With the advent of WebAssembly (home) there has never been a better time to learn Rust on top of your existing JavaScript and Node.js knowledge for high performance computing in the browser, on the server and on the edge.

Adding Rust to your tech stack on top of Node.js is a match made in heaven as Rust provides advanced support for WebAssembly and WebAssembly binary format is runnable in Node.js.

With this deep dive, you will get up and running using Rust. …

How to call logic from one programming language into another language?

Approach #1: Remote Procedure Calls (RPC)

Running code in completely separate, isolated programs/processes, and using inter-process communication (IPC) or other networking protocols (TCP or higher-level protocols built on top of TCP like HTTP, often with a REST-ful API, or some form of RPC system) to send information between the two processes/microservices that have been written in different languages.


  • relatively straight-forward
  • works with almost any programming language
  • each subsystem is fully isolated from the other
  • each system can be debugged in a language idiomatic manner


  • must define shared protocol
  • can result in redundant, duplicated code
  • protocols must be kept in sync
  • changes must be backward-compatible…

Adding type annotations to your pure JavaScript code.

JSDoc is an API documentation generator for JavaScript. You add documentation comments directly to your source code. The JSDoc tool will scan your source code and generate an HTML documentation website for you.

JSDoc comments are surrounded by /***/ to differentiate it from normal JS block comments (surrounded by /* …. */)

/* this is a normal JavaScript block comment (only one star) *//** this is a JSDoc comment (notice the two stars at the beginning) */

As far as I know, Visual Studio Code offers the best experience for JSDoc with tag auto-completion and JSDoc auto-generation.

Note: these…

Fix “module not found” errors once and for all.

Have you ever gotten Nest can’t resolve dependencies errors when running your tests in Nest.js?

When you create a project with the Nest CLI, your tsconfig.json will look something like:

"compilerOptions": {
"module": "commonjs",
"declaration": true,
"removeComments": true,
"emitDecoratorMetadata": true,
"experimentalDecorators": true,
"allowSyntheticDefaultImports": true,
"target": "es2017",
"sourceMap": true,
"outDir": "./dist",
"baseUrl": "./",
"incremental": true,
"skipLibCheck": true

The issue with that configuration is that in Visual Studio Code, when you use auto importing, it will generate a relative path starting from the src/ folder.

When running tests with Nest.js…

How to help the TypeScript compiler help you.

Mastering type narrowing in TypeScript is a crucial skill since the TypeScript typing system is not like in other languages like Java, Go or Rust. TypeScript being a superset of JavaScript, it uses structural type equivalence evaluation instead of nominal type evaluation.

This means that types are checked based on the structure of objects instead of if they are an instance of some class. …

How to enforce the absence of extra properties in objects passed as arguments.

Let’s look at some code.

type Toto = { a: string; };const myFunc = (param: Toto) => {
// here we can be pretty sure that param.a is a string
// ... though we can't be sure that we don't have a param.b or whatever
myFunc({ a: 'valid a' }) // okmyFunc({ a: 'valid a', b: 'what'}) // great a type errormyFunc({ a: 'valid a', ...{b: 'what'}}) // no type error :'(const myVar = {
a: 'valid a',
b: 'what'

The main emphasis of this project is to provide recommendations on how to design software applications. In this article from github are presented some of the techniques, tools, best practices, architectural patterns and guidelines gathered from different sources.

Everything below should be seen as a recommendation. Keep in mind that different projects have different requirements, so any pattern mentioned in this article can be replaced or skipped if needed.

Code examples are written using NodeJS, TypeScript, NestJS framework and Typeorm for the database access.

Though patterns and principles presented here are framework/language agnostic, so above technologies can be easily replaced…

In the following npm cheatsheet, we’re going to focus on 10 npm security best practices and productivity tips, useful for JavaScript and Node.js developers.

1) Avoid publishing secrets to the npm registry

Whether you’re making use of API keys, passwords or other secrets, they can very easily end up leaking into source control or even a published package on the public npm registry. You may have secrets in your working directory in designated files such as a .env which should be added to a .gitignore to avoid committing it to a SCM, but what happen when you publish an npm package from the project’s directory?

The npm CLI…


This article is focused on providing clear, simple, actionable guidance for providing Input Validation security functionality in your applications.

Goals of Input Validation

Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering malfunction of various downstream components. Input validation should happen as early as possible in the data flow, preferably as soon as the data is received from the external party.

Data from all potentially untrusted sources should be subject to input validation, including not only Internet-facing web clients but also backend feeds over extranets…


The objective of the cheat sheet is to provide a proposal of approach regarding the handling of vulnerable third-party dependencies when they are detected and depending on different situations.

The cheat sheet is not tool-oriented but it contains a tools section informing the reader about free and commercial solutions that can be used to detect vulnerable dependencies, depending on the level of support on the technologies at hand.

Note: Proposals mentioned in this cheat sheet are not silver-bullet (recipes that work in all situations) yet can be used as a foundation and adapted to your context.


Most projects use third-party…

Florian GOTO

Still learning

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store