今日已更新 233 条资讯 | 累计 20205 条内容
关于我们

标签:#webdev

找到 1521 篇相关文章

AI 资讯

10 Useless NPM Packages You Didn't Know You Needed

We have all been there. You are staring at your screen late at night, trying to optimize a bundle size, or debugging an enterprise pipeline that has been failing for three hours straight. The mainstream development community constantly tells us to only install packages that are high performance, audited for security, and strictly necessary for production. But where is the fun in a perfectly clean node_modules folder? Sometimes, the ultimate way to level up your engineering workflow is to inject some absolute chaos into your dependencies. Why spend hours writing robust logic when you can install a library that brings pure irony to your terminal? Let us dive into ten packages that might look completely useless on the surface but are actually the most important modules you will ever encounter in your developer journey. 1. emoji-poop This NPM package lets you use the poop emoji in your output. The emoji is well required in most of the websites as the real fun begins when the site crashes and you can use this poop emoji to showcase the errors with an emoji. This will help the clients get a bit calm after seeing the emoji and the errors. Think about it from a psychological perspective: traditional red stack traces cause immediate client panic, but a well-placed graphical poop emoji introduces a masterclass in modern error mitigation. javascript // npm i emoji-poop const emoji = require('emoji-poop'); console.log(emoji) // 💩 2. thanos-js Who doesn't love Marvel, and Thanos being the strongest villain in the MCU? This package lets you delete files in Thanos fashion. Once you install and run it, it deletes 50% of your files, reducing your stress and giving you less codebase to work with. Yes, it deletes the files for those who are confused about what this package does. It uses fs.unlinkSync to delete the files. Deleting random files from .git would be absolutely evil, and Thanos would love to do it. Exactly half of the files are deleted. Each file is given a chance at random

2026-07-09 原文 →
AI 资讯

How Secure is Your Password? Calculating Shannon Entropy in the Browser

We've all seen password strength meters on sign-up forms. Most of them rely on simplistic, static rules: "Must contain at least 8 characters, one number, and one special character." But from a mathematical standpoint, these rules are a poor proxy for actual password security. A password like Tr0ub4dor&3 conforms to these rules but is far easier to compromise than a randomly generated four-word passphrase like correct-horse-battery-staple . To truly measure password security, we have to look at information theory and compute its Shannon Entropy . Here is how password entropy works, the math behind it, and how you can calculate it directly in the browser with 100% client-side privacy. What is Password Entropy? In cryptography, entropy is a measure of the unpredictability or randomness of a password. It is expressed in bits . An entropy of $N$ bits means there are $2^N$ possible combinations that an attacker would have to guess in a worst-case brute-force search. < 28 bits: Very weak (easily guessed in milliseconds). 28 to 35 bits: Weak (cracked in minutes or hours). 36 to 59 bits: Reasonable protection (days to months). 60 to 127 bits: Very strong (takes years to decades to crack). 128+ bits: Extremely secure (mathematically unfeasible to crack). The Mathematical Formula To calculate the entropy ($E$) of a password, we use the following equation: $$E = L \times \log_2(R)$$ Where: $L$ is the length of the password (number of characters). $R$ is the size of the pool of unique characters from which the password is drawn. $\log_2(R)$ is the binary logarithm of the pool size, representing the amount of information carried by each character. Determining Pool Size ($R$) To find $R$, we analyze which character sets are present in the password string: Lowercase letters ( a-z ): 26 characters Uppercase letters ( A-Z ): 26 characters Numbers ( 0-9 ): 10 characters Common special characters/punctuation: 33 characters (e.g., !@#$%^&*()-_=+[]{}|;:',.<>/? etc.) If a password uses ch

2026-07-08 原文 →
开发者

MarkDown - что это?

MarkDown - что это? [[Markdown]] — это язык разметки, с упрощенным до человекочитаемости синтаксисом. Markdown — создан Джоном Грубером ( John Gruber ) в 2004 году. Markdown — это фактически "микро" язык для трансляции "текста markdown"в подмножество языка XHTML. Markdown - итоговая презентация текста всегда документ HTML , и только потом если нужно следующим шагом PDF, др. стандарты документации. Markdown принципиально не может задействовать весь потенциал XHTML, результатом его работы всегда является ограниченный набор элементов. Markdown — это транслятор который при анализе интегрированного в "текст" markdown HTML/XHTML кода обязан по стандарту просто его транслировать в итоговый образ документа. Markdown — это, если цитировать автора > «Markdown — это инструмент преобразования текста в HTML для веб-писателей. Markdown позволяет писать в легко читаемом и удобном для написания текстовом формате, а затем преобразовывать его в структурно корректный HTML. ║ John Gruber » Примечание Термин транслятор , не обходимо понимать как сущность алгоритм Я не нашел программу реализующая концепт MarkDown по принципам John Gruber. Ни одна программа не умеет делать из Markdown валидный по John Gruber HTML. Все проверенные мною программы Obsidian, MarkText, Typora, на выходе из 10 строк генерируют портянку HTML в несколько тысяч строк!!! Причина Obsidian, Typora и MarkText используют Markdown не для веб-писателей и блогеров, а как формат хранения баз знаний (Knowledge Management)**. John Gruber - Wikipedia

2026-07-08 原文 →
AI 资讯

The API-First SaaS Manifesto: How to Architect a Production-Grade Application in 2026 Without Building Microservices

Every junior developer or solo software engineer falls into the exact same engineering trap: They conflate writing code with building a business. They spend their initial excitement phase setting up intricate user database authentication schemas, writing custom cron jobs for automated subscription reminders, or building heavy background pipelines just to resize a user’s uploaded logo image. By the time their local environment is "infrastructure perfect," weeks have passed. The momentum is gone, burnout sets in, and the repository is abandoned before ever tasting real production traffic. In 2026, computing power has completely shifted to specialized edge layers. Infrastructure has become commoditized. If you are wasting creative bandwidth trying to compete on backend pipelines instead of focusing entirely on your unique value proposition, you are systematically killing your startup. Here is the architectural matrix to decouple your operational infrastructure and shift to a lean, hyper-scalable API-first codebase. Part 1: The Production Infrastructure Decoupling Layer The golden rule of modern systems design is clear: Your application should only maintain two core pillars internally—your proprietary business logic and your core user state database. Everything else—from security to user tracking—is a solved problem that should be offloaded to third-party micro-services. Let’s look at the financial and time trade-offs of building versus outsourcing across critical technical vectors: Microservice Vector The Native Way (High Friction) The 2026 API Standard Launch Velocity Impact Merchant of Record Raw Stripe API + Custom Tax Calculators Lemon Squeezy / Paddle Saves 5 days of legal & accounting setup Feature Rollouts Custom Postgres feature-flag logic loops GrowthBook / LaunchDarkly Zero deployment overhead for major pivots Customer Feedback Manual tables + Admin CRUD boards Featurebase API Instant roadmaps directly inside frontend Media Compression AWS S3 triggers + Edge

2026-07-08 原文 →
开发者

JavaScript Functions: Basic Concepts You Should Know

Introduction When learning JavaScript, one of the first concepts you’ll encounter is functions. Functions are the building blocks of JavaScript. They help you organize code, avoid repetition, and make your programs easier to understand. If variables store data, functions define behavior . You’ll use functions everywhere: handling user input, processing data, calling APIs, and structuring your code. In this article, we’ll cover: What is a function Function declarations Function expressions Parameters vs arguments Return values Arrow Functions Why Functions Matter 1. What is a Function? A function is a reusable block of code designed to perform a specific task. Think of it like a machine: Input → Process → Output function greet () { console . log ( " Hello! " ); } To run the function, you call it: greet (); // Hello! 2. Function Declaration This is the most common way to define a function: function add ( a , b ) { return a + b ; } 💡 Explanation: Defined using the function keyword Can be called before it is declared (because of hoisting) Key parts: function → keyword add → function name a, b → parameters return → output value add (); // ✅ Works! function add ( a , b ) { return a + b ; } 💡 Why does this work? JavaScript reads the code first, and function declarations are stored in memory during the initial phase (hoisting) . That’s why you can call the function even before it’s defined in the code. 3. Function Expressions Functions can also be stored in variables: function add ( a , b ) { return a + b ; } 💡 Explanation: Assigned to a variable Cannot be used before initialization add (); // ❌ Error: Cannot access before initialization const add = function ( a , b ) { return a + b ; }; 💡 Why does this cause an error? Because: const add has not been initialized yet when it is called. The function itself is not in memory at that moment . 4. Parameters vs Arguments This is a common beginner confusion: Parameter: variable in function definition Argument: actual value passed i

2026-07-08 原文 →
AI 资讯

Make your content answer-first so AI models actually cite it

If you want ChatGPT or Google's AI Overviews to quote your pages, structure matters more than volume. Retrieval systems favor passages where the answer is stated plainly and can stand alone. Here's a practical way to test and fix your content. Step 1 — Define the question the page answers Write it as a literal user query. How much does a website cost for a small business in the UK? Step 2 — Extract your current answer passage Copy the first two or three sentences from your page. Paste them somewhere without any extra context. Ask yourself: Does this work as a direct answer? If it only makes sense after reading earlier paragraphs, it doesn’t pass the extraction test. Step 3 — Rewrite answer-first Lead with the conclusion, stated as a fact, then support it. Before: "We get asked about pricing a lot, and honestly it's one of the trickiest questions to answer..." After: "A small-business website in the UK typically costs £1,500–£6,000 for a brochure site and £6,000–£20,000+ for e-commerce. The price depends on three things: page count, payment functionality, and custom vs template design." Step 4 — Test extractability with a model Send the passage to an LLM and check whether it returns a clean, single answer. Use a system prompt that mimics retrieval behavior. System: You are a retrieval system. From the passage below, extract the single most direct answer to the user's question. If no self-contained answer exists, reply "NO_EXTRACTABLE_ANSWER". User question: How much does a website cost for a small business in the UK? Passage: If you get NO_EXTRACTABLE_ANSWER or a vague summary, your structure needs work. Step 5 — Reinforce with structured data Markup question and answer pages with FAQPage schema so the question/answer pairing is machine-readable as well as human-readable. json { " @context ": " https://schema.org ", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "How much does a website cost for a small business in the UK?", "acceptedAnswer": { "@t

2026-07-08 原文 →
AI 资讯

Is True Database Elasticity Still a Myth?

Is True Database Elasticity Still a Myth? A New Reality Unfolds Introduction For years, the promise of truly elastic, "serverless" databases felt like a mirage in the desert of database management. We were told of systems that could scale to zero during idle periods and burst to handle monumental loads, all while paying only for what we used. The reality, however, often fell short: many solutions were merely cleverly packaged auto-scaling groups, saddling organizations with expensive idle costs and the persistent headache of capacity planning. This bred a healthy skepticism among developers and operations teams alike. Fortunately, that narrative is finally shifting. A new generation of distributed database architectures is emerging, fundamentally redefining what "elasticity" means. These aren't just incremental improvements to connection pooling or replica sets; they represent a paradigm shift towards truly decoupled compute and storage layers, enabling dynamic resource allocation at an unprecedented, granular level – even per query. This tutorial will explore this architectural evolution and demonstrate conceptually how it delivers on the long-awaited promise of genuine pay-as-you-go database services. Understanding the Architecture: A Conceptual Walkthrough The core innovation driving this new wave of elasticity lies in the complete decoupling of compute and storage layers . Traditionally, a database instance (a VM or container) held both its processing power (CPU, RAM) and its local storage. Scaling meant provisioning larger instances or adding more replicas, each with fixed compute and storage capacities, leading to inefficiency. In the modern elastic database, these functions operate independently: Storage Layer: This is a highly distributed, shared storage fabric – often an optimized, resilient object store – that handles data persistence, replication, and durability. It scales automatically based on your data volume, and you typically pay only for the storage

2026-07-08 原文 →
AI 资讯

Ship a 'Go Live' button: OBS in, LL-HLS out, webhooks in between

TL;DR We're adding live streaming to a SaaS dashboard: a backend endpoint that creates a stream, OBS as the broadcaster over RTMPS, LL-HLS playback with hls.js, and a webhook handler that keeps the UI honest. Working "go live" flow in an afternoon. 📦 Code: github.com/USER/repo (replace before publishing) Webinars, coaching sessions, company town halls: sooner or later your product gets the "can users go live?" ticket. The hard parts (ingest servers, transcoding, CDN delivery) are exactly the parts you should not build. We'll use FastPix as the managed layer here; the same flow works nearly line-for-line on Mux, Cloudflare Stream, or api.video. What we're building: A backend endpoint that creates a live stream and returns a stream key An OBS setup broadcasters can follow in two minutes A viewer page playing LL-HLS with hls.js A webhook handler that flips the webinar between scheduled → live → ended 1. Create the stream server-side 🛠️ You need API credentials (Access Token ID + Secret Key). FastPix uses Basic auth on the server API. Node 20.x, plain fetch , no SDK required (though official Node.js/Python/Go/Ruby/PHP/Java/C# SDKs exist if you prefer). // server/routes/streams.js import { Router } from " express " ; const router = Router (); const AUTH = " Basic " + Buffer . from ( ` ${ process . env . FP_TOKEN_ID } : ${ process . env . FP_SECRET } ` ). toString ( " base64 " ); router . post ( " /webinars/:id/stream " , async ( req , res ) => { const r = await fetch ( " https://api.fastpix.io/v1/live/streams " , { method : " POST " , headers : { " Content-Type " : " application/json " , Authorization : AUTH }, body : JSON . stringify ({ playbackSettings : { accessPolicy : " public " }, }), }); if ( ! r . ok ) return res . status ( 502 ). json ({ error : " stream create failed " }); const stream = await r . json (); // persist against your webinar row: // streamId, streamKey (SECRET!), playbackId await db . webinar . update ( req . params . id , { streamId : stream . str

2026-07-08 原文 →
AI 资讯

I added nested CSV to JSON support to a free browser-based converter

I built JSON Utility Kit as a small browser-based toolkit for everyday JSON tasks. The CSV to JSON converter recently got an update for nested JSON structures. For example, headers like user.name, user.email, order.id can be converted into nested objects instead of flat keys. What it supports: CSV to JSON conversion Nested object output from dot notation headers Browser-side processing No signup JSON formatting and validation tools nearby Tool: https://jsonutilitykit.com/tools/csv-to-json/ GitHub: https://github.com/kejie1/json_utility_kit

2026-07-08 原文 →
AI 资讯

The Turborepo + Bun + Biome stack behind a 40-package monorepo

Forty packages, one maintainer, and no ESLint config anywhere in the repo. That is not a boast - it is the direct result of a decision made early: every tool in the toolchain has to earn its place by governing all forty packages from one config file, not forty. The repo is flare-engine , a modular 2D engine for React Native + Web (animation, gamification, interactive UI, with games as showcases - not a game engine, not a Unity or Godot competitor). The stack behind it is Turborepo Bun Biome , and this post is the actual setup: the real turbo.json , the real biome.json , the real CI guardrail, straight from the repo (trimmed only where a config is long, and I say so where I trim), not a starter template's idealized version. Four binaries, four root configs - turbo.json , biome.json , tsconfig.base.json , and the Changesets config - each governing all forty packages at once (Bun's own "config" is just the workspaces array in the root package.json ). Plus a CI step that fails the build the moment a package imports something it shouldn't. That is the whole story, and I want to show you the files, not describe them. Four binaries, not twelve config files The thesis is narrow: a solo maintainer can keep forty packages honest only if there is exactly one config of each kind, and every package extends it rather than declaring its own variant. Twelve packages each with a slightly different ESLint config is not a monorepo, it is twelve monorepos wearing a workspace file as a costume. Here is the root package.json that runs all of it - Bun workspaces (not pnpm; that distinction matters and I will say it again below), the script table every package leans on, and the pinned package manager: // C:\_PROG\flare-engine-workspace\flare-engine\package.json { "name" : "flare-engine" , "version" : "0.0.0" , "private" : true , "workspaces" : [ "packages/*" , "benchmarks" , "apps/*" ], "scripts" : { "build" : "turbo build" , "test" : "turbo test" , "lint" : "turbo lint" , "typecheck" : "t

2026-07-08 原文 →
AI 资讯

You don't own your reading list. You rent it.

Here is an uncomfortable one: you do not own your reading list. You rent it. Every "follow" button you have pressed in the last decade put your reading relationship inside a company's database, where it can be ranked, throttled, or ended the day the business model changes. You did not sign anything. You just stopped owning it. It was not always like this. Feeds were the quiet machinery that kept the web interoperable. RSS and Atom meant a site, a reader, and a robot could all agree on the same stream without asking anyone's permission. You published once, and anything could read it: whatever app, whatever order, no algorithm in the middle. Then it eroded. Plenty of sites ship no feed at all now, and "follow us" quietly became "create an account on someone else's platform." The reason is not mysterious. Platforms had every incentive to close the loop, because a feed lets you leave, and an account does not. So the industry swapped "here is my stream, read it however you like" for "log in to see updates," and a generation of sites simply stopped publishing feeds, because the platform was where the audience was. That is the trade you made without noticing. The open format that asked nothing of you got replaced by a login that asks for everything. Your reading list used to live in your reader and survive a company changing its mind, its ranking, or its whole business. Now it lives in their database and survives exactly as long as they allow. Getting it back is not nostalgia. It is infrastructure for independence: tooling that treats feeds as a first-class citizen, aggregates the sources you actually choose, and keeps that stream under your control instead of a platform's. The full case for why this is worth fixing, and what feed-first tooling looks like, is here: https://mederic.me/blog/open-web-feeds So, honestly: how many of the people and sites you follow could you still read tomorrow if the platform in the middle disappeared tonight?

2026-07-08 原文 →
AI 资讯

Building an AI Side Project That Actually Ships — Lessons from Shipping 3 MVPs

I've lost count of how many AI side projects I started and abandoned. The pattern was always the same: a spark of excitement, two weeks of frantic coding, then the slow fade into yet another half-finished repo collecting dust on GitHub. But something changed in the last two months. I shipped three AI-powered MVPs to real users. Not all of them made money, but every single one taught me something about what it actually takes to go from "cool idea" to "working product." Here's what I learned. The brutal truth about AI side projects When I started my first real AI project back in February, I had grand ambitions. I was going to build a content summarizer that would pull articles from any URL, analyze sentiment, and generate Twitter threads. I spent three weeks obsessing over the perfect prompt engineering, containerizing the whole stack with Docker, and setting up a complex pipeline using LangChain and Pinecone. Then I showed it to a friend. "Can I just paste a link?" she asked. I had built an entire orchestration layer, but the input field was buried behind two authentication screens. The project died that weekend. Here's the thing I keep rediscovering: AI side projects fail not because the technology doesn't work, but because we over-engineer before we have users. The three MVPs that actually shipped After that failure, I changed my approach. I decided to ship something—anything—every two weeks. No matter how ugly. No matter how incomplete. The goal was to have a URL someone could visit and use. MVP #1: A dead-simple blog title generator I built this in a single afternoon. The entire frontend was a text box and a button. Backend? A single Node.js endpoint that called OpenAI's API with a prompt like: "Generate 5 catchy blog titles about [topic]." Here's the code that powered it (I've simplified it, but this is the gist): import express from ' express ' ; import OpenAI from ' openai ' ; const app = express (); const openai = new OpenAI ({ apiKey : process . env . OPENAI

2026-07-08 原文 →
AI 资讯

Agentic AI: Good Upfront Design Pays You Back Later

I spend a lot of time preaching architecture and constraints, so it is always nice when a side project gives me receipts. Adding this new feature to DumbQuestion.ai was a good reminder that a well-structured first version lets you spend your next iteration on value, not repair. Below, you will find a few relatively simple challenges and how thoughtful, upfront design made the changes effortless. To vibe or not to vibe ... Many developers jump right in and just rip out an app, ship fast, let the coding agent sort it out, come back and deal with it later. To be fair, that absolutely can get you to first release faster. But even on a solo project, a little proper SDLC discipline pays back later when you want to extend the product without turning every feature into a rescue mission, which is a theme that already runs through how I have been building DumbQuestion.ai. Extend this to the enterprise and you turn a little upfront effort into potential huge savings on token spend Roasting starup pitches (for sport) ... The core idea for Startup Roast was simple enough: take a startup pitch, roast it, and add a reality-check section so the output is not just mockery for mockery’s sake. To illustrate (and avoid just vaguely describing the feature) I picked a random but highly upvoted pitch from Product Hunt: Vida . Vida, which pitches itself as an “AI clone” that learns how you work, remembers what matters, and becomes a “second you,” with early use cases like Reply Rescue, Prompt Rescue, Resume Rescue, Workspace Cleanup, and Daily Wrap. This is a pretty common target use case of agentic AI making it a solid candidate. If you want to skip ahead, here's an example roast for Vida. Combining a preliminary web "market search" into the content yielded a result that was not just sarcastic, but informed. The roast hit the obvious AI-clone positioning, questioned whether the product was really a clone versus a macro suite, and then turned the market context into a sharper Reality Check

2026-07-08 原文 →
AI 资讯

Aesecnryption demo site

I rebuilt aesencryption.net so text AES (128/192/256) runs fully in the browser - the key and plaintext never leave the page. The hard part is staying byte-compatible with common server-side AES libraries (mode, IV, padding, base64 output), so I ship copy-paste equivalents in PHP, Java, Python, Go, Rust, Kotlin and JS. Live tool (mine, free): https://aesencryption.net - feedback on the crypto choices welcome. My own site.

2026-07-08 原文 →
开发者

The New HTTP QUERY Method

If you've ever built a search endpoint, you've hit this wall. Your query has filters, sort orders, a nested set of facets, maybe a geo bounding box. It doesn't fit in a URL, and cramming it into query string params is ugly and fragile. So you reach for POST /search , send the whole thing as a JSON body, and quietly accept that you've just lied about what the request does. It's not creating anything. It's a read. But POST is the only tool that lets you attach a body without fighting the platform. That gap finally got filled. In June 2026 the IETF published RFC 10008 , which defines the HTTP QUERY method: a new verb built for exactly this case. The two bad options Every read that needs structured input has been stuck choosing between GET and POST, and both are wrong in their own way. GET is the semantically correct choice. It's safe (the client isn't asking to change anything), it's idempotent (retrying it is fine), and it's cacheable. The problem is the body. RFC 9110 is explicit that content in a GET request has no defined semantics , and sending one may cause some implementations to reject the request. So your query has to live in the URI, where you run into unknown length limits across proxies and servers, encoding overhead, and the query landing in access logs and browser history. POST solves the body problem and creates a new one. It carries any payload you want, but it's neither safe nor idempotent by definition. Intermediaries won't cache it, clients won't retry it automatically after a dropped connection, and anything inspecting traffic has to assume the request might have side effects. You get the body, you lose everything that made the request honest. QUERY is the missing third option: a method that carries a body and keeps the semantics of a read. What QUERY actually is The spec, authored by Julian Reschke, James Snell , and Mike Bishop, describes it in one sentence: A QUERY requests that the request target process the enclosed content in a safe and idempo

2026-07-08 原文 →
AI 资讯

What We Learned Rewriting an Interactive Map Editor: Fabric.js, CORS, and 20,000 Lines of Legacy TypeScript

A story about how migrating an interactive office map editor turned into an engineering investigation involving Fabric.js, tainted canvas , and an architecture that's finally easy to extend. In most software projects, one sentence usually makes every developer nervous: "Let's rewrite this module from scratch." It often means months of development, regression risks, and endless architecture discussions. Our project was no different. We develop, a workspace management platform that allows companies to manage office spaces and book desks. One of its core features is an interactive office map editor, where administrators upload floor plans, place desks and meeting rooms, and publish maps for employees. Over the years, this editor slowly evolved into a real monolith. And the problem wasn't simply the number of lines of code. Where It All Started The editor dated back to the AngularJS era. The main component had gradually grown into a single file responsible for almost everything: loading maps working with Fabric.js CRUD operations keyboard shortcuts dialogs saving event handling The main editor component alone contained nearly 2,270 lines of code . Behind it lived another codebase — the map engine itself. Almost 20,000 lines of TypeScript spread across more than 230 files. One of the biggest architectural issues was an infinite rendering loop. fabric . util . requestAnimFrame (() => this . tick ()); Even when the user wasn't interacting with the editor, rendering continued forever. It worked. But every new feature became more expensive to build. Why We Decided to Rewrite It The motivation wasn't AngularJS itself. The real reason was business requirements. The product needed completely new capabilities: map drafts safe publishing high-quality printing multiple workspace modes easier support for new object types Every new feature pushed harder against the existing architecture. Eventually it became obvious: We weren't fighting individual bugs anymore. We were fighting the

2026-07-08 原文 →