This week's finds (Week 3)

twf
frontend
javascript
solid
framework
npm

  12/07/2021, 17:41

Welcome to the next episode of This week's finds! Apologizes for the break from posting something here. I hope I can compensate for it with today's blog. The topics number is a bit smaller, though we will dive deeper into each of them. So without wasting time, let's start.

Solid

Someone could say - new week, a new JavaScript framework, and they would be absolutely right. But I want to believe that Solid will be different. The library itself is React-like in terms of API, usage of JSX, and unidirectional data flow. Don't get deceived though, the devil is in the details. Solid doesn't use virtual DOM or some extensive diffing to update the view layer. It's using fine-grained reactivity to update things only when they change. 

Primitives

Keys to its reactivity system are simple primitives. The first glance, they can look to you like React Hooks. And the thought would be mainly right. These are fundamental state containers that are reactive themselves. If you use them, they will automatically update in every place where they're used. So if it's not virtual DOM or some diffing mechanism, you could ask how does it work? With the usage of proxies, Solid will know when you changed the value of these primitives. And according to that, it will just update the places when they are used. It's stupid simple. 

Performance and familiarity

If you ever read about Svelte, the approach can sounds familiar to you. I can even take it further and tell you that Solid is a compiler as well. But through its explicitness in the reactivity system, it can achieve much better results in terms of performance. Actually, it's one of the top-notch performers among frontend frameworks. Ryan Carniato - the author of Solid, committed two excellent articles about his conquest of the benchmarks. If you only have a while, I can recommend reading both of them. You can find them here and there.

However, the foremost familiarity there will be for React developers. Lack of DSL, just JavaScript through JSX. Even as I said, the API itself is based on React. And because of the fact that most frontend developers use React nowadays, maybe we will finally have some more performant alternative. Moreover, I saw people integrating both libraries with each other.

Fully-featured

Lastly, but not least - Solid has most of the features that you could think of. Fragments, portals, context, suspense, error boundaries, lazy components, SSR and Hydration, etc. The only thing it lacks now is the community building amazing things with it, and that's why I am describing it there. If I successfully interested you in Solid, here, you can find the website. Excellent tutorial and documentation are waiting just for you!

npm audit: Broken by design

That's the title of a new article made by Dan Abramov - a member of the React team. The whole post is published here, and I'm gladly inviting you to read it. Long story short, the article is about how npm audit is often giving false alarms. 

For me, it was an entertaining read in particular. I experienced the exact things that Dan himself described in the past. I got info about "vulnerabilities" thrown into my face by npm. One of the Tailwind dependencies had some sort of RegEx DOS vulnerability. And I stupidly tried to fix it by running an npm audit fix. Of course, it didn't help, but I got a notification about how running it with a force flag can help. So I did, and I regretted it immediately. Tailwind definitely didn't want to work anymore.

Obviously, no tool can be perfect, and this one is no exception. But the most important thing for me is that we can take a lesson from it. And one thing that Dan said has hit particularly close to home for me. "We have trained an entire generation of developers to either not understand the warnings due to being overwhelmed, or to simply ignore them because they always show up but the experienced developers (correctly) tell them there is no real issue in each case." That reminds me of when I got to my first serious job. While setting up the project, I got above one thousand warnings. I was horrified, I didn't think that I should expect that, but everyone else brushed it off. If you are more interested in this topic, I really recommend you reading Dan's article. 

And that's the end - thank you for reading. I hope we will go without such breaks in the future. All I can say is - have a nice week. There is probably another blog post coming soon, so stay tuned.