Last year I was doing a code review for a startup. Everything looked fine on the surface, clean code,...
Last year I was doing a code review for a startup. Everything looked fine on the surface, clean code, good structure, tests passing.
Then I noticed this:
const query = `SELECT * FROM users WHERE email = '${req.body.email}'`
Enter fullscreen mode
Exit fullscreen mode
TypeScript passed it clean. The code reviewer approved it. It shipped to production. Three months...
Last year, a security audit uncovered a vulnerability in our production environment. The finding: we...
The codebase had 2 years of feature PRs and zero security audits. In 30 minutes, a fresh ESLint run surfaced 6 distinct…
We had one of those bugs that looked small from the outside, but exposed a much deeper architecture...
Reconciling the mantine-datatable supply chain breach. Why we avoided UI library bloat to build a safe, zero-dependency Next.js…
Supply chain attacks on the npm ecosystem have quietly become one of the most effective ways...
