trust.js but verify

KBall, Jerod, and Nick break down some recent events in the JavaScript world. Take a dive into the recent event-stream malware attack, breaking down the State of JavaScript 2018 survey, and sharing pro tips to make your life better.

Discuss on Changelog News

Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!

Sponsors

• Gauge – Low maintenance test automation! Gauge is free and open source test automation framework that takes the pain out of acceptance testing.
• Rollbar – We catch our errors before our users do because of Rollbar. Resolve errors in minutes, and deploy your code with confidence. Learn more at rollbar.com/changelog.
• DigitalOcean – DigitalOcean is simplicity at scale. Whether your business is running one virtual machine or ten thousand, DigitalOcean gets out of your way so your team can build, deploy, and scale faster and more efficiently. New accounts get $100 in credit to use in your first 60 days.

Featuring

• Kevin Ball – Twitter, GitHub, LinkedIn, Website
• Nick Nisi – Twitter, GitHub, Website
• Jerod Santo – Twitter, GitHub

Notes and Links

The event-stream incident

• FallingSnow’s initial issue that made it public
• npm yanked the package and reported on the attack
• Listen to Dominic Tarr discuss it on The Changelog (broken link until 2018-12-5)
• Could this be a copy-cat of this Hackernoon article from earlier this year?

The State of JS survey

• Check out the survey (and rad website) right here
• KBall recommends Mel Summer’s talk from EmberFest 2018

Pro Tips

• Jerod cites Eugen Kiss’s Lean Testing post (More commentary here)
• Nick recommends some handy git aliases from Cory Frang
• KBall’s tip is a .clone() of Nick’s debugging trip from episode 46

Never forgot to trust.js but verify. 😉

Something missing or broken? PRs welcome!