This stuff becomes complex super quick when you are working on a medium to large size application. The first rule of web development the first rule of web security rather is never trust user data. All user data is evil. So Joi should probably sit as the first step between your processing and the place where the API sends the data to the back end. Therefore, you should pretty much never touch any user data before it has been sanitized and has been passed through a Joi schema.
So like it’s probably a very important library for any backend project. Of course, you can download Joi from npm install joi, and use joi.dev as a documentation place.
The next library which we also use and is very useful but a very small one is this tiny invariant. Now, what this library is? If you have ever used typescript you know that a lot of times typescript would complain that your value might be undefined, false, or null. Where you would see that the error object, maybe undefined or may be null.
Now a lot of times it is possible that you know for sure that the object is not null because of a status flag or something else which is related. But you might not be able to show that to typescript. So you just have two options: the first option is that you force cast it using the exclamation mark in typescript or the second option is you use a package like invariant. That is pretty much like saying that hey I’m so much confident that my type or my variable exists, that I’m willing to just blow up my program if it does not exist on the runtime.
So it’s almost like an assert statement. But it’s used a lot with typescript code bases where you just say I mean in this case it says condition but it’s completely fine with just a regular value as well. For example, you can just import this package invariant and write something which is undefined or string. The moment you do that in the next line from that point typescript will not complain that it’s undefined. Because this line typescript recognizes that if it is in fact undefined this code it’s gonna throw an error so that’s something.
The third library which we use is from dropbox and this is named zxcvbn. I have no idea why this is named in this way. So what this library does is that it allows you to add a nice password strength dialog box on your websites.
For example, If you go to codedamn, on the registration part you’re gonna see there a little helper. When you start typing in for the password and start typing “hello” this little help appears down the line. Which tells you that ‘this is a vulnerable password’, ‘this is a relatively weaker password’, or ‘you can see this is a very common password’ and you also get a strength. Now all of this is happens offline. You are not sending any data online or you’re not sending this password to any password checker or anything.
This is a lightweight library that helps you compute all of that information. So if you’re somebody who’s implementing a registration with the password with emails I believe this is an important library to have. Because even though you do have hashing at the back end and you are storing it with decrypt or some hashing algorithm still it’s important for users to have a bit of secure password just for their own sake.
Another package that we use a lot is this nano id package. You would have seen a lot of nano ids that go down in the URL structure. So anytime there’s a news article or a new course item you’re gonna see the unique identifier in that course item. This is basically a nano id or just a package that generates a tiny secure URL-friendly unique string identifier. Now I mean you would still find a lot of functions basically generating them for you online. But it’s based it’s easier and it’s a better choice to have a package like nano id. The reason is that it comes up with a few advantages in terms of speed in terms of safety in terms of URL friendliness and so on.
So if earlier you used to use UUID as a generator then shift to nano id because UUID is way too long and nano id made perfect sense. Primarily because it uses well fewer characters and less length which was ideal for us for generating these unique identifiers. It does not contain any special characters question marks hash symbols nothing like that and it just works. So it’s easy to just plug it into your system and forget about it.
So those were the five packages listed out of a lot of packages that we use. I found that these were a few packages that were not probably known by a lot of people. So there you go if you like this article make sure you leave a comment below. Let me know which one is your favorite package.