Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> None of this matters most of the time, but yeah it's still funny.

Implicit type coercion doesn't matter most of the time? You don't often have bugs because of it?



The sentiment is that JS coercion is so bad that explicit coercion programming behaviors, linters, Typescript, and adding parsing safeguard libraries (io-ts, Zod, Joi, json schema, etc) have become so commonplace that people don't really let implicit coercion occur very often, and thus it doesn't matter most of the time.

Whenever I kick off a new npm init, it's always followed by installing typescript, eslint, and usually Zod before I even write the first line of code. If double equals was removed from ECMAScript, I would likely never notice.


It doesn't matter in the sense that it's a case of "garbage in, garbage out". I have no idea what what `{} + 1` gives you (it's `'[object Object]1'` BTW), but whatever it is doesn't matter because it's a rubbish computation to make.

It would have made more sense to throw an exception, but JavaScript at it's origin was meant to be a simple scripting language. Nowadays with TypeScript it's much less of an issue.


I can't even recall the last I worked on a JS/TS codebase where type coercion wouldn't trigger a linting/compilation error


In the browser all user input, API responses, and application state is validated and sanitized before it ever gets to the application logic.

On the backend all requests and database values are similarly validated and sanitized before any logic occurs.

Anything less is bad code regardless of what languages are used.


> In the browser all user input, API responses, and application state is validated and sanitized before it ever gets to the application logic.

Good thing there are never any bugs in validation and sanitization code!


You shouldn't roll your own for this. From what I've had to do web-wise, here's a few tools.

First, for the APIs, you need documentation: https://swagger.io/

From which you can generate JSON schemas and use those to validate in the browser and on the backend. https://www.npmjs.com/package/jsonschema

As well you should be writing a few more schemas for your application state and leverage the regex validation of your input components...

Speaking of which, you also need to sanitize out some potentially nasty input. https://www.npmjs.com/package/dompurify

Obviously this isn't everything and not perfect, but a lot of this tedium can be automated away if you have a few good examples of the happy path and some basic tests in place to prevent quick and dirty changes from poking holes in these layers.


Sigh. I hate this type of "conversation". Go back to reddit.


Sounds like you never make any mistakes. If that's the case, I'm hiring.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: