this post was submitted on 16 Sep 2024
12 points (92.9% liked)
Web Development
3434 readers
1 users here now
Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development
What is web development?
Web development is the process of creating websites or web applications
Rules/Guidelines
- Follow the programming.dev site rules
- Keep content related to web development
- If what you're posting relates to one of the related communities, crosspost it into there to help them grow
- If youre posting an article older than two years put the year it was made in brackets after the title
Related Communities
- !html@programming.dev
- !css@programming.dev
- !uiux@programming.dev
- !a11y@programming.dev
- !react@programming.dev
- !vuejs@programming.dev
- !webassembly@programming.dev
- !javascript@programming.dev
- !typescript@programming.dev
- !nodejs@programming.dev
- !astro@programming.dev
- !angular@programming.dev
- !tauri@programming.dev
- !sveltejs@programming.dev
- !pwa@programming.dev
Wormhole
Some webdev blogs
Not sure what to post in here? Want some web development related things to read?
Heres a couple blogs that have web development related content
- https://frontendfoc.us/ - [RSS]
- https://wesbos.com/blog
- https://davidwalsh.name/ - [RSS]
- https://www.nngroup.com/articles/
- https://sia.codes/posts/ - [RSS]
- https://www.smashingmagazine.com/ - [RSS]
- https://www.bennadel.com/ - [RSS]
- https://web.dev/ - [RSS]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You shouldn't eat candy given to you by strangers. If you're in a large group and someone knows the candy, maybe. Code is food for your computer. Be wary. Our large Open Source group of friends has learned about many kinds of candy and shouts loudly when some in the group becomes ill. You don't want to become ill. Some risk exists, but with a large group it is generally ok. Don't install packages as root, don't install what you don't need.
I run my frontend builds through Docker (also during development). By isolating access to the host system to the files/folders necessary for development I've shielded off the majority of current realistic attacks I've seen as NPM based exploits. I'm certain the approach can be replicated for other frameworks, but we use Ember and docker-ember. I doubt it runs as smoothly on a non-Linux OS.
Can you provide a guide for how to use containers for that? I'm not familiar with them so I have no idea how to do that.
You could find out about the way we do it at https://github.com/madnificent/docker-ember but I would not if I were you.
The real risk, today at least, does not seem utterly huge. Jumping in this rabbit hole of containers is another topic in itself. I suggest continuing your learning as you do now and maybe revisit this later. You will learn faster that way.
Feel free to check what we did on the link above and ask questions later or whenever you feel ready for this topic.
I don't really understand a lot of things in the repo
I'll have a look at it sometime later thanks
For now I have made a container image with node installed in it after following some guides
I enter the project directory and then run this
podman run -it --rm -p 8080:8080 -v $(pwd):/app/$(basename "$PWD"):z my-node-image:latest
Looks good to me.
docker-ember largely automates such a setup with specific mounts for linking node modules from other folders, being able to bind to localhost for when you run the backend on your own machine, and exposing ports for livereload. May include other secret sauce. Some of that is closely tied to EmberJS.
I'm a fan of using tools you understand. What you show here is comprehensible and sufficient for now👌