Work log, 12022-01-17
I’ve been doing these “work logs” publicly for a week now. The process is easy – when I sit down to start a workday, I start a new Markdown file. During the day I document what I’m doing, broadly, noting things like breakthroughs, frustrations, insights, useful links that come up. At the end of the day, instead of just forgetting the document exists, I commit it to my blog repo. Perhaps the public nature of this will come back to bite me at some point, but for now this is having a positive effect on me. In particular:
- It keeps motivation fairly high because I see progress.
- The public nature pushes me to continue (even if nobody is reading this).
- The process has built-in rubber ducking.
- I have gotten feedback from friends who have pointed out ways to do things better.
- Links accumulate somewhere useful and relevant.
- There’s a scratchpad for ideas always handy.
This last bit is kind of big. For a few years now I’ve maintained a general purpose scratchpad, but it’s a mess and rarely fit for purpose. At best it serves as a storage for text that doesn’t have a clear home yet. At worst, it’s a dumping ground for half-baked ideas, but without any context or chronology. This isn’t necessarily a more coherent dumping ground, but it has some context at least.
Anyway, I’m going to continue this for a while at least. See how it goes.
Upgrading some Frontend code
Noting all of the above, the point about motivation is real, but it certainly isn’t guaranteed.
So, a solid three hours were spent chasing dependencies. I wanted to get rid of critical security vulnerabilities as reported by NPM, but of course doing so required upgrading some packages. Except, circular dependencies. After fighting this for about half an hour, I figured I’d go through one by one, manually check the most recent version, update the
package.json appropriately, and continue until done. Except, of course, there were dozens of packages that could depended on ancient versions of other packages.
Three hours in, I had reduced the size of
node_modules from an initial 767MB to a somewhat less horrific 401MB. How anybody justifies hundreds of megabytes of dependencies nested for an application that currently consists of about 2000 lines of code, I cannot imagine. The fact that half of the dependencies don’t do anything nontrivial just makes it worse.
Amusingly, after all of this, I still get warnings of “15 moderate severity vulnerabilities” – but if I run
npm audit fix --force as it suggests, then a bunch of processing happens, after which it reports that now I have “144 vulnerabilities (4 low, 122 moderate, 16 high, 2 critical)”, in addition to nothing working anymore. Which appears to be the opposite of what auditing was for. Thankfully rolling back from that stupidity was easy.
My original plan was to convert this project to Typescript, but I have zero actual desire to spend more time with this junk today. Maybe tomorrow, or maybe I’ll figure something else out.
To round off the day with something useful after running out of steam, I updated a few libraries, documented some stuff, and drew some diagrams. Yay.
Anyway, I’ll stop complaining now. There’s more work to be done – thankfully, not on the frontend.
Current methods for web API authentication appear to be:
- OAuth / OAuth2
- JWT (JSON Web Tokens)
- OpenID Connect
- Homerolled bearer tokens (Bad Idea™)
JWT appears to be the easiest to use, but managing it from the frontend requires some level of magic.
Here are some React-oriented resources: