1. 2

    I don’t spend a lot of time working with Javascript but I see these articles a lot and a common complaint is that yes, vanilla Javascript is powerful these days but it’s hard to maintain over larger codebases. So between the “frameworks/libraries” crowd and the “vanilla JS” crowd… is it actually possible or advisable to create a modern web application in “a little bit of plain Javascript”?

    1. 3

      Depending on the app, I think it’s possible and advisable to create a modern web app with a little bit of plain JS. Basecamp have a whole thing about sprinkling JS on top of a solid HTML/CSS foundation, and their new email app HEY is supposedly built like that, with JS just taking over HTTP requests (links, form submissions) and applying them in-place. (I haven’t used the app, I’m just intuiting based on a Twitter thread that was doing the rounds). So basically, you’d use:

      • fetch() for the request
      • the History API to manipulate browser history
      • various DOM querying/manipulation methods to glue everything together

      Web Components are a set of specs that as a whole should further the goal — just drop in its JS file and get a new custom component with which you interact like any other DOM element — but unfortunately there are various roadblocks, bugs, and limitations that limit their impact.

      Closer to the SPA spectrum (one HTML rather than many), you definitely can have everyting in plain JS, but it won’t be a little for anything non-trivial and it will get unwieldy. I guess there are two parts to the “plain” story:

      • not transpiled, nor supported by any build process; this is a major spaghetti maker. Without proper support for modules, dependency management is finicky and you’re stuck with carefully putting everying in the right order in the global namespace. Support for native modules is gaining ground, but for near-universal support you can’t rely on them alone.

      • using the Web APIs directly, rather than relying on libraries and frameworks; definitely possible, after you develop a sense on how to organize things, but I think for larger teams it can become challenging because keeping it sane relies on devising, and following, your own rules and constraints.

      1. 4

        My last from scratch project I built using Stimulus (https://stimulusjs.org/) from Basecamp. It’s just enough JS. That plus turbo links really made the app super simple but also SPA like.

        Highly recommended.

      2. 1

        It’s possible. Main selling point of Javascript frameworks - it is a framework. With vanilla js your app can become a mess if you’re not really good at architecture (and I believe a few is good). On other hand you can use a framework which prescribes where to put stuff, and how to organise data flow. Lots of people complain about bloated web and blame frameworks. I believe without frameworks it will be worse.

        1. 1

          I think we could get a long way by injected a middle path between “completely plain, download from cdn url” and “dependency hellhole full on framework with multiple compilation steps” projects tbh, it’s just that the tooling and norms are pushing you towards the latter and the type of person attracted to the former is not necessarily going to have the knowledge or patience to leverage the standard tooling in a more minimalist way.

          It is possible to support stricter subsets of modern browser versions if you want to avoid a lot of back compat compilation steps with Babel or remove it entirely, it is possible to limit your dependencies to heavy well specced libraries like markdown or community standard utility libs like lodash, or at the very least be meticulous about what needs to go in build dependencies vs devDependencies. but it takes both domain knowledge and patience which don’t necessarily pay off in commercial work (until of course, they do, but by then you’ve got a massive SPA on your hands most likely and the issues have been compounded).

          And this problem is of course transitive and endemic to the community norms, your well selected libraries must themselves also have been authored with an eye towards similar standards, and the bigger your project gets the more likely it is you’ll have dependencies or transitive dependencies that carry some bloated or poorly maintained package dependencies of their own. I would love to see workflows that have the flexibility of build and bundle tooling with a minimalist approach to dependencies, but it’s just quite uncommon atm.

        1. 4

          Reflections in the water even? COME ON!

          This is cool.

          1. 4

            I doubt that this response is exactly what you were looking for, but if you’re at all interested in “doing the most good possible with your career”, a la the effective altruism movement, then AI safety research in academia or at a nonprofit like MIRI, OpenAI, or Ought.org, or even at a for-profit org like DeepMind seems like a pretty good bet in expectation, if you can swing it. You can check out an overview of this idea and possible ways of getting involved here.

            And if you’re looking for something slightly less sci-fi (/more near-term) (but still something like “doing a lot of good with your career”), I think working on self-driving cars is one of the most high-impact things you can do right now. It’s still a relatively small field, and if you can counterfactually bring the advent of ubiquitous self-driving cars nearer by one day (admittedly this is quite difficult), that corresponds to roughly one thousand lives saved.

            Disclaimer: I currently work at MIRI, and used to work at the autonomous car company Cruise (in both cases, because I take this line of argument very seriously). I don’t speak for either employer. I also don’t think that this line of reasoning is necessarily the right way for most people to go about choosing a career, and I mainly mention it in case you find it interesting or useful.

            1. 2

              Out of curiosity, why do you not think getting a career to “do the most good” is a good line of reasoning? (Or am I misreading you) I’m currently thinking of moving into a more socially impactful career myself.

              1. 3

                It’s not that I don’t think it’s a good line of reasoning - I do; I just also don’t want to imply that I think everyone is obligated to think that way.

                1. 1

                  I just also don’t want to imply that I think everyone is obligated to think that way.

                  A radical thought in itself. 🙂

                2. 2

                  Not GP, but it seems pretty well settled that in most circumstances (probably not autonomous cars though, which I imagine pay pretty well) the best way to aid it with your career is to make a boatload of cash however you can, and use the cash to fund the work you feel should be done.

                3. 2

                  and if you can counterfactually bring the advent of ubiquitous self-driving cars nearer by one day (admittedly this is quite difficult), that corresponds to roughly one thousand lives saved.

                  This is a completely ridiculous statement. There’s no evidence whatsoever that self-driving cars would be any safer than real cars which actually exist. And if you were good enough to actually make a difference to such a field, you’re smart enough to make an impact somewhere that actually has a bat’s chance in hell of ever actually going anywhere.

                  The self-driving car hype is absurd.

                  1. 1

                    There’s no evidence whatsoever that self-driving cars would be any safer than real cars which actually exist.

                    This is pretty obviously false, conditioning on self driving cars working at all. See, e.g., https://crashstats.nhtsa.dot.gov/Api/Public/ViewPublication/812115

                    And as someone with experience of the current state of the art, I’d bet at 4:1 odds (with some better operationalization, and up to a limit of around $200; PM me) that we’ll start seeing widespread adoption of self-driving cars within this decade, conditional on no major economic disasters.

                1. 3

                  Rails’ credentials/secrets file is the devil. So I recently integrated envkey.com with my app, and it was a breeze to do. Might be a pricier than the AWS solution, but the capabilities I get are pretty nice.

                  Being a super small startup, I preferred paying EnvKey some money to offload the dev effort to come up with something which would never be as good as the EnvKey solution.

                  A few months in, and so far so good!

                  1. 2

                    Envkey.com looks interesting, and there’s definitely some merit to using a third party to store and encrypt your credentials over using aws to encrypt credentials for aws services.

                    $20/month isn’t terrible, but it’s a bit pricey and per-seat pricing feels a little out of line with the value of the service they’re providing. But who am I to judge a SaaS that looks like it’s paying the rent?

                    I worry about one thing: how do you securely deploy your envkey api key?

                    This is the same problem with HashiCorp Vault or any external secret keeper. There’s a secret which unlocks all your other secrets…that makes it the most important secret. How are you injecting that secret into your application? The whole reason the AWS Parameter store is viable is that access to download and decrypt your secrets isn’t controlled by a key stored on the machine. It’s controlled by the EC2 or container’s instance role.

                    1. 2

                      Hashicorp Vault has many ways to authenticate and get a token, you can tie to EC2, or you can auth against LDAP/Github, AppRole(where you can tie it to specific machine(s)/applications, etc. But it is definitely a turtles all the way down approach. The goal of Vault is to only have to worry about deploying the token and vault will then handle ALL of your secret/sensitive information for you, with transit, DB and the other backends. So at least the problem becomes “manageable” since it’s only the 1 token you have to get out there.

                  1. 2
                    1. Closed <head> tags over open ones which display the content in the title bar.

                    That being said, I’m all for it. These are generally good rules to follow even if you aren’t remote.

                    1. 1

                      I sympathize, but is installing most common languages that hard?

                      Python, Ruby, and Java are all a single search away, and the first result gets you to a download page rather quickly. If you’re learning a language or Bayesian Statistics…you probably should be able to install a programming environment.

                      I’d recommend using homebrew or chocolatey as installers, that might help grease the wheels as well.

                      1. 5

                        There was a lot of unnecessary complexity when I tried to use Python or something similar to prove or disprove Monty Hall result in 30min-1hr after a head injury forgetting programming. That challenge time had to include setting up tools, learning the language, etc. The problem just takes basic I/O, some random numbers, and some calculations. When little issues added up around the runtime or a library (can’t recall what), I just decided to try a version of BASIC since I started on it with almost no effort long ago. FreeBASIC had an auto-install for Ubuntu. Manual was about a page or two with simple I/O commands plus usable examples. Programming was typing into text file (.bas) followed by one command to compile. So, so, simple. Competed the challenge with most time going to semi-formal specification as intended vs the code or compiles.

                        Probably good idea to get something already set up with libraries and all in these more popular languages. Maybe even some premade libraries for common plumbing that require no thought. They can learn the real thing as they progress. I’m sure these exist at least in pieces but lots of newcomers never see them.

                      1. 2

                        CERN (http://superuser.openstack.org/articles/cern-expanding-cloud-universe/) and the NSA (https://blog.rackspace.com/nsa-opens-the-kimono-on-its-openstack) use it. Quite large deployments too.

                        I’ve managed teams deploying it in large scale for internal clouds as well.

                        It is a PITA if you use all the bells and whistles. My advice would be keep it simple. VMs still have lots of value… Containers haven’t hit the enterprise quite yet.