How much damage can a malicious package do to a static site, and what can be done about it?
I accidentally discovered a huge browser security bug. Here's what it does, and how I discovered it…
Array.isArray works, and how we can use symbols to create our own type-matching functions.
When writing async functions, there are differences between
return await, and picking the right one is important.
createImageBitmap to make SVG render off the main thread.
"HTTP/2 push will solve that" is something I've heard a lot when it comes to page load performance problems, but I didn't know much about it, so I decided to dig in.
HTTP/2 push is more complicated and low-level than I initially thought, but what really caught me off-guard is how inconsistent it is between browsers – I'd assumed it was a done deal & totally ready for production.