Ever heard of timing attacks? Turns out timing attack vulnerabilities are pretty common. It’s unclear to me how practical those attacks are, but I wouldn’t risk it.

Accessibility audits can be daunting to get started with. Here are my recipes to deliver accessibility audits for web projects, combining multiple layers of automation with manual testing to get the best of both worlds.

I’ve spent a lot of time thinking of how best to structure React projects over the last few years. This is especially important when React is a central part of the project’s front-end tech stack, as React in itself has very few opinions about how to organize code (it’s a library, not a framework). Here are my notes.

Here are my thoughts on what front-end developers should focus on when learning React. There are a lot of resources on there – this is more about identifying what exactly you should spend time on, and in what order, for people who are already well versed in building UIs with HTML, CSS, and a sprinkle of JavaScript.

Updating a codebase from one ESLint config to another can be daunting, especially if switching to something more strict. This post proposes a methodology to do those config overhauls step by step, and get the benefits of a new config without putting in all of the effort upfront.