Block npm from running postinstall scripts

Every npm package when it install is capable of executing an arbitrary code (running on node) on you machine.
package.json
"scripts": { "postinstall: "virtus.js" }

This is a potential backdoor. I bet that sooner or later someone is going to take adventage of it. In order to block npm packages from doing it you can run this command on your machine.
npm config set ignore-scripts true

Not being able to login to npm -- npm adduser not working

In various organisations it is common to code in environment that requires you to connect to a organisation specific repository or to use a specific user. Sometimes you want to push your package to a global npm (https://registry.npmjs.org/) repository and the process doesn't work. What I enjoy doing is to setup a local .npmrc file inside a project structure. Inside it I specify the registry configuration like:

registry = "https://registry.npmjs.org/"

adduser command runs in a scope of a registry. Often when you try to use it it tells you that your username doesn't exist, or user was incorrect because you were verifying against a server that is specified by registry parameter. Without running adduser command often your environment will pickup user credentials that are specified by your systeadmins and are related to a registry that is specific for the organization. That's why when you run following command w/o running ever adduser it often displays username:



If you run adduser command in a directory that has registry set to a different location your result will be different:


It is worth noticing that adduser command doesn't add any lines to local .npmrc file. File will only contain registry entry.

Floating point arithmetic in 21 century

I really hope that entire concept will be dropped one day. Current approach was useful 30 years ago, now we have much more memory and we can do it in a much better way. And yet when I look at JavaScript:
0.1 + 0.2 === 0.3 //false
(0.1 + 0.2) + 0.3 === 0.1 + (0.2 + 0.3) //false


It is all beacause of 0.1 representation in IEEE standard.

s eeeeeeee mmmmmmmmmmmmmmmmmmmmmmm    1/n
0 01111011 10011001100110011001101
           |  ||  ||  ||  ||  || +- 8388608
           |  ||  ||  ||  ||  |+--- 2097152
           |  ||  ||  ||  ||  +---- 1048576
           |  ||  ||  ||  |+-------  131072
           |  ||  ||  ||  +--------   65536
           |  ||  ||  |+-----------    8192
           |  ||  ||  +------------    4096
           |  ||  |+---------------     512
           |  ||  +----------------     256
           |  |+-------------------      32
           |  +--------------------      16
           +-----------------------       2

The sign is positive, that's pretty easy.

The exponent is 64+32+16+8+2+1 = 123 - 127 bias = -4, so the multiplier is 2-4 or 1/16.

The mantissa is chunky. It consists of 1 (the implicit base) plus (for all those bits with each being worth 1/(2n) as n starts at 1 and increases to the right), {1/2, 1/16, 1/32, 1/256, 1/512, 1/4096, 1/8192, 1/65536, 1/131072, 1/1048576, 1/2097152, 1/8388608}.

When you add all these up, you get 1.60000002384185791015625.

When you multiply that by the multiplier, you get 0.100000001490116119384765625, which is why they say you cannot represent 0.1 exactly as an IEEE754 float.

JavaScript Exceptions vs. Errors

A JavaScript exception is a value that is thrown as a result of an invalid operation or as the target of a throw statement. While it is not required that these values are instances of Error or classes which inherit from Error, all exceptions thrown by Node.js or the JavaScript runtime will be instances of Error.

Some exceptions are unrecoverable at the JavaScript layer. Such exceptions will always cause the Node.js process to crash.

This is why you can write:
throw new Exception("foo bar");
throw "foo bar";

No versions found in startbootstrap-sb-admin-2.git

No versions found in https://github.com/IronSummitMedia/startbootstrap-sb-admin-2.git

The problem manifests itself because IronSummitMedia changed it's name to BlackrockDigital and you should go and install a different package from:

https://github.com/BlackrockDigital/startbootstrap-sb-admin-2

gulp-jshint@2.0.0 requires a peer of jshint@2.x but none was installed

Just like in title. When you try to run

npm install

In freshly created mean folder

cd  && npm install

You will probably first see

├── UNMET PEER DEPENDENCY jshint@2.x

Error and then at the very end

npm WARN EPEERINVALID gulp-jshint@2.0.0 requires a peer of jshint@2.x but none was installed.

In order to fix this issue you need to run

npm install --save-dev jshint gulp-jshint

It will show some invalid operations in a console

But at the end it will work.

JavaScript style guides

There are various style guides available on a market for JavaScript. To name a few:

• Crockford's
• Google
• JQuery
• Dojo

For many years I was always suggesting to stick to Crockford convention, and use his book as a reference. But because people don't read books, and google style guide is much more explicite, and well defined, and available on the web with good examples. I decided to change my JavaScript style guide to google one.

JQuery $(...).ready is not a function

This one happened to me many times. It usually means that some script override the $ variable, and after JQuery has been initialized. In other words there is a huge chance that one of a javascript libraries that you added recently overrides $. The best way to check if it's the case is to fire up following script under firebug script console.

alert($)

If the result is simmilar to this:

function (a,b){return new e.fn.init(a,b,h)}

Everything is ok, this is how $ looks when JQuery is in charge of it. But often I see something else. For example a code below means that mootools is also used and it takes over $ function:

function (B, C) { if (B && B.$family && B.uid) { return B; } var A = $type(B); return ($[A]) ? $[A](B, C, this.document) : null; }

And it means that some code did something nasty with $ variable. The next thing that I do is to read libraries, disable them, and follow a typical tracing path.

The next JavaScript issue

This site becomes my diary of JavaScript problems that I fall into, or am aware of. The newest one is the infinity. In other words what is a result of:

parseInt(1 / 0, 19)

And why it is 18.

MVC PartialViews, Templates and JavaScript issue

In other words, a common problem is to place just one call to a libriary, or a method. Here is a nice solution.

Javascript problems

Watching videos from a last CodeMash (at this point of time, they are hard to find, as for a CodeMash 2012 event). But check this out. An excellent presentation of an interesting behavior of a JavaScript language.

JavaScript as I know it

I really like a JavaScript language. But I am concerned about all the buzz around frameworks like node.js, knockoutjs or spinejs. My worries concentrate on a language and a knowledge of it. Who knows what does ++[[]][+[]]+[+[]] do? What about problem described in this article. There are so many pitfalls, and it's so hard to pass thru without stepping on a mine. There is not a single tool that I know that allowed writing a code in a JavaScript just like in a C# or Java - with a good warning, suggestion support, strong typing (I am willing to give up dynamic power in a JavaScript just to check for problems during compilation), or abbreviation support. I don't feel after reading books like JavaScript: The Good Parts, JavaScript Patterns, Pro JavaScript Techniques or JQuery Cookbook that I feel safer. I'm really curious what will happen in the future with the language, tools, and ideas of writing business logic or more control on a JavaScript side.

Amb operator

It was three years ago when I first heard about amb operator. And it was schema language that implemented it. Somehow I haven't use it much, and I did not understand its power until I heard about Spec Sharp, PEX, and Z3. Since then I was looking for some tools, programming patterns, ideas to check for correctness of some code/theory, or mechanism to allowed me to check when or if the code will succeed. Today I read about amb implementation in JavaScript, a nice article, and a good reference.

World is full of bugs

It happens to me pretty often. I'm up to something. Doing some research, playing with a new technology or just using a system that should work. And then when you really need something, you find out that that feature is buggy. In my flat in London I'm using D-link router to connect to the internet. I'm using a WiFi connection, with mac address filtering. My D-link router looses (somehow???) a safe list. The list of mac addresses that should be allowed to use WiFi connection. Then you have to go to router, connect to it by cable and re-add your mac address to the safe list once again. Sound simple, unfortunately there is a problem. The problem is called software bug, or laziness. I'm using web interface to configure my router. Unfortunately software that runs there was written to support only IE, in some cases. And this part is really interesting, cause majority of functionality is working under Firefox, Safari or you call it. Unfortunately not the functionality responsible for the modification of the safe list. Operating systems that I hold on my computer change in time (always doing something). Sometimes I have a working version of windows sometimes I do not. The only operating system that is working all the time is my Ubuntu. I was trying to use IE for GNU/Linux to modify the safe list, and it worked. I would not be myself if I did not write software that would run not only on IE but also on other thin clients. First thing to do is to see what the problem is. Firebug showed me that javascript engine can not find any element by it's id:

function jslSetValue(variable,value)
{
  document.getElementById(variable).value=document.getElementById(value).value;
}

I've search the web to find out if somebody had already reported D-link with the problem, or did D-Link created any software update for that router model. I did not find anything. I've reengineered JavaScript that is used in that web interface and I've send it to D-link, maybe they will use my code instead of the current one. Now don't laugh I always send corrected code to the producer, unfortunately not very often I receive any reply. I can even bet that D-Link is not going to do anything with my code, they will just /dev/null it. But if even one per 20 companies that you send a code to will replay and thank you it is worth a try. If you face this same problem as I do there is a more simple way to quick fix your problem. After loading "Wireless Management" page just type in your URL:

javascript:document.forms.uiSetForm.uiPostAddMacAddress.value="00-1b-77-27-ca-72";

where 00-1b-77-27-ca-72 is your mac. And hit enter. Then hit history.back button in your browser. Then click "Add", now you will notice in a JavaScript console that there are bugs on the page, then click the "Apply button". Vuala your mac is added.

For smart ones, don't try to use 00-1b-77-27-ca-72 mac near my flat, it won't work cause it is just an example, I don't use it.

There are some interesting things about this particular pice of software. You may say that it is not a bug but producer simply just not want to support anything else besides IE. If it is true then why did they write JavaScript so some functionality will work on Firefox and some will not? Next interesting thing is the design. You probably noticed that they extracted some very simple logic into separate functions. I truly enjoy that. It also means that somebody did either a good design or refactored that software in a really nice manner. Why then he did not check if all the functionality works on different then IE thin clients? I'll never known. Whatever guess I'll take I'll still be just a child living in the big world. The world that I can never truly understand.