JavaScript Jabber

• How Holepunch Is Redefining Peer-to-Peer Apps with Bare.js — A New Era for JavaScript Developers -JSJ 681

  In this episode, we sit down with Mathias Madsen, CEO of Holepunch, and take a wild ride through the cutting edge of peer-to-peer JavaScript development. Mathias shares his journey from accidentally discovering JavaScript in college to becoming a prolific contributor with over 1,500 open source modules. His passion? Building decentralized, peer-to-peer systems where JavaScript isn’t just for the browser—it powers the entire stack.We dive deep into how Holepunch is reimagining application distribution with their Pear system —essentially turning peer-to-peer into a first-class citizen for distributing full applications, not just files. No hosting, no servers — just apps shared directly, BitTorrent-style. And because packaging and distributing Node-based apps can be painfully complex, they took things a step further by building a new runtime: Bare.jsBare.js is refreshingly "bare": it strips away the heavy, opinionated APIs bundled into Node or Deno, leaving just the JavaScript core and a powerful module system. What’s revolutionary here is Bare's ability to run the same codebase across desktop, mobile, and even tiny embedded devices—swapping out engines like V8, JavaScriptCore, or JerryScript depending on the platform's needs. This allows Mathias' team to write backend logic once, share it across all platforms, and iterate at lightning speed.Key takeaways:-Peer-to-peer can go far beyond media sharing — it's being used for full app distribution.-Bare.js decouples JavaScript from specific platforms, creating a universal backend that just works anywhere.-Modular design isn't just a philosophy — it's the secret to Holepunch’s rapid development pace.-The combination of React Native for UI and Bare.js for backend creates an insanely productive development pipeline, fully cross-platform.If you’re into JavaScript, peer-to-peer tech, or just love hearing about developers breaking the mold, this one’s for you.About the GuestMathias is the CEO of Holepunch (https://holepunch.to/). He brings his passion for open-source software, and deep experience in the area, having  published more than 1000 modules to npm, the Node.js package manager, totaling billions of downloads every month.Mathias Buus is a self taught Javascript hacker from Copenhagen. He works full time on open source projects and has been working with Node.js since the 0.2 days. Mathias likes to work with P2P and distributed systems and is the author of more than 550 modules on npm, including some of the most popular ones for working with streams. In addition he has spoken about mad science projects at various conferences around the world.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

  --------  

  1:06:23
• Migrating a Legacy JavaScript Codebase to TypeScript - JSJ 680

  In this episode, Dan and I (Steve) dove deep into what turned out to be a surprisingly complex, yet incredibly insightful topic: gradually migrating a massive legacy JavaScript project over to TypeScript. We're talking about nearly 1,000 JS files, 70,000+ lines of code, and years of developer history—all transitioning carefully to a typed, modern future.Dan walked us through how he started by setting up the project for success before converting even one file—getting CI/CD ready, setting up tsconfig.json, sorting out test dependencies, dealing with mock leaks, and even grappling with quirks between VS Code and WebStorm debugging.We talked tools (like TS-ESLint, concurrently, and ts-node), why strict typing actually uncovered real bugs (and made the code better!), and why it’s crucial not to touch any .js files until your TypeScript setup is rock solid.Key Takeaways:Gradual migration is 100% possible—and often better—than ripping the bandaid off.TypeScript can and will catch bugs hiding in your JavaScript. Be prepared!Use VS Code extensions or TS-Node to support your devs’ tooling preferences.Don't underestimate the setup phase—it’s the foundation of long-term success.Start small: Dan's team converted just one file at first to test the whole pipeline.If you’re sitting on a legacy JS project and dreaming of TypeScript, this episode is your blueprint—and your warning sign.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

  --------  

  1:25:42
• TypeScript, Security, and Type Juggling with Ariel Shulman & Liran Tal - JSJ 679

  In this episode, we dove headfirst into the swirling waters of TypeScript, its real-world use cases, and where it starts to fall short—especially when it comes to security. Joining us from sunny Tel Aviv (and a slightly cooler Portland), we had the brilliant Ariel Shulman and security advocate Liran Tal bring the heat on everything from type safety to runtime vulnerabilities.We started off with a friendly debate: Has TypeScript really taken over the world? Our verdict? Pretty much. Whether it’s starter projects, enterprise codebases, or AI-generated snippets, TypeScript has become the de facto standard. But as we quickly found out, that doesn’t mean it’s perfect.Key Takeaways:-TypeScript ≠ SecurityWe tend to trust TypeScript a bit too much. It’s a build-time tool, not a runtime enforcer. As Liran pointed out, “TypeScript is not a security tool,” and treating it like one leads to dangerous assumptions.-Type Juggling is Real (and Sneaky)We explored how something as innocent as using as string on request data can open the door to vulnerabilities like HTTP parameter pollution and prototype pollution. Just because your IDE is happy doesn’t mean your runtime is.-Enter Zod – Runtime Type Checking to the Rescue?Zod got some love for bridging the dev-time/runtime gap by validating data on the fly and inferring TypeScript types. But even Zod isn’t foolproof. For example, unless you're using .strict(), extra fields can sneak past your validations, leading to mass assignment bugs.-Common Developer FallaciesWe discussed the misplaced confidence developers have in things like code coverage and TypeScript alone. One of the big takeaways: defense in depth matters. Just like testing, layering your security practices (like using Zod, type guards, and proper sanitization) is key.-TypeScript Best Practices Are EvolvingFrom discriminated unions to avoiding any, from using Maps over plain objects to prevent prototype pollution—TypeScript developers are adapting. And tools like modern Node.js now support type stripping, which makes working with .ts files at runtime a bit easier.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

  --------  

  1:32:43

More Business podcasts

Trending Business podcasts

About JavaScript Jabber

JavaScript Jabber: Podcasts in Family