Application Development: Hapi.js is a professional node.js server framework

This month we created REST service as a project. Technical requirements were to use Hapi.js architecture [http://hapijs.com] to implement a solution. It’s a better alternative for well-known express framework. The problem with express is its simplicity in design. One of the goals of its authors was to make it as simple as possible. But in real life it’s not a criteria. You have to spend a lot of time to configure all components you need for your application. E.g., getting raw HTTP request content needs particular middleware attached into some point of HTTP request/response chain. That’s why a lot of teams and projects choose something more robust. Hapi provides very good balance between simplicity and power.

Beyond express framework

Hapi was created by Walmart software development team to hold under control their black-friday storm. By the way, this fact shows us one more time that node.js platform has both high performance and robust Application Development approaches.

Read more

Application Development: Vim as development environment

Vim [http://www.openvim.com/] is a successor of the ancient vi text editor, which was created as primary UNIX visual text editor several decades ago when computers were really big and expensive. Despite such a great age, Vim is still a very popular and useful tool in Software Application Development and DevOps. Both console and GUI versions are available for all operating systems and platforms. It’s included into any standard installation set of Linux/UNIX family system. Because of its plain nature, our programmers can use Vim as both regular text editor installed and runned locally and opened in remote shell via Internet with effective workflow even in case of slow network connection.




In brief, Vim has 2 main modes: to navigate a cursor throw the text and to enter the text into place marked by the cursor. This would be the most terrible barrier between you and Vim. Don’t fight it. Just accept this approach and move on.

Read more

Application Development: Babel transpiler to use ES6 today

ECMAScript 6 standard is coming. As a next generation of JavaScript, it would be the most significant change in front-end Application Development in near future. BTW, new official label of standard is ES2015 for now. So, don’t be confused at line of terms. There is the same. ES2015 is not production ready approach, because it’s not supported officially by majority of the web browsers. On the other hand, ES2015 is very hot and too sexy to wait for official release date. Besides, it would be better to have ES6 skills for your front-end developer career. Well-known technologies like CoffeeScript pale into insignificance. A lot of smart software architects and CTO’s decide to design their new from-scratch client-side applications with perspective to be developed and supported in terms of ES6 standard. There would be the problem how to deal with such code right now. Regular solution is to use some tool to translate ES6 code into regular JavaScript, like we are doing in case of CoffeeScript or TypeScript. Babel [https://babeljs.io] is the most famous solution for that.

ES6 new features

So, what does it make ES6 standard to produce a lot of hype about. There is an arrow operator => introduces syntax sugar for function creation similar to CoffeeScript. There are classes with constructors, inheritance, static methods and other real OOP features. That is much better than old-school prototype-based pseudo-OOP of regular JavaScript. There is added built-in string interpolation like it’s used in other programming languages for decades already.

Read more

Application Security: Cross-site scripting (XSS)

Professional web development standards are very high nowadays. It doesn’t matter how big your team or budget. Application Security is extremely important for project of any size. Huge software companies may even have separate departments working on security tasks only. There are manual code review of existing solutions, automation of scanning for well-known vulnerabilities by special tools, writing unit and integration tests, research the cases, implementation of modern approaches. On the other hand, if you are sole developer in your startup (or even single contributor at all), you have to spend some time playing this role as well.

Sources of the harmful code

Cross-site scripting or XSS is the most widely exploited security hole in Web. At first sight, it seems not very dangerous for Application Security, because there is no obvious way to harm the system or damage the data on the server side. Generally, the main goal of XSS attack is to execute custom JavaScript code in the browser of the user. To be executed, that code have to pass into the page in some way. There are 2 options for hacker to achieve it. First, and the most known, is saving JavaScript code as a part of Web 2.0 content on the server side provided by users of the service.

Read more