Forem: Garima Bisht

Claude Code Feature....

Garima Bisht — Tue, 03 Feb 2026 18:47:56 +0000

LSP: IDE-Level Code Intelligence for Claude

Rajesh Royal ・ Feb 3

#tutorial #claudecode #productivity #beginners

🔥 Firebase Studio officially launched.......

Garima Bisht — Fri, 02 May 2025 18:29:23 +0000

Firebase Studio was officially launched in preview on April 9, 2025, as announced on the Firebase blog. It is a cloud-based, agentic development environment designed to accelerate the building, testing, deployment, and running of production-quality AI applications—all within a unified platform.
Previously known as Project IDX, Firebase Studio integrates features from Visual Studio Code, enhanced with Google's Gemini AI assistant, and supports various frameworks like React, Angular, Flutter, and Node.js. It also includes built-in iOS and Android emulators, providing developers with a comprehensive, browser-based development experience.
For more information and to get started, you can visit the official Firebase Studio documentation.
As modern web and mobile applications grow more complex, developers increasingly rely on powerful backend platforms to streamline development, handle authentication, store data, and manage hosting. Firebase, a Backend-as-a-Service (BaaS) platform by Google, offers a robust suite of tools that make it easy to build full-featured apps without managing your own server infrastructure.

📦 Conclusion
Whether you're building a simple blog or a complex real-time app, Firebase provides a comprehensive toolkit. The Firebase Console gives you a powerful cloud dashboard, while the Emulator Suite allows you to develop and test locally like a pro. Together, they form what many developers refer to as "Firebase Studio" — your command center for rapid, scalable, and secure app development.

Scope of React

Garima Bisht — Fri, 02 May 2025 16:42:43 +0000

The selection of the right technology for application or web development is becoming more challenging. React has been considered to be the fastest-growing Javascript framework among all. The tools of Javascript are firming their roots slowly and steadily in the marketplace and the React certification demand is exponentially increasing. React is a clear win for front-end developers as it has a quick learning curve, clean abstraction, and reusable components. Currently, there is no end in sight for React as it keeps evolving.

Those Golden Era of React...👩‍💻☺️

Garima Bisht — Mon, 28 Apr 2025 13:02:07 +0000

Create React App nostalgia 👩‍💻☺️ — back to those golden days, 2 years ago, when we coded everything manually without any v0 ,windsurf & copilot. # just Pure passion, pure grind

Old Passion 🌹🖌️🖼️🎨 - https://painting-website-six.vercel.app/

Getting Started with Create React App

This project was bootstrapped with Create React App.

Available Scripts

In the project directory, you can run:

`npm start`

Runs the app in the development mode.\
Open http://localhost:3000 to view it in your browser.

The page will reload when you make changes.\
You may also see any lint errors in the console.

Learn More

You can learn more in the Create React App documentation.

How to Secure Your Node.js APIS

Garima Bisht — Sun, 27 Apr 2025 06:44:12 +0000

Security isn’t just a feature – it’s a habit. You can’t do everything all at once, but you can start with a few key changes.
If you’ve built an API with Node.js, chances are you’ve thought about security – at least a little.
Maybe you’ve heard about SQL injection, brute force attacks, or data leaks.

But here’s the thing: it’s not just about big hacks. Even small gaps in your API can lead to big problems. And no one wants to get that “your data’s been exposed” message.

Summary
Use environment variables. Validate your inputs. Add rate limiting. Move to HTTPS. Install Helmet. Sanitize everything. Lock down your authentication.

In this article, I’ll walk you through seven ways to harden your Node.js API.

These are practical tips you can apply right away. I’ll keep the code examples simple and the language even simpler. Let’s get into it.

1. Use Environment Variables
Storing sensitive data like database credentials, API keys, or JWT secrets directly in your code is risky. If your code ends up in the wrong hands, so does everything else.

Instead, store this data in a .env file and use the dotenv package to access it:

require('dotenv').config();
const dbPassword = process.env.DB_PASSWORD;
Make sure you never commit your .env file. Add it to your .gitignore file to keep it private.

2. Validate All Input
Attackers love user input.

If you don’t check what comes into your API, they’ll sneak in commands, inject code, or crash your app.

The best way to stop them is by validating every piece of input. Use a package like Joi or zod to define what your API expects:

const Joi = require('joi');

Set a limit on how often a user can hit your API using middleware like express-rate-limit Here is an example.

const rateLimit = require('express-rate-limit');

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // limit each IP to 100 requests per windowMs
});
app.use('/api/', limiter);
The above code restricts API requests coming from an IP address to 100 per 15 minutes. This is like putting a speed bump in front of a runaway car.

4. Always Use HTTPS
HTTP sends data in plain text. That means anyone between your server and the user can read it. HTTPS encrypts everything. It’s not optional anymore.

If you’re using a platform like Heroku or Vercel, HTTPS is automatic. If you’re self-hosting, you can set it up with services like Let’s Encrypt.

Also, force HTTPS on all incoming traffic. You can use middleware like this:

app.use((req, res, next) => {
if (req.headers['x-forwarded-proto'] !== 'https') {
return res.redirect('https://' + req.headers.host + req.url);
}
next();
});
Encrypt the ride. Always.

5. Use Helmet to Secure HTTP Headers
HTTP headers are key-value pairs sent in requests and responses over the web. They give extra information about what’s being sent – like who’s sending it, what type it is, how it should be handled, and more.

HTTP headers are small, but they can be powerful tools to protect your app. Helmet is a Node.js middleware that sets secure headers for you.

const helmet = require('helmet');
app.use(helmet());
Helmet helps prevent attacks like cross-site scripting (XSS), clickjacking, and others just by setting the right headers.

One line of code, a big step up in security.

6. Sanitize Data to Prevent Injection Attacks
Injection attacks happen when you blindly trust input and plug it into a command or query.

For example, an attacker might submit a piece of text that turns into a command in your database.

You should sanitize data before it gets to any sensitive function. Libraries like express-mongo-sanitize or xss-clean help clean up malicious input.

const mongoSanitize = require('express-mongo-sanitize');
const xss = require('xss-clean');

app.use(mongoSanitize());
app.use(xss());
This strips out dangerous characters and scripts that could do real damage.

7. Use Strong Authentication and Authorisation
Authentication is about knowing who the user is, and authorisation is about what they can do. You need both, and you need them to be strong.

Use JWT (JSON Web Tokens) or sessions to manage logged-in users. Here’s a quick JWT example:

const jwt = require('jsonwebtoken');

const token = jwt.sign({ id: user._id }, process.env.JWT_SECRET, {
expiresIn: '1h'
});
Always verify the token before letting a user access protected routes:

const decoded = jwt.verify(token, process.env.JWT_SECRET);
And don’t forget roles. A user who can view data shouldn’t be able to delete it unless they’re supposed to.

Vibe Coding is the Trend Now

Garima Bisht — Sat, 26 Apr 2025 11:37:50 +0000

Think about a few years ago when LLMs weren't so popular. If you were interested in programming or wanted to create an application? You had to commit to a long journey of learning how to code. Depending on your ability, it could be expensive both time-wise and money-wise. Many great ideas never saw the light just because the ideator didn't know how to code and couldn't hire developers.

With vibe coding, that scene has changed forever. From prototyping weekend pet projects to building semi-professional-grade software, AI can often do it if you're able to guide it properly. The bar for making software has lowered compared to just a few years ago.

You don't need to understand any code, let alone write any. You don't need to know anything that's happening behind the scenes. No need to learn complex algorithms. Who wouldn't want that? But, is it really that easy? Can you vibe code anything without knowing how to code? Not quite. That's why I'm not ready to give in to vibe coding yet.

Your Coding Skill Still Matters

What's New in Node.JS 24

Garima Bisht — Fri, 25 Apr 2025 11:40:33 +0000

👩‍💻🤩Node.js is reaching its 24th major version, and it comes with a host of new features and improvements. This release will be the Current release for the next six months becoming LTS in October 2025. Let’s walk through the highlights of this release.

Upgrade to V8 to 13.4 👩‍💻🤩
With this upgrade to the dependency that allows Node.js to run JavaScript, we now have access to a couple of new
features for writing more secure and efficient code.
Error.isError
Error.isError is a static method that checks if a given value is an instance of the Error regardless of its realm.

You probably fell (or know someone who has) into the trap of using instanceof to check if an error is an instance of Error and got surprised when an object that you were sure was an Error instance got returned as false.

const vm = require('node:vm');

function logError(err) {
if (err instanceof Error) {
console.error('Caught an error:', err);
} else {
console.error('You must provide an Error instance');
}
}

const context = vm.createContext();

try {
vm.runInContext(throw new Error("Something went wrong in another realm");, context);
} catch (err) {
logError(err); // This won't work correctly. Output will be: You must provide an Error instance
}

This is the nature of JavaScript. It was complicated to have, for example, a centralized error-handling system that could catch errors from different realms. Everything is simplified with this new method.

Change the logError function, replacing the instanceof check with Error.isError and it will work as expected.

function logError(err) {
if (Error.isError(err)) {
console.error('Caught an error:', err);
} else {
console.error('You must provide an Error instance');
}
}

Explicit Resource Management (using, using await)🤗👩‍💻
Explicit Resource Management introduces new syntax and semantics to JavaScript, aiming to provide a standardized way to manage the lifecycle of resources like file handles, network connections, or database cursors. This is particularly useful for ensuring that such resources are properly released, even in the presence of errors or early exits.

With this new feature, you can use the using statement to declare a resource that should be automatically released when it goes out of scope.

Instead of doing something like this:

function someFunction() {
const handle = someResource.open();
try {
... // ok to use handle
}
finally {
handle.close();
}
}

You can now do this:🤩🤗

function someFunction() {
using handle = someResource.open();
... // ok to use handle
} // handle is automatically closed when it goes out of scope
handle will be disposable if it has a Symbol.dispose method. If the dispose is async it must be defined as
a Symbol.asyncDispose method.

If it is an async dispose you must use using await instead of using.

This is a great improvement for writing cleaner and more maintainable code. It also helps to avoid resource leaks and
other issues that can arise from not properly managing resources.
Atomic.pause
Atomic.pause allows you to hint the CPU that the current thread is waiting for a resource to become available i.e. in a spinlock. This can help the CPU to optimize its power usage and performance.

// Imagine another thread also has access to this shared memory
const sab = new SharedArrayBuffer(1024);
const i32 = new Int32Array(sab);

// Fast path: spin the CPU for a short while
let spin = 0;
do {
if (acquiredSharedResourceLock()) {
break;
}
Atomics.pause();
spin++;
} while (spin < 10);

// Slow path: wait for the lock
// This can only be called in a worker thread,
// because the main thread cannot be blocked
Atomics.wait(i32, 0, 1);

WebAssembly support to 64-bit memory
This increases the WebAssembly memory size limit from 4GB to 16 exabytes. This is a huge increase in the amount of memory that can be allocated for WebAssembly modules. This is particularly useful for applications that require large amounts of memory.
Permission is stable
The Node.js Permission Model is a mechanism for restricting access to specific resources during execution. The API exists behind the flag --permission which when enabled, will restrict access to all available permissions.

It has a runtime API you can use to check which permission your application has.

// filename: index.js
process.permission.has('fs.write'); // true
process.permission.has('fs.write', '/home/codeminer42/writeonly'); // true
process.permission.has('fs.write', '/home/codeminer42/readonly'); // false

process.permission.has('fs.read'); // true
process.permission.has('fs.read', '/home/codeminer42/writeonly'); // false
process.permission.has('fs.read', '/home/codeminer42/readonly'); // true
Executing the script above with node --permission --allow-fs-read=/home/codeminer42/readonly --allow-fs-write=/home/codeminer42/writeonly index.js.
URLPattern as global
API is now exposed on the global object, making it easier to use without explicit imports. This API provides a powerful pattern-matching system for URLs, similar to how regular expressions work for strings.

const pattern = new URLPattern({ pathname: "/books/:id" });
console.log(pattern.test("https://example.com/books/123")); // true
console.log(pattern.exec("https://example.com/books/123").pathname.groups); // { id: "123" }
This is very useful for validating and parsing URLs in a more structured way. Now you can write your router – go and make your express.js, why not another js lib?

What Else?
Upgrade Undici to 7.0.0
Undici is what is behind fetch in Node.js. This major version brings a lot of performance improvements and bug fixes.

Upgrade npm to 11.0.0
From the list of changes, the most impactful ones are:

npm init now has a type prompt, and sorts the entries of the created packages differently
npm hook command has been removed
supports node ^20.17.0 || >=22.9.0

Anime JS , a JavaScript animation library

Garima Bisht — Sat, 12 Apr 2025 10:57:00 +0000

New Library to me, Anime.js by Julia Garnier
Version - 4.0.1 just released https://www.npmjs.com/package/animejs
Published - April 10, 2025
Anime.js is a fast, multipurpose, lightweight JavaScript animation library with a simple yet powerful API. It works with CSS properties, SVG, DOM attributes and JavaScript Objects.

Documentation Link - https://animejs.com/
Package Install by using - npm i animejs
Anime.js V4 works by importing ES modules like so:

``
import {
animate,
stagger,
} from 'animejs';

animate('.square', {
x: 320,
rotate: { from: -180 },
duration: 1250,
delay: stagger(65, { from: 'center' }),
ease: 'inOutQuint',
loop: true,
alternate: true
});

`
`