve gathered the best resources from around the web to help you learn the basics of Web Workers and how to use them in your own projects. From introductory tutorials to advanced topics like distributed computing, we have something for everyone. Dive in and start building powerful applications today!