Web Development

4230 readers

1 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Follow the programming.dev site rules
Keep content related to web development
If what you're posting relates to one of the related communities, crosspost it into there to help them grow
If youre posting an article older than two years put the year it was made in brackets after the title

Related Communities

Wormhole

[email protected]

Some webdev blogs

Not sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

https://frontendfoc.us/ - [RSS]
https://wesbos.com/blog
https://davidwalsh.name/ - [RSS]
https://www.nngroup.com/articles/
https://sia.codes/posts/ - [RSS]
https://www.smashingmagazine.com/ - [RSS]
https://www.bennadel.com/ - [RSS]
https://web.dev/ - [RSS]

Credits

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

[email protected]

Are Web Components better for Cybersecurity? (programming.dev)

submitted 4 days ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

Not to poke at React or any of the other popular frameworks, I'm sure they're suitable for Cybersecurity projects. They surely go through things like reviews and audits.

I'm asking from the perspective that web components are native to the browser and thus reducing what I think is called supply chain attacks (like if "npm install" introduces something it shouldn't).

Maybe the frameworks don't matter and depends on the browser/os/device it's run on?

Context: I have a p2p messaging app created with ReactJS and a separate project for a UI framework based on Lit. Both these projects can be a whole separate discussion. I was wondering if there could be any advantages to refactoring (or starting from scratch) the messaging-app to be based on the webcomponent ui framework.

Same question on Reddit with comments here. I have an answer there, but posting here in-case anything is being overlooked.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 4 days ago (1 children)

When working with web components, you will likely also end up with dependencies that you’ll install using npm (eg lit itself). Theoretically, the same supply chain attack can still happen this way and thus introduce malicious code in the web components JavaScript, see for example this article (first search result)

You could write your own ui-library using whatever technique you deem to be safe, or you can stand on the shoulders of giants and start with a readily available one and adjust as needed. Security-wise I thinking would be better to ensure the frontend and backend are separate projects/applications that could (theoretically) be deployed on different machines and still exchange the necessary information through an api, so you’ll know that even if something happens on one end, the other wouldn’t necessarily be affected as well.

[–] [email protected] 1 points 4 days ago

thanks for your thoughts. npm is popular for a reason and vanillajs doesnt scale very well. so any deps used could be an issue.

i was also considering if with the webcomponent approach it could be “furture-proof” as it seems to be the rhetoric i hear around. im sure i wont have a great implementation any time soon, but id like to try out a few ideas to see if it holds-up. hopefully to lead to a “secure javascript ui framework” (which itself could be a whole discussion).

but based on all the feedback ive recieved, it seem for the messaging app refactor, i’ll be fine to use react on it. which is great because i already have a working-ish demo.