Category: Week 5

Testing, testing, 1, 2 (at least)

This week in our group project we wrote a bad test for our database queries that passed when we ran it the first time, but failed when we ran it again. Had we celebrated and moved on straight away, we would have kept a failing test and may have let a bug slip into production! So my takeaway from today is: make sure you always run your tests more than once!

How to fix “NPM ERROR: Digest Method Not Supported”

When building my group project with Node.js this week, I stumbled upon this error when I tried to run our server: NPM ERROR: Digest Method Not Supported. It seemed to be an issue with the crypto module we were using, but I couldn’t work out the route source of the error in our code.

Our course leader suggested deleting the node_modules folder and package-lock.json file on my machine and running npm install again. This did the trick to get rid of the error 🙌, and re-iterated what we learned from the IT Crowd back in 2006 which is that, when in doubt, ask yourself: “have you tried turning it off and on again?”.

The delete keyword

This morning we were given some challenges to manipulate data using array methods, and we were not allowed to solve them using the delete keyword. I have never used it, so I didn’t feel hindered by its prohibition, but it did prompt me to look it up.

The delete keyword is used to remove a property from an object. It returns true if the property is deleted successfully, and it also returns true if you try to delete a property that does not exist.

Here’s some example code of how it works:

const shopping_list = {
  bananas: 6,
  apples: 10,
  milk: 1,
  pasta: 3

function goingVegan() {
  return delete shopping_list["milk"];

goingVegan(); // returns true

console.log(shopping_list["milk"]); // logs undefined

The delete keyword will delete elements in an array but it will not reindex the array, so it is better to use the appropriate array methods to remove elements like splice().

const shopping_list2 = ["chicken", "lemons", "garlic"];

function goingVeggie() {
  return delete shopping_list2[0];

goingVeggie(); // returns true

console.log(shopping_list2[0]); // logs undefined
console.log(shopping_list2); // logs [ <1 empty item>, 'lemons', 'garlic' ]

Security Risks with SQL injection

This week’s topic is databases, and today we learned how to use the node-postgres library to connect a Node.js server to a Postgres database.

We can uses the query method to send SQL commands to the database, which takes an SQL string as the first argument and returns a promise.

INSERT INTO users(username) 

The security danger posed when user inputs are interpolated directly into SQL strings is that hackers can enter SQL commands directly into inputs on the server. These can be run on the server and delete your database (e.g. if the hacker entered DROP TABLE users as the username value) or display confidential information.

node-postgres uses “parameterized queries” that protects against direct SQL injection:

"INSERT INTO users(username) VALUES($1)", 

The placeholders ($1, $2, etc.) refer to the corresponding indices of the array passed as the second argument of the query which are inserted into the SQL command by node-postgres.

Array destructuring

I found a way to refactor my code after completing a Codewars challenge today.

The challenge was to find the height of a screen, given a width and a string with the ratio written as "WIDTH:HEIGHT" and return the result as a string written as "WIDTHxHEIGHT".

function findScreenHeight(width, ratio) { 
  const ratioArray = ratio.split(":");
  const ratioWidth = ratioArray[0];
  const ratioHeight = ratioArray[1];
  const height = ratioHeight*(width/ratioWidth); 
  return width + "x" + height; 

But I could have refactored the ratioWidth and ratioHeight variables using ES6 destructuring assignment on the array that is returned by ratio.split(":")

function findScreenHeight(width, ratio) { 
  const [ratioWidth, ratioHeight] = ratio.split(":");
  const height = ratioHeight*(width/ratioWidth); 
  return width + "x" + height; 

…saving me two lines of code, but keeping it clear and readable! ☺️