Loading…
Tag
#JavaScript
5 posts
April 16, 2026
CORS Isn't Blocking You — Your Browser Is. Here's What's Actually Happening
Most developers treat CORS errors as a server configuration mystery. They're not. Your server responded fine — your browser intercepted the response. This post covers the CSRF attack CORS was built to prevent, how origin is actually defined, why Postman never sees CORS errors, how preflight requests work, and what every response header actually means.
CORSHTTPBrowser Security
April 1, 2026
100 Million Downloads. One Compromised Account. Your Machine Is Now a Botnet.
On March 31, 2026, two malicious versions of Axios — axios@1.14.1 and axios@0.30.4 — were discovered containing a precision-engineered, self-erasing supply chain attack. The RAT it dropped could silently steal your AWS credentials, API keys, and more — and npm audit reported a clean bill of health the entire time. Here's exactly how it worked.
SecuritynpmJavaScript
September 2, 2025
SharedWorker: The Hidden API for Multi-Tab Real-Time Apps
SharedWorker is a lesser-known browser API that enables multiple tabs, windows, or iframes of the same origin to share a single background worker. This post dives into use cases, performance benefits, comparisons with other workers, implementation details, and browser support.
JavaScriptPerformance
August 20, 2025
Deep Dive: V8's JSON.stringify Optimizations and Deterministic Output
JavaScript's JSON.stringify is fundamental for web developers, and V8 has dramatically improved its performance with new optimizations. This deep dive explores the traditional implementation bottlenecks, V8's new insertion-order-based serialization with fast-path optimizations, and provides practical guidance for leveraging these improvements at scale.
JavaScriptV8JSON
April 21, 2024
A comprehensive guide for beginner frontend developers: javascript edition
Master JavaScript and Frontend Development with a Structured Learning Path and Essential Resources
JavaScript