Advertise with Us|Sign Up to the Newsletter

WebDevPro #74:JS concepts for Node developer, npm Vs npx, Icon Libraries

Chrome Canary just killed uBlock Origin, Fuzzing-101, Wi-Fi Goes Long Range.

Hi ,

Welcome to the web app development world with the 74th edition of _webdevpro!

In this edition we cover web development community discussions on:

Don't miss our repository of manually curated collection of Tailwind CSS resources for web developers.

In our relatively new section captures internet jibber-jabber about the mobile ecosystem:

Today's news covers Angular,, Django, Laravel, Ruby on Rails, and Svelte.

P.S.: If you have any suggestions or feedback, or would like us to feature your project on a particular subject, please write to us. Just respond to this email!

If you liked this installment, fill in our survey below and win a free Packt PDF.

Thanks,
Apurva Kadam
Editor-in-Chief, Packt

Fellow Dev Discussions on the Internet.

10 JavaScript concepts every Node developer must master - JavaScript's multiparadigm nature allows for various programming styles, but it also poses risks like scope and object mutation. The lack of tail-call optimization makes large recursive iterations dangerous, and Node’s single-threaded architecture requires asynchronous code for efficiency. Despite its challenges, following key concepts and best practices in JavaScript can help Node.js developers write scalable and efficient code.

npm Vs npx - While they sound similar and are both integral parts of the Node.js ecosystem, they serve different purposes. This post will explore the differences betweennpmandnpx, helping you understand when and why to use each.

15+ Best Icon Libraries of2024 - Let's explore some of thebest icon libraries of 2024for designers and developers, which not only offer extensive collections but also make integration and customization easier for bothdevelopers and designers. Many of these icon libraries areeither free or open-source, making them accessible for developers and designers at any level.

9 must-know open-source tools that will make you better than 99% of developers - The software development landscape is evolving faster than ever. To stay ahead of the curve, you must arm yourself with tools and technologies built for the future. This article is a curated, must-know list of open-source tools to help you build applications designed to stand the test of time.

Why Do Many People Not Recommend Using JWT? - JSON Web Tokens (JWT) have been widely adopted for authentication in web applications, thanks to their simplicity and stateless nature. They allow the transmission of verified information between two parties, often used in login systems. However, despite their popularity, many security experts advise caution when using JWTs, particularly for session management. In this article, we'll dive into the reasons why JWTs have raised concerns, and why many developers recommend alternative approaches.

Check this space for new repos, projects and tools each week! This week we bring you a collection of Tailwind UI Libraries, Components & Templates:

🧩 Flyon UI- Open-source components library for Tailwind CSS.

🧩TailBlocks- 60+ different ready to use Tailwind CSS blocks.

🧩Tailwind Components- Community-driven Tailwind CSS component repository.

🧩Tailwind Toolbox- Templates, components and resources.

🧩Meraki UI Components- Beautiful Tailwind CSS components that support RTL languages.

🧩Tailwind Cards- Growing collection of text/image cards.

Building LLM Powered Applications

Building AI Applications with OpenAI APIs

Mastering NLP from Foundations to LLMs

Random curious musings and interesting words about Web Dev on the Internet.

Chrome Canary just killed uBlock Origin and other Manifest V2 extensions - Pour one out for the ad-free Chrome browsing experience tonight. Chrome Canary, the pre-beta release version with the most far-out feature set, just reminded us that top extensions like the beloved uBlock Origin are not long for this Earth. The removal of a custom settings flag previously used to enabledeprecated Manifest V2 extensions(like most popular ad blockers) has begun turning out the lights on the user-friendly Chrome party.

Fuzzing-101 - Fuzz testing (or fuzzing)is an automated software testing technique that is based on feeding the program with random/mutated input values and monitoring it for exceptions/crashes. Do you want to learn how to fuzz like a real expert, but don't know how to start? If so, this is the course for you! 10 real targets, 10 exercises.Are you able to solve all 10?

TikTok’s parent launched a web scraper that’s gobbling up the world’s online data 25-times faster than OpenAI - ByteDance looks like it’s eager to make up for lost time when it comes to scraping the web for data needed to train its generative AI models. The China-based parent company of video app TikTok released its own web crawler or scraper bot, dubbed Bytespider. ByteDance’s bot has quickly become one of the most, if not the single most, aggressive scrapers on the internet, the research shows. It’s scraping data at a rate that’s many multiples of other major companies, such as (Google, Meta,Amazon, OpenAI, and Anthropic, which usetheir own scraper botsto help create and improve their large language or multimodal models, known as LLMs or LMMs.

Wi-Fi Goes Long Range on New WiLo Approach - Researchers have developed a hybrid technology that would combine Wi-Fi with theLong Range (LoRa) networking protocol, yielding a new long-distance wireless concept called WiLo. The research team has designed their proposed WiLo tech to be used on existing Wi-Fi and LoRa hardware. The advance may find applications inInternet of Things(IoT) technologies–such as networks of long-range sensors used in agriculture or smart cities.

What’s New In Python 3.13 - Python 3.13 is the latest stable release of the Python programming language, with a mix of changes to the language, the implementation and the standard library. The biggest changes include a newinteractive interpreter, experimental support for running in afree-threaded mode(PEP 703), and aJust-In-Time compiler(PEP 744). This article explains the new features in Python 3.13, compared to 3.12. Python 3.13 was released on October 7, 2024. For full details, see thechangelog.

What's New in Ruby on Rails 8 - The firstRails 8 betahas officially been released, bringing an exciting set of features, bug fixes, and improvements. Key highlights include an integration with Kamal 2 for hassle-free deployments, the introduction of Propshaft as the new default asset pipeline, and extensive ActiveRecord enhancements. Rails 8 also brings several SQLite integration upgrades that make it a viable option for production use. This blogpost dive into everything that Rails 8 has to offer!

Access logic within a route

First, we want to have a look at when access logic is implemented as part of a specific route ofyour app.

Imagine that you have a text editor app calledtext.myapp, wherein users can write documents and share those documents to be edited by others. Now, imagine a user who wants to save a document with the456ID. This is done with a request totext.myapp/document/456/save. As an example, the following backend code logic shows how the app could make sure that only the owner or people with shared access can savethe document:

// route = /document/[id]/save

if (isLoggedIn()) {

canSave = false;

userId = getUserIdFromLoginSession();

db = getDbConnection();

document = db

.select('author').from('documents')

.where({id: documentId});

canSave = isEqual(document.author, userId);

if (!canSave) {

// check if shared, then also eligible to save

canSave = db.exists('shared_docs')

.whereEquals({ documentId, userId}) }

if (canSave) db.update(content).whereEquals({ documentId }); }

So, when data (contentin the code sample) is sent to the route for saving a specific document with a specific ID, the first check works out whether the user is logged in, while the second and third checks work out whether the user is either the owner of the document or if someone has shared this document with that user. In both cases, that user is allowed to update the document inthe database.

These logic snippets can make the code unreadable pretty quickly. That’s why abstraction into functions such ascanEditDocument(documentId)is a must so that you only have something like this inthe end:

// route = /document/[id]/save

if (isLoggedIn()) {

canSave = canEditDocument(documentId);

if (canSave) db.update(content).whereEquals({ documentId });

}

With this, all of the checks would be inside the logic ofcanEditDocument. This makes it cleaner but definitely notless work.

Your dose of the latest releases, news and happenings in the Web Development industry!

Angular

Latest updates to effect() in Angular - Angular’s developer preview process enables us to give developers a chance to try out APIs and features before they are promoted to production, and allows us the flexibility to adjust those APIs in response to real-world usage and feedback. Through this feedback on theeffect() API during its developer preview, we’ve identified several improvements to the design that will address real issues with both functionality and developer experience. Read about changes to the API here.

Django

Django bugfix release issued: 5.1.2 - The5.1.2bugfix release is here. The release package and checksums are available fromour downloads page, as well as from the Python Package Index.

Laravel

Laravel 11.27 Released - This week, the Laravel team released v11.27, with a configurable default currency in the Number helper, a Str::doesnt Contain() method, Schema::hasTable() performance improvements, and more.

Prism is an AI Package for Laravel - Prism is a powerful Laravel package for integrating Large Language Models (LLMs) into your applications. Using Prism, you can easily use different AI providers using the package's driver pattern, which gives you a unified interface to work with popular AI providers out of the box. Prism has three built-in providers available at the time of writing—Anthropic, Open AI, and Ollama—with the ability to create custom drivers

PostgreSQL

PostgreSQL 17 Released! - ThePostgreSQL Global Development Grouptoday announced the release ofPostgreSQL 17, the latest version of the world's most advanced open source database. This release of PostgreSQLadds significant overall performance gains, including an overhauled memory management implementation for vacuum, optimizations to storage access and improvements for high concurrency workloads, speedups in bulk loading and exports, and query execution improvements for indexes.

Ruby on Rails

The first beta of Rails 8 is out! While the release notes are getting ready, have a look at the changes and give it a go.

DHH keynote from Rails World
The first talk recording from Rails World is up, and David goes over everything that went into Rails 8 and beyond.

Drop support to Ruby 3.1
Rails 8 will require Ruby 3.2.0 or newer.

Add TaggedLogging#logger constructor for more pleasant logging interface
This updates the default logger in production to useActiveSupport::TaggedLogging.logger(STDOUT).

Make Active Model Serialization “read_attribute_for_serialization” public
Since this method was already mentioned in the public documentation, the team decided it’s worth making it public and document the behavior.

Update generated application.css with Propshaft
Now that Propshaft is the only asset pipeline, we no longer need these= requiredirectives in the generated application.css file.

Revert inferring inverse_of for Delegated types
Automatically inferring:inverse_ofis incompatible with records that do not declare inverse associations. The team decided to revert this change to unblock the release of Rails 8.

Svelte

Legacy components can now be manually instantiated asynchronously with thesyncoption (5.0.0-next.237,#12970)

Theeachblock is now much better in SSR mode - removing an unnecessary declaration and caching the length of the array before iterating over it (5.0.0-next.242,#13060)

A callstack will now appear if an infinite loop is detected - with the last ten effects printed out - in development mode (5.0.0-next.246,#13231)

Projects that use@sveltejs/enhanced-imgshould see a much smaller bundle thanks to module variables being inlined into the template (5.0.0-next.246,#13075)

There are now a11y warnings for<button>/<a>elements that are missing an aria-label and content (5.0.0-next.250,#13130)

Animations now take into accountzoomwhen calculating transforms (5.0.0-next.254,#13317)

<svelte:self>is now deprecated in runes mode. It's not necessary since components can now import themselves (5.0.0-next.256,#13333)

svelte-check, the CLI is used by almost every Svelte project, is now much smaller (repo,post)

And that’s a wrap.

P.S.: If you have any suggestions or feedback, or would like us to feature your project on a particular subject, please write to us. Just respond to this email!