If you spend a lot of time on Hacker News, it’s easy to get taken by the allure of building a web app without a framework. There are a bunch of potential advantages (no bloat! bespoke to your project!) and being able to say you built something with minimal dependencies gets you Engineer Points. That is if you can pull it off.
JWTs are becoming a popular way of handling auth. This post aims to demystify what a JWT is, discuss its pros/cons, and cover best practices in implementing JWT on the client-side, keeping security in mind.
Your page may contain code or data for a component or resource that isn’t immediately necessary. For example, part of the user-interface a user doesn't see unless they click or scroll on parts of the page. This can apply to many kinds of first-party code you author, but this also applies to third-party widgets such as video players or chat widgets where you typically need to click a button to display the main interface.
You know it's important, but it’s difficult to pick a validation library, and if you start writing your own custom validation it can quickly start to feel very messy. You may wonder, is adding request validation to an Express API really this difficult?!