53 posts tagged with "dev"

(for security purposes)

• Globally:
  • run npm config set ignore-scripts true
  • this will populate ~/.npmrc
• Per repo:
  • create ./.npmrc
  • add ignore-scripts=true into that file

How to setup a Linux VM for an AI CLI to go crazy in (without risk to your host system).

I thought this would be easy (because it's easy to stream from a backend to a frontend and vice versa) but it was not. Let's look at how to stream a file from an S3 connection on a server to another server in Node.js.

I recently had to figure out client-side mTLS certificates. I've never had to deal with them before, and it was quite annoying, so I documented what I learned.

Npm has recently been making a lot of changes around package publish security because of recent supply-chain attacks targeting Npm.

What does this mean for the lonely dev self-publishing packages from their local CLI?

A quick guide on setting up a minimal but secure HTTPS web server on a Debian (12) Linux server.

To create and authorize a new SSH:

1. Run ssh-keygen -t ed25519 on the client machine.
2. Enter an absolute path to your .ssh folder and the name of the id (id_*).
3. Enter a new passphrase twice.
4. Upload the *.pub file to whatever service the SSH key is for, or add it to ~/.ssh/authorized_keys on the host machine.
5. Add the following to the client machine's ~/.ssh/config file (for macOS at least). Be sure to fill in the <fill-me> parts

   Host <choose-a-name>
       HostName <ip-or-domain-here>
       User <username>
       AddKeysToAgent yes
       UseKeychain yes
       IdentitiesOnly yes
       IdentityFile ~/.ssh/<your-non-pub-id-file-name>
   
6. Connect with ssh choose-a-name (use the name you entered next to Host in the config file).

For cleaner tsc (TypeScript compiler) output: pipe its output into my package tidy-tsc:

npm i -g tidy-tsc

npx tsc | tidyt
npx tsc -b | tidyt # etc.

# in one of my packages
npm run compile | tidyt

| tidyt cleans up the tsc output so instead of seeing tons of logs for every single file's errors like this:

src/file.ts:9:18 - error TS2304: Cannot find name 'missingValue'.
9 const value = missingValue;
                ~~~~~~~~~~~~
src/file.ts:18:15 - error TS7006: Parameter 'char' implicitly has an 'any' type.
18         .map((char, index) => (index % 2 ? char.toUpperCase() : char.toLowerCase()))
                 ~~~~
src/file.ts:18:21 - error TS7006: Parameter 'index' implicitly has an 'any' type.
18         .map((char, index) => (index % 2 ? char.toUpperCase() : char.toLowerCase()))
                       ~~~~~
Found 3 errors.

All you see is this:

Failed files (1):

src/file.ts

My (very) opinionated Git conventions. If you follow these, you will be much less likely to create messed up git histories, and your git setup will make much more sense.

An idea for a postmortem template.