33 Matching Annotations
  1. Last 7 days
    1. using modulesOnly behaves exactly as expected when it warns you that the listed npm libraries do not use the ES6 format and are in fact ignored. This option is meant as a way to determine if you still have commonjs libraries in your dependencies that require special treatment via rollup-plugin-commonjs. Your code will probably not work since the listed dependencies will be missing. You should remove modulesOnly and instead add rollup-plugin-commonjs.
    1. The difference between default and named affects how other people can consume your bundle. If you use default, a CommonJS user could do this, for example:

      include the following content

    2. In other words for those tools, you cannot create a package interface where const lib = require("your-lib") yields the same as import lib from "your-lib". With named export mode however, const {lib} = require("your-lib") will be equivalent to import {lib} from "your-lib".
    1. globals are assumed to have their field value on the window object and can be referenced inside the bundle by their field name globals: { name: 'Value', }, assumes that some other script tag or whatever establishes window.Value and the emitted umd bundle for example, calls the factory like factory(global.Value). So globals is just stuff to bring into the factory on the globals object. It doesn't even make it "global" inside the bundle. Basically, the resolver does not check the globals object during the loading process. The resolver needs to be told how to link these globals and that's what the external option is for. external: ['name'], Then you can reference it like import myName from 'name'; myName();
    2. we've learned why you might want to use external but not globals: libraries. We've started to factor some of our client-side JS as libraries to share between projects. These libraries import $ from 'jquery'. However they don't want to presume how that import might be "fulfilled". In most projects it's fulfilled from a global i.e. a script loaded from a CDN. However in one project it's fulfilled from a local copy of jQuery for reasons I won't get into. So when these libraries bundle themselves for distribution, as ES6 modules, they mark 'jquery' as an external and not as a global. This leaves the import statements in the bundle. (Warning: Don't bundle as an IIFE or UMD, or Rollup will guess at fulfilling the import from a global, as @Rich-Harris mentions above.)
  2. Aug 2020
  3. Jul 2020
  4. May 2020
  5. developer.chrome.com developer.chrome.com
    1. If a user clicks on that button, the onclick script will not execute. This is because the script did not immediately execute and code not interpreted until the click event occurs is not considered part of the content script, so the CSP of the page (not of the extension) restricts its behavior. And since that CSP does not specify unsafe-inline, the inline event handler is blocked.
    1. If you’re selling products and keep record of users’ choices for marketing purposes, dividing them into meaningful categories, such as by age, gender, geographical origin etc., you’re profiling them.
  6. Apr 2020
    1. A website (also written as web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server
    1. In math, idempotence describes only unary functions that you can call on their own output. Math-idempotence is, “If you take the absolute value of a number, and then you take the absolute value of that, the result doesn’t change on the second (or subsequent) operations.” Math.abs is math-idempotent. Math-idempotence only applies to functions of one parameter where the parameter type and return type are the same. Not so useful in programming.
    1. Since the authenticity token is stored in the session, the client cannot know its value. This prevents people from submitting forms to a Rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery). If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.
  7. Mar 2020
    1. The process of collecting and storing user consent from a technical perspective
    2. First-party cookies are the lifeblood of every website, enabling businesses to remember key pieces of information about users and to collect analytics data. Third-party cookies are the bread and butter of AdTech, allowing publishers to monetize their websites, and brands to run advertising and marketing campaigns.
    1. They are in place to prevent brute forcing a password. If you had to complete these every time you login, a person has to be there to answer it. This makes it so you can’t leave a guessing software to break your password. So, in short, it's for your account’s safety.
    1. The visitors of that blog post will get third-party non-essential cookies unless they previously set their browser to block cookies.
    1. the feature was dropped to “lack of use.”

      I don't find the reason "lack of use" sufficient in its own right. (I personally didn't use this feature.) People might not use it because they don't know about. And those that do use may find it extremely useful; it's not their fault if others don't know about it or use. It seems to discriminate a bit against the minority who may use a useful feature. They would rather be in the majority, safe from having one of their favorite features removed.

      But I do understand and appreciate the good explanation given below.

  8. Feb 2020
  9. Dec 2019
    1. So if you create one backup per night, for example with a cronjob, then this retention policy gives you 512 days of retention. This is useful but this can require to much disk space, that is why we have included a non-linear distribution policy. In short, we keep only the oldest backup in the range 257-512, and also in the range 129-256, and so on. This exponential distribution in time of the backups retains more backups in the short term and less in the long term; it keeps only 10 or 11 backups but spans a retention of 257-512 days.
    1. Neutrino only babel-compiles first party source (the JSX -> JS transformation is handled by a babel plugin). It does this because even when using the module entry in package.json, it's expected that the provided file (and it's imports) still be JS and not in some other format - ie: the only difference from the content in main should be that it can use modules syntax (that is import and export rather than require etc).

      module version compared to main version:

      only difference from the content in main should be that it can use modules syntax (that is import and export rather than require etc).

      You can see the difference in this example: https://unpkg.com/browse/reactstrap@8.0.1/es/Alert.js ("module": "es/index.js": import) vs. https://unpkg.com/browse/reactstrap@8.0.1/lib/Alert.js ("main": "lib/index.js": require)

  10. Nov 2019
    1. Oh, is it like Object.assign() then? Almost like Object.assign({}, divElement, {newProp: 'newProp'})?

      React.cloneElement(divElement, {newProp: 'newProp'})

      is a lot like

      Object.assign({}, divElement, {newProp: 'newProp'})?

    2. React.cloneElement() allows us to clone a runtime element (not the class), and apply an enhancement to it.
  11. Oct 2019
    1. well explained article
    2. Rack middleware is more than "a way to filter a request and response" - it's an implementation of the pipeline design pattern for web servers using Rack. It very cleanly separates out the different stages of processing a request - separation of concerns being a key goal of all well designed software products.
    1. It would be safer to just register the JS entrypoints and automatically add CSS packs if there are any required by that JS. Webpacker does this already. Check your webpacker.yml and ensure that extract_css is false. This will prevent webpacker from separating the 2 files.
    1. You probably have extract_css: true in your webpacker.yml. This removes import '../scss/index'; and generates the equivalent style sheet. You do need to add stylesheet_pack_tag yourself.
    1. React is hanging on to a reference to previous functions because memoization typically means that we keep copies of old values to return in the event we get the same dependencies as given previously
  12. Sep 2019