notes

My personal notes and bookmarks about various web-dev topics. Originally collected in our internal bookmarking system, but now moved and re-organzied here.

Mainly collected from older projects, all this needs a massive review, but may save you some time googling....however many may be outdated.

see also list of others:

• awesome-nodejs
• Essential JavaScript Links.
• awesome-wpo
• Curated list of awesome lists

my video list on YouTube:

• https://www.youtube.com/playlist?list=PLR2I3D2deb53AisyD6QJABIbrW5Kd-7HE

Algorithms

Catalogues

• https://en.wikipedia.org/wiki/List_of_algorithms
• http://www3.cs.stonybrook.edu/~algorith/
• https://xlinux.nist.gov/dads/, https://xlinux.nist.gov/dads/termsArea.html

Books

• Data Structures and Algorithms with JavaScript http://shop.oreilly.com/product/0636920029557.do
• Algorithm-Design-Manual-Steven-Skiena https://www.amazon.com/Algorithm-Design-Manual-Steven-Skiena/dp/1848000693?ie=UTF8&redirect=true&tag=thealgorithmrepo

Software Prinicples

• DRY

• YAGNI

• SOLID

  • SRP The Single Responsibility Principle The single responsibility principle
  • OCP The Open Closed Principle The open closed principle
  • LSP The Liskov Substitution Principle Liskov Substitution Principle
  • DIP The Dependency Inversion Principle Dependency Inversion Principle
  • ISP The Interface Segregation Principle The principle of the separation of interface

• https://www.youtube.com/watch?v=llGgO74uXMI very good video

• http://sub.watchmecode.net/solid-javascript-presentation/

• http://martinfowler.com/bliki/Yagni.html

Architecture

• http://www.codingthearchitecture.com/
• http://www.martinfowler.com/
• Architectural Styles and the Design of Network-based Software Architectures http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
• Enterprise Integration Patterns https://www.enterpriseintegrationpatterns.com/index.html

Microservices

• The Microservices Workflow Automation Cheat Sheet https://blog.bernd-ruecker.com/the-microservice-workflow-automation-cheat-sheet-fc0a80dc25aa
• http://microservices.io/
• Patterns http://microservices.io/patterns/index.html
• Introduction by NGINX https://www.nginx.com/blog/introduction-to-microservices/
• https://leanpub.com/microservices-book/
• Microservices Security: All The Questions You Should Be Asking

REST

• Architectural Styles and the Design of Network-based Software Architectures http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm

• RESTful Web Services (book) http://shop.oreilly.com/product/9780596529260.do

IDLs For Web Services

• Swagger, OAI http://swagger.io/
• RAML http://raml.org/

GraphQL

• https://webapplog.com/graphql/

Web Components, Widgets, Mashups

• http://blogs.windows.com/msedgedev/2015/07/14/bringing-componentization-to-the-web-an-overview-of-web-components/

• http://webcomponents.org/articles/

• [An Addendum to Why Web Components Aren't Ready for Production Yet](<http://tjvantoll.com/2014/07/18/an-addendum-to-why-web-components-arent-ready-for-production-yet)

• [A W3C Custom Elements Alternative]http://webreflection.blogspot.sk/2014/07/a-w3c-custom-elements-alternative.html

• [Style tools for UI components]https://suitcss.github.io

• http://www.stevesouders.com/blog/2012/05/22/self-updating-scripts/

• https://www.sitepen.com/blog/2008/08/01/secure-mashups-with-dojoxsecure/

AST, grammars, etc..

Java

• http://depfind.sourceforge.net/
• http://www.antlr3.org/

JS

• http://www.graspjs.com - heavy usage for QA checks
• https://github.com/tweakjs/ast-tree - TODO: review
• https://github.com/benjamn/recast, JavaScript syntax tree transformer, nondestructive pretty-printer, and automatic source map generator
• https://github.com/estools/estraverse see also other modules used by 'plato'
• https://www.sitepoint.com/understanding-asts-building-babel-plugin

Dependency Trees:

• https://github.com/mrjoelkemp/node-dependency-tree

• https://github.com/pahen/madge

• https://github.com/auchenberg/dependo

• https://github.com/siddharthkp/cost-of-modules

CSS

• https://github.com/stoyan/gonzales-ast
• https://github.com/macbre/analyze-css (not really AST but usefull)

Compatibility Matrixes

• CLI caniuse http://davidwalsh.name/caniuse-command-line

• CLI compat-table (kangax) https://github.com/ainthek/compat-table

• http://caniuse.com/

• https://kangax.github.io/compat-table/es6/

• https://status.modern.ie/

• https://www.chromestatus.com/features

• CSS Compatibility and Internet Explorer

• http://fmbip.com/litmus

• http://www.quirksmode.org/compatibility.html

• http://modernizr.com/

• X-Frame-Options compatibility test

ES5, ES6

• https://github.com/medikoo/es5-ext

• JavaScript and the living ECMAScript Standard http://webreflection.blogspot.de/2015/01/javascript-and-living-ecmascript.html

• ES6 In Depth Articles https://hacks.mozilla.org/category/es6-in-depth/

• es6-equivalents-in-es5 https://github.com/addyosmani/es6-equivalents-in-es5#template-literals

• exploring-es6 (book) https://leanpub.com/exploring-es6/read

• http://es6-features.org/

• https://github.com/bevacqua/es6/blob/master/readme.markdown

JS Module systems

TODO: cleanup this section

• https://dojotoolkit.org/documentation/tutorials/1.10/modules/

• https://addyosmani.com/writing-modular-js/

• https://github.com/substack/browserify-handbook#node-packaged-manuscript

• http://webreflection.blogspot.sk/2013/02/javascript-modules-maybe.html

• https://medium.freecodecamp.com/javascript-modules-a-beginner-s-guide-783f7d7a5fcc#.hlzo9a219

• https://www.airpair.com/javascript/posts/the-mind-boggling-universe-of-javascript-modules

Progressive Enhancement

• The JavaScript-Dependency Backlash: Myth-Busting Progressive Enhancement
• progressive-reduction

Visualisation and Charting

• http://www.datavizcatalogue.com/

• http://www.jsgraphs.com/

• PlantUML

• http://ditaa.sourceforge.net

• http://dexvis.com/, https://github.com/PatMartin/Dex

• http://www.codingthearchitecture.com/, https://structurizr.com/

• https://leanpub.com/visualising-software-architecture

Regular Expressions

• https://www.youtube.com/watch?v=EkluES9Rvak
• https://leaverou.github.io/regexplained/
• https://regex101.com/ - test various Flavors
• https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions

Performance

• Best Practices for Speeding Up Your Web Site, yahoo

• http://www.stevesouders.com/blog/

• High Performance Web Sites, Essential Knowledge for Front-End Engineers

• Web Performance Daybook Volume 2, Techniques and Tips for Optimizing Web Site Performance

• http://www.phpied.com/conditional-comments-block-downloads/

• Optimization-killers by petkaantonov

Online Perf. Test Websites

• http://www.webpagetest.org

Image Optimization Tools

• https://addyosmani.com/blog/image-optimization-tools/
• Smush it - is dead
• https://www.npmjs.com/package/imagemin

CSS

• https://github.com/addyosmani/critical-path-css-tools

Security

• https://www.hacksplaining.com/

• https://www.youtube.com/user/OWASPGLOBAL

• Mario Heiderich http://www.slideshare.net/x00mario?utm_campaign=profiletracking&utm_medium=sssite&utm_source=ssslideview

• http://matasano.com/articles/javascript-cryptography/

• Tangled Web Book http://www.nostarch.com/tangledweb.html

• HTTP access control (CORS) https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

• Content Security Policy https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy

• https://blog.mozilla.org/javascript/2015/02/26/the-path-to-parallel-javascript/

• http://docs.spring.io/autorepo/docs/spring-security/3.2.0.CI-SNAPSHOT/reference/html/csrf.html

• Github CSRF Tutorial, JWT Fun https://github.com/stormpath/roadstorm-jwt-csrf-tutorial

• https://github.com/Netflix/sleepy-puppy

External Modules/Libs (node, java) Dependencies Vulnerability Scanners, Advisory

• https://nodesecurity.io

• https://snyk.io/

• https://www.owasp.org/index.php/OWASP_Dependency_Check

• https://snyk.io/blog/publishing-malicious-packages/

Stateles Auth

• https://auth0.com/blog/stateless-auth-for-stateful-minds/

"ClearText JWS"

• OAI/OpenAPI-Specification#1464

• https://dzone.com/articles/json-message-signing-alternatives

JCS - JSON Cleartext Signature

• https://cyberphone.github.io/doc/security/jcs.html

Linked data Signatures

• https://w3c-dvcg.github.io/ld-signatures/
• https://github.com/digitalbazaar/jsonld-signatures

SAML , OAuth, Open Connect, JWT, JWA

• Dancing with OAuth: Understanding how Authorization Works https://medium.com/@imashishmathur/0auth-a142656859c6

• No Way, JOSE! Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid

• JWT, JWS and JWE for Not So Dummies! (Part I) https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3

• XML DSig vs. JSON Web Signature https://community.apigee.com/articles/21711/dsig-part-3-xml-dsig-vs-json-web-signature.html

• Full-Scratch Implementor of OAuth and OpenID Connect Talks About Findings https://medium.com/@darutk/full-scratch-implementor-of-oauth-and-openid-connect-talks-about-findings-55015f36d1c3

• Spring Team evaluating various OAuth2 solutions and libs spring-projects/spring-security#3907 (comment)

• Choosing an SSO Strategy: SAML vs OAuth2 https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/

• https://developers.google.com/oauthplayground

• http://jwt.io/

• https://github.com/dwyl/learn-json-web-tokens interesting links at least

• http://anvil.io/

• Github JJWT https://github.com/jwtk/jjwt

• https://www.jwtinspector.io/

OpenId Connect

• https://www.youtube.com/watch?v=Kb56GzQ2pSk

• http://openid.net/connect/

• http://nat.sakimura.org/2012/01/20/openid-connect-nutshell/

• http://nat.sakimura.org/2013/07/28/write-openid-connect-server-in-three-simple-steps/

• http://fr.slideshare.net/zeronine1/open-id-connect-lecture-for-mit

• https://github.com/GluuFederation

iframes

• https://www.tinfoilsecurity.com/blog/protect-your-website-from-embedded-content-iframe-security
• http://seclab.stanford.edu/websec/framebusting/framebust.pdf

Security Headers

• Guidelines for Setting Security Headers https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers
• List of useful HTTP headers https://www.owasp.org/index.php/List_of_useful_HTTP_headers

Attacks and Vulns

• xss.io https://github.com/evilpacket/xss.io (web will go down on 30.9.2015, this is the code)
• ReDoS https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
• JSON regexp is Bypassable] http://blog.mindedsecurity.com/2011/08/ye-olde-crockford-json-regexp-is.html
• https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

CSS

Shaped Corners/Borders

• Slanted Corner http://stackoverflow.com/questions/7059597/slanted-corner-on-css-box
• Old fashion solution http://meyerweb.com/eric/css/edge/slantastic/demo.html
• CSS Polygons https://alastairc.ac/2007/02/dissecting-css-polygons/
• Furture http://lea.verou.me/2013/03/preview-border-corner-shape-before-implementations/

(Unused) Selectors

• http://addyosmani.com/blog/removing-unused-css/
• http://andy.edinborough.org/CSS-Stress-Testing-and-Performance-Profiling

CSS Tools

• Remove unused styles from CSS https://github.com/giakki/uncss
• JS Plugins for CSS processing https://github.com/postcss/postcss

dojo CSS

• https://dojotoolkit.org/reference-guide/1.10/dijit/themes.html

Testing

• UI Testing (my repo with links and notes) https://github.com/ainthek/ui-testing
• Why I use Tape Instead of Mocha and So Should You

Streams

Node:

• https://nodejs.org/api/stream.html
• https://github.com/substack/stream-handbook
• https://github.com/dominictarr/event-stream
• http://ejohn.org/blog/node-js-stream-playground/ bit old ;-(

Algs:

• https://www.mapr.com/blog/some-important-streaming-algorithms-you-should-know-about

Reactive Programming

• https://gist.github.com/staltz/868e7e9bc2a7b8c1f754

• http://blog.ractivejs.org/posts/whats-the-difference-between-react-and-ractive/

• http://www.flapjax-lang.org

• http://conal.net/papers/simply-reactive/old-tech-report-superceded.pdf

• https://www.sitepen.com/blog/2017/02/27/functional-reactive-programming-and-observables-in-javascript-typescript-and-dojo-2/

Libs:

• https://github.com/kriszyp/alkali

Async

• http://www.2ality.com/2016/03/promise-rejections-vs-exceptions.html
• https://blog.getify.com/promises-wrong-ways/
• https://github.com/petkaantonov/bluebird/wiki/Promise-anti-patterns

Getters/Setters/Observable/Computed properties

Anything that relates to modeling state changes, computed properties, etc. in JS

• http://webreflection.blogspot.sk/2011/02/btw-getters-setters-for-ie-6-7-and-8.html

• https://www.manning.com/books/rxjs-in-action

• https://facebook.github.io/immutable-js/, https://www.sitepoint.com/immutability-javascript/

• https://github.com/jfairbank/revalidate/blob/master/README.md Books:

• https://www.manning.com/books/grokking-reactive-user-interfaces

Static Web Sites (Generators)

• http://designmodo.com/static-website-generators/
• https://staticsitegenerators.net, https://github.com/bevry/staticsitegenerators-list - 409 documented
• https://www.staticgen.com, https://github.com/netlify/staticgen - 126 documented
• TODO: find web site with FEATURES compared

Web Scraping

• https://www.httrack.com
• https://www.npmjs.com/package/cheerio-cli

Node.js 'desktop frameworks'

we may start here:

• http://www.tivix.com/blog/nwjs-and-electronjs-web-technology-desktop/

Modules Comparison (JS, node)

• https://npmcompare.com

Online Assesments

• https://realskill.io/tests/1087

ORM

• https://typeorm.github.io/ Object Relational Mapper (ORM) for node.js

ESB

• Understanding integration from a "needs-based" perspective - Mule vs. Servicemix / Fuse ESB https://www.mulesoft.com/resources/esb/understanding-integration-needs-based-perspective-mule-vs-servicemix-fuse-esb

Others

• http://www.grpc.io/
• https://github.com/yyx990803/pod