Jiří Pospíšil

Understanding lock files in NPM 5

Published on Jun 2, 2017

The next major version of NPM brings a number of improvements over the previous versions in terms of speed, security, and a bunch of other nifty things. What stands out from the user’s perspective however is the new lock file. Actually lock files. More on that in a second. For the uninitiated, a package.json file describes the top level dependencies on other packages using semver. Each package might in turn depend on other packages and so on and so forth. A lock file is a snapshot of the entire dependency tree and includes all packages and their resolved versions.

As opposed to the previous version, the lock file now includes an integrity field which uses Subresource Integrity to verify that the installed package has not been tampered with or is otherwise invalid. It currently supports SHA-1 for packages published with an older version of NPM and SHA-512 which is used from now on by default.

Read more…

The definitive guide to Arel, the SQL manager for Ruby

Published on Jun 16, 2014

Arel is the kind of library that many of us Rails developers use on a daily basis and might not even know about it. So what’s this library whose name only pops up when everything else fails all about?

It’s all about providing frameworks with a way of building and representing SQL queries. It’s not the kind of library you would typically want to use directly (although you could as shown in a minute). Arel is meant to be the basic building block upon which frameworks build their own APIs that are more suitable for the end user.

One of those frameworks is ActiveRecord (AR), the default ORM in Rails. ActiveRecord’s responsibility is to provide a connection to the database, a convenient way to specify relationships between your models, provide a nice query interface and all the other things we enjoy.

Read more…

Replacing Make with Ninja

Published on Mar 16, 2014

Make and all of its flavours have been here for almost 40 years and it’s a tool hard to beat for many things. There are however cases when you do not need the power of Make and are willing to trade the flexibility for something else. In case of Ninja, for its speed.

Speed is the main motivation behind Ninja and its decisions how to write your build files. Ninja was written by Evan Martin specifically to fight slow build cycles while working on Google Chrome.

The bigger the project, the longer it takes to figure out what files need to be recompiled or if any action is required at all. As a result of numerous optimizations, Ninja is much faster when compared to alternatives. Ninja’s secret is to do the least amount of work possible and let other more high level tools to handle the rest upfront.

Read more…