├── README.md
├── how-we-work
    ├── README.md
    ├── accessibility-checklist.md
    ├── coding-guidelines.md
    ├── performance
    │   ├── checklist.md
    │   └── performance-cheatsheet.png
    ├── project-setup.md
    ├── security
    │   ├── dev-security-checklist.md
    │   ├── qa-security-checklist.md
    │   └── security-cheatsheet.png
    ├── software-engineering-process.md
    └── testing
    │   ├── end-to-end-testing.md
    │   ├── qa-processes.md
    │   └── testing-javascript.md
├── images
    ├── cake-for-breakfast.jpg
    ├── cake-for-breakfast.png
    └── the-cake.jpg
├── we-recommend
    ├── books.md
    ├── daily-bookmarks.md
    ├── frontend-united-utrecht-2018-notes.md
    ├── reactive-conf-bratislava-2017-notes.md
    ├── resources
    │   ├── graphQL.md
    │   ├── js.md
    │   ├── node.md
    │   ├── react-native.md
    │   ├── react.md
    │   ├── testing.md
    │   └── vue.md
    └── talks.md
├── we-train
    ├── README.md
    ├── junior-development-program
    │   ├── README.md
    │   ├── dev-selection-process.md
    │   ├── full-stack
    │   │   ├── README.md
    │   │   ├── angular.md
    │   │   ├── html-css.md
    │   │   ├── javascript.md
    │   │   ├── nodejs.md
    │   │   ├── reactjs.md
    │   │   ├── reactnative.md
    │   │   ├── setup.md
    │   │   └── web-platform.md
    │   ├── junior-manifesto.md
    │   ├── qa-automation
    │   │   ├── README.md
    │   │   ├── automation-tools.md
    │   │   ├── javascript.md
    │   │   ├── qa-basics.md
    │   │   ├── setup.md
    │   │   └── web-platform.md
    │   └── qa-selection-process.md
    └── node-school
    │   └── README.md
├── what-we-do
    ├── README.md
    ├── showcase
    │   ├── firebase.md
    │   ├── flowtype.md
    │   ├── graphql.md
    │   ├── nginx.md
    │   └── vue.md
    └── technical-radar.png
└── who-we-are
    ├── README.md
    ├── inside-the-team.md
    └── making-a-career.md


/README.md:
--------------------------------------------------------------------------------
 1 | <img src="images/cake-for-breakfast.png" />
 2 | 
 3 | ## A word from the engineering team
 4 | Would you like to know more about us? What we work on? How we work? Read through this repository to get a better understanding of our team culture.
 5 | 
 6 | If you think **JavaScript** is the present and the future, we welcome you to our full stack development team.
 7 | 
 8 | ### About the team
 9 | We are a growing team of professionals focusing our skills and efforts around the **JavaScript** ecosystem (and not only). We work in a collaborative way on multiple projects, while still making sure everyone in the team adheres to our common vision and culture. 
10 | 
11 | In [who-we-are subsection](https://github.com/FortechRomania/js-team-showcase/tree/master/who-we-are), you can read more about who we are and about our team culture.
12 | 
13 | ### What we do
14 | We work on modern projects with anything from vanilla **JavaScript**, to REST APIs with **Express** and **Koa**, to complex front-end applications with **React**, **Vue** and **Angular** and to native mobile applications with **React Native**. We are pushing the limits of the web and mobile every day and we challenge each other to come up with the best solutions for our customers.
15 | 
16 | In [what-we-do subsection](https://github.com/FortechRomania/js-team-showcase/tree/master/what-we-do) you can learn more about our projects and the technologies we're interested in.
17 | 
18 | ### How we do it
19 | We strongly believe in **quality software** and we try to mould our software development process in such a way that we always put quality first.
20 | 
21 | In [how-we-work subsection](https://github.com/FortechRomania/js-team-showcase/tree/master/how-we-work) you can read about our approach towards quality software engineering.
22 | 
23 | ### We train
24 | We believe in mentoring, teaching and sharing information. One of our training activities is the [junior development program](https://github.com/FortechRomania/js-team-showcase/tree/master/we-train/junior-development-program), but we are also involved in running [nodeschool workshops](https://github.com/FortechRomania/js-team-showcase/tree/master/we-train/node-school) in **Cluj**.
25 | 
26 | ### We recommend
27 | Also, to keep track of the ever changing technology spectrum we consume a lot of programming related [articles](https://github.com/FortechRomania/js-team-showcase/blob/master/we-recommend/daily-bookmarks.md), [books](https://github.com/FortechRomania/js-team-showcase/blob/master/we-recommend/books.md) and [videos](https://github.com/FortechRomania/js-team-showcase/blob/master/we-recommend/talks.md).
28 | 


--------------------------------------------------------------------------------
/how-we-work/README.md:
--------------------------------------------------------------------------------
 1 | # How we work
 2 | 
 3 | We're describing here our work processes and the way in which we understand software quality. You can read more about **code quality**, **standard setup** and our **software engineering process**.
 4 | 
 5 | Our project setups are pretty straight-forward, you can have a look at a few example/starter projects:
 6 | * [Node Starter](https://github.com/FortechRomania/node-starter)
 7 | * [Express + Mongo Example](https://github.com/FortechRomania/express-mongo-example-project)
 8 | * [React Starter](https://github.com/FortechRomania/react-starter-kit)
 9 | * [React + Redux Example](https://github.com/FortechRomania/react-redux-complete-example)
10 | 
11 | ### General Project Activities
12 | 
13 | * [Code Quality](https://github.com/FortechRomania/js-team-showcase/tree/master/how-we-work/coding-guidelines.md)
14 | * [Testing](https://github.com/FortechRomania/js-team-showcase/tree/master/how-we-work/testing)
15 | * [Security](https://github.com/FortechRomania/js-team-showcase/tree/master/how-we-work/security)
16 | * [Performance](https://github.com/FortechRomania/js-team-showcase/tree/master/how-we-work/performance)
17 | * [Accessibility](https://github.com/FortechRomania/js-team-showcase/blob/master/how-we-work/accessibility-checklist.md)
18 | * [QA](https://github.com/FortechRomania/js-team-showcase/blob/master/how-we-work/testing/qa-processes.md)
19 | 


--------------------------------------------------------------------------------
/how-we-work/accessibility-checklist.md:
--------------------------------------------------------------------------------
 1 | # A11y Checklist 
 2 | A quick checklist for accessibility practices and tools for web developers. These are not only aimed at people with permanent disabilities, they [target the whole internet](https://thewholeinternet.com/). Contributions are more than welcome!
 3 | 
 4 | ### 👀 Visual 
 5 | These practices and patterns are helping users with various types of dissabilities (permanent or temporary), from color-blindness, to vestibular dysfunction, to low vision to hearing deficits.
 6 | 
 7 | * color contrast, **>4.5** for AA standard, **>7.0** for AAA (a lot of tools can automate this check for the entire site)
 8 | * aim for _bigger_ contrast for _smaller_ text
 9 | * prioritize text contrast vs borders / other elements
10 | * use **icons** or other visual indicators together with color (ex: showing errors in forms)
11 | * min font-size should be **16px**
12 | * keep 80 characters per line when displaying longer texts and ensure standard spacing for paragraphs
13 | * ensure animations are _necessary_ and not _unexpected_
14 | * use [**prefers-reduced-motion**](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-reduced-motion) to disable animations when users opt-in from their OS
15 | * ensure videos have _subtitles_ or _auto-captions_
16 | * ensure that at least 5 zoom levels are available on your website and that the layout responds well to zooming in
17 | 
18 | ### ✅ Semantic HTML 
19 | The use of semantic HTML is crucial for [offering support](http://wicg.github.io/aom/explainer.html) to screen readers and other assistive technologies. By default, HTML does a pretty decent job at this, but you have to make sure you follow the standard and don't override useful defaults.
20 | 
21 | * avoid using a <div> when a semantic tag can be used instead
22 | * use standard **landmarks** for defining: header, main, footer, etc.
23 | * use **headings** in the right order, always start from **h1**
24 | * form inputs should always be accompanied by **labels**
25 | * menus should start from a **<nav>** element and contains _lists_ and _list items_
26 | * use relevant **titles** for links - they are read by screen readers as users tab their way through the site
27 | * avoid titles like: "click here" or "read more", as they give no indication about the actual link
28 | * images should be accompanied by relevant **alt** texts
29 | * use _ARIA_ attributes only when there's no semantic alternative
30 | 
31 | ### ✋ Interaction
32 | Never make assumptions about how your users interact with the website and make sure you have support for things like keyboard navigation. Some of these practices target people with motion difficulties, tremors and other problems limiting their interaction skills.
33 | 
34 | * _links_ and _buttons_ should always be keyboard focusable (using the tab key)
35 | * _menus_ and _lists_ should be keyboard accessible (left-right for navigation)
36 | * modal windows have to close when pressing the Esc key
37 | * always show an outline when focusing elements - at a minimum, support keyboard outline with [what-input](https://github.com/ten1seven/what-input)
38 | * **focus** should be handled in parallel with click/tap events as well as with :hover pseudo-selectors
39 | * don't use tabindex > 0, allow a natural flow for the focus through the interface
40 | * trap focus when showing modal/overlays, so the user cannot navigate behind the foreground
41 | * handle focus after navigation - especially for SPA-like applications which are not reloading the page
42 | * ensure a **touch area** of at least 44px
43 | 
44 | ### 🔨 Tools & Projects
45 | * Screen Readers
46 |   * **Jaws** for Windows
47 |   * **NVDA**
48 |   * **VoiceOver** on OS-X/iOS
49 |   * **Orca** for Linux
50 | * [lighthouse](https://developers.google.com/web/tools/lighthouse/) - performs audits in Chrome (the audit tab in devtools).
51 | * [axe-core](https://github.com/dequelabs/axe-core) - performs e2e automated tests for a11y issues, can easily be integrated in cypress or jest.
52 | * [tota11y](https://khan.github.io/tota11y/) - shows a11y validations on top of existing websites.
53 | * [alexjs](https://alexjs.com/) - catches insensitive and inconsiderate writing.
54 | * [eslint-plugin-jsx-a11y](https://github.com/evcohen/eslint-plugin-jsx-a11y) - ESLint plugin for static analysis of a11y violations.
55 | * [ReachUI](https://ui.reach.tech/) - a list of a11y first React components
56 | * [Inclusive Components](https://inclusive-components.design/) - a list of articles and examples of inclusive and accessibile components
57 | 
58 | ### 📝 References 
59 | * [A guide to color accessibility in product design](https://www.invisionapp.com/inside-design/color-accessibility-product-design/)
60 | * [Designing Accessible Content: Typography, Font Styling, and Structure](https://webdesign.tutsplus.com/articles/designing-accessible-content-typography-font-styling-and-structure--cms-31934)
61 | * [Designing Safer Web Animation For Motion Sensitivity
62 | ](https://alistapart.com/article/designing-safer-web-animation-for-motion-sensitivity/)
63 | * [Accessibility showcases of real projects](https://a11ywins.tumblr.com/)
64 | * [Web Accessibility Course on Udacity](https://eu.udacity.com/course/web-accessibility--ud891)
65 | * [Useful Accessibility Resources by Stefan Judis](https://www.stefanjudis.com/useful-accessibility-resources/)
66 | * [Status of a11y support in browsers](https://www.html5accessibility.com/)
67 | * [Building Accessible Menu Systems](https://www.smashingmagazine.com/2017/11/building-accessible-menu-systems/)
68 | * [Human Interface Guidelines for iOS](https://developer.apple.com/design/human-interface-guidelines/ios/visual-design/adaptivity-and-layout/)
69 | * [Handling Touch Targets](https://a11yproject.com/posts/large-touch-targets/)
70 | * [WAI-ARIA Guidelines](https://www.w3.org/WAI/standards-guidelines/aria/)
71 | 
72 | *** Credits go to [Alex Moldovan](https://github.com/alexnm/a11y-checklist)
73 | 


--------------------------------------------------------------------------------
/how-we-work/coding-guidelines.md:
--------------------------------------------------------------------------------
 1 | ## The art of clean code and consistency
 2 | 
 3 | Writing code is an essential part our day to day activity. While working together for several years now, we saw that adopting a single guideline for the entire team is very beneficial and powerful. Choosing between two or more ways of writing code can lead to a lot of [bikeshedding](https://en.wiktionary.org/wiki/bikeshedding).
 4 | 
 5 | ### Styleguide
 6 | 
 7 | We follow most of the [airbnb styleguide](https://github.com/airbnb/javascript), which we highly recommend you read and understand before coming to an interview or sharing some code with us. We adapted some of the rules to enhance readability based on some debated preferences of the team members. You can read more about our reasoning on [Alex Moldovan's FreeCodeCamp account](https://medium.freecodecamp.org/adding-some-air-to-the-airbnb-style-guide-3df40e31c57a).
 8 | 
 9 | On our projects, we are using the following [ESLint config](https://github.com/FortechRomania/eslint-config-fortech) to make sure we all stick to the same guidelines. What's more, we make sure that code that does not pass the linter, does not end up in the central repository.
10 | 
11 | ### Clean code
12 | 
13 | On top of a healthy coding styleguide comes the craftsmanship for writing clean and reusable code. We are 100% oriented towards quality and resilience when writing code. In our view, clean code equals less time spent over time refactoring and keeping the codebase up to date. We strongly encourage everyone that joins or wants to join the team to get familiar as soon as possible with the main principles behind clean code, many of which are addressed in Robert Martin's [Clean Code: A Handbook of Agile Software Craftsmanship](https://www.amazon.com/Clean-Code-Handbook-Software-Craftsmanship/dp/0132350882).
14 | 
15 | Briefly, here are the principles:
16 | 
17 | 1. Use very descriptive names. Be consistent with your names.
18 | 
19 | 2. A function should not do more than one thing.
20 | 
21 | 3. SRP (Single Responsibility Principle): a class or module should have one, and only one, reason to change.
22 | 
23 | 4. Stepdown rule: every function should be followed by those at the next level of abstraction (low, intermediate, advanced).
24 | 
25 | 5. A long descriptive name is better than a short enigmatic name. A long descriptive name is better than a long descriptive comment.
26 | 
27 | 6. The ideal number of arguments for a function is zero (niladic). Next comes one (monadic), followed closely by two (dyadic). Three arguments (triadic) should be avoided where possible. More than three (polyadic) requires very special justification and then shouldn't be used anyway.
28 | 
29 | 7. Flag arguments are ugly. Passing a boolean into a function is loudly proclaiming that this function does more than one thing. It does one thing if the flag is true and another one if the flag is false.
30 | 
31 | 8. Write learning test when using third-party code to make sure it behaves the way you expect it to. And if codebase changes in time, at least you find out early enough.
32 | 


--------------------------------------------------------------------------------
/how-we-work/performance/checklist.md:
--------------------------------------------------------------------------------
  1 | # Performance Checklist
  2 | 
  3 | ## Introduction
  4 | 
  5 | We see performance as an integral part of the quality of the software that we build. There's no need to re-emphasize the importance of performance in the modern web. We strongly believe that it is our duty to provide to our users a slick and fast UX, so we try to include performance optimizations in our regular working process.
  6 | 
  7 | Here are a couple of areas that revolve around web performance. They will be later grouped into **front-end**, **back-end** and **tooling**, but for now let's look at where we can actually improve the performance of our web applications.
  8 | 
  9 | * [Optimizing Critical Rendering Path](#optimizing-critical-rendering-path)
 10 | * [Keeping the bundle size to a minimum](#keeping-the-bundle-size-to-a-minimum)
 11 | * [Image Optimization](#image-optimization)
 12 | * [Interactivity and Animations](#interactivity-and-animations)
 13 | * [Backend & Server Optimizations](#backend-optimizations)
 14 | * [Performance Tests and Tools](#performance-tests-and-tools)
 15 | 
 16 | All these are considered in the realm of modern web development with frontend frameworks rendering complex applications and thin APIs serving the data.
 17 | 
 18 | ## Optimizing Critical Rendering Path
 19 | 
 20 | When we talk about the Critical Rendering Path, or CRP, we refer to the initial load time of a web application. We ask a few questions:
 21 | * How fast does the user see something?
 22 | * How fast does the user see something relevant?
 23 | * How fast can the user interact with the page?
 24 | 
 25 | Up until recently, the [First Meaningful Paint (FMP)](https://developers.google.com/web/tools/lighthouse/audits/first-meaningful-paint) used to be a reference point, however it got deprecated as it appeared not to be accurate in 20% of the cases. It was effectively replaced with the [Largest Contentful Paint (LCP)](https://web.dev/lcp/) - a metric that reports the render time of the largest [image or text block](https://web.dev/lcp/#what-elements-are-considered) visible within the viewport, relative to [when the page first started loading](https://w3c.github.io/hr-time/#timeorigin-attribute). A few points to consider are:
 26 | 
 27 | #### Use Server Side Rendering
 28 | Modern JS frameworks (Angular, React, Vue) support server side rendering, allowing the application to become **universal**. Here's a guide to implement [server side rendering in React](https://medium.freecodecamp.org/demystifying-reacts-server-side-render-de335d408fe4). SSR minimizes the time you wait for the first meaningful paint because your components render on the server and the client only needs to load HTML and CSS. This also ensures that we can defer loading JavaScript files.
 29 | 
 30 | #### Defer JavaScript execution
 31 | If the user doesn't need JavaScript to see the initial render, we can use the `defer` attribute on script tags.
 32 | ```html
 33 | <script type="text/javascript" src="/app.bundle.js" defer/>
 34 | ```
 35 | 
 36 | Further reading on [`defer` and `async`](http://www.growingwiththeweb.com/2014/02/async-vs-defer-attributes.html).
 37 | 
 38 | #### Preload critical resources
 39 | Defering resource execution is one thing, but in certain scenarios you may want to **preload** resources that you know will be used in the initial render. [Link Preload](https://developer.mozilla.org/en-US/docs/Web/HTML/Preloading_content) is a nice feature that you can include in your `<head>` tag. Normally you would preload: styles, fonts or even scripts, based on how fast you need them during the initial render phase.
 40 | 
 41 | An example would be
 42 | ```
 43 | <link rel="preload" href="/app.bundle.css" as="style" />
 44 | <link rel="preload" href="/fonts/roboto.woff2" as="font" type="font/woff2" crossorigin />        
 45 | <link rel="preload" href="/app.bundle.js" as="script" />
 46 | ```
 47 | 
 48 | Also make sure you keep all your critical resources on your domain/servers, so you don't depend on 3rd parties for your critical render.
 49 | 
 50 | #### Inline above-the-fold CSS
 51 | In order to avoid a roundtrip to fetch the initial CSS, there are certain scenarios in which you can inline the styles needed to render the initial screen. The browser only needs the styles which are *above-the-fold*, or inside the user viewport. There are multiple tools that help you extract above the fold CSS:
 52 | * [Critical by Addy Osmani](https://github.com/addyosmani/critical)
 53 | * [CriticalCSS by Filament Group](https://github.com/filamentgroup/criticalCSS)
 54 | 
 55 | #### Leverage font-display for critical text
 56 | When you're using webfonts, by default, browsers will not show the text until the webfonts are loaded. Using `font-display: swap` or `optional` can signal browsers to use a system font until webfonts are there. More about `font-display` and the possible values on [css-tricks](https://css-tricks.com/font-display-masses/).
 57 | 
 58 | #### Limit number of DOM nodes
 59 | Make sure you don't introduce too many nodes in your HTML, try to keep it clean and neat. Google Lighthouse suggests limiting your DOM Nodes to ~1500 per page.
 60 | 
 61 | #### Delay 3rd parties
 62 | Anything from Google Analytics to Helpdesk or other 3rd party services you are using in your website tend to delay the initial render if they are not properly delayed. Ideally, you should make sure all 3rd parties have the lowest priority for downloading and execution.
 63 | 
 64 | Further reading on [3rd party JS optimization](https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/loading-third-party-javascript/)
 65 | 
 66 | ## Keeping the bundle size to a minimum
 67 | 
 68 | #### Minify JS and CSS
 69 | Make sure you also minimize CSS, especially since that CSS will always delay the initial render.
 70 | 
 71 | #### Tree shaking
 72 | When [using webpack](https://webpack.js.org/guides/tree-shaking/), make sure you disable module transpilation, so webpack can automatically do tree shaking based on ES Modules syntax.
 73 | 
 74 | #### Code splitting
 75 | If your bundle size is still large, one option is to split chunks of your code and lazy load them only when you need them. This is very easily done with the [dynamic import syntax and webpack](https://webpack.js.org/guides/code-splitting/). Further more, when using React, you can use [react-loadable](https://github.com/jamiebuilds/react-loadable) to abstract the complexity of the dynamic module import.
 76 | 
 77 | #### Eliminate seldomly used dependencies
 78 | Make sure you're using a good chunk of a library if you import it in your code. Otherwise you will end up with a lot of unused code in your final bundle that might not be easily tree shaken because of the way in which the library is built. A few examples:
 79 | * Prefer the native array functions instead of adding lodash for a few operations
 80 | * Avoid using `moment.js` (69 kB minified + gziped!) or make sure you don't load all locales for it.
 81 | * Create your custom components if your use case is very limited compared to a fully featured component.
 82 | 
 83 | #### Other ideas to help minimize the bundle size
 84 | * Use [babel-preset-env](https://github.com/babel/babel/tree/master/packages/babel-preset-env) + [browserslist](https://github.com/browserslist/browserslist) to specify browser support and limit polyfills
 85 | * Use [bundlesize](https://github.com/siddharthkp/bundlesize) in your CI to define hard size limits for your bundle.
 86 | * Generate and inspect bundle size with [webpack bundle analyzer](https://github.com/webpack-contrib/webpack-bundle-analyzer) or other similar tools
 87 | * Measure code coverage with **Chrome DevTools**
 88 | 
 89 | ## Image Optimization
 90 | A few practices to improve the performance on website that rely heavily on images
 91 | * Defer image loading based on their importance / visibility
 92 | * Serve images according to screen size - you don't need a 1080p image on a mobile device.
 93 | * Use modern encoding formats when possible, like [Webp](https://www.smashingmagazine.com/2015/10/webp-images-and-performance/)
 94 | * Inline small images as SVGs
 95 | * Don’t render offscreen images, use IntersectionObserver to determine if the image should be fetched
 96 | 
 97 | ## Interactivity and Animations
 98 | After optimizing the critical rendering path and the initial render, it's time to look at how the user interacts with your application. Using the following practices will help you maintain your rendering at 60fps:
 99 | * Use [passive event listeners](https://developers.google.com/web/updates/2016/06/passive-event-listeners)
100 | * Use *opacity* and *transforms* to create css animations, avoiding unnecessary reflows
101 | * Use [will-change](https://developer.mozilla.org/en-US/docs/Web/CSS/will-change) when you know the element will be animated
102 | * Constantly check performance with the Chrome DevTools Audit tab.
103 | 
104 | ## Backend Optimizations
105 | And a few tips to use on the backend and the server to help the web app performance overall:
106 | * Don’t rely on ORMs for performant queries
107 | * Use indexes on all columns you query
108 | * Use pagination for long lists
109 | * Rely on server caching when possible
110 | * Use http/2
111 | * Use gzip/deflate
112 | * Rely CDNs to deliver assets (js, css, images) based on region and availability
113 | 
114 | ## Performance Tests and Tools
115 | Finally, some tools that help you on the way:
116 | * Google lighthouse (performance, seo, accessibility, etc.)
117 | * Google devtools / performance tab
118 | * GTMetrix (loading times, performance charts)
119 | * Locust.io (load testing, requires some python knowledge)
120 | * jmeter (load testing)
121 | * Apache Benchmark (load and perf testing)
122 | 
123 | ## Further Reading
124 | [Frontend Performance Checklist 2021](https://www.smashingmagazine.com/2021/01/front-end-performance-2021-free-pdf-checklist/)
125 | 


--------------------------------------------------------------------------------
/how-we-work/performance/performance-cheatsheet.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FortechRomania/js-team-showcase/72ba01948cde3cb2726b10d52424e4f25b409666/how-we-work/performance/performance-cheatsheet.png


--------------------------------------------------------------------------------
/how-we-work/project-setup.md:
--------------------------------------------------------------------------------
 1 | # Standard Project Setup
 2 | 
 3 | ### Common
 4 | We try to approach all projects, small or large, with a consistent project setup. This includes things like [a common ESlint config](https://github.com/FortechRomania/js-team-showcase/blob/master/how-we-work/coding-guidelines.md), a common approach to npm tasks and git flows, a common folder structure. Towards the end of the document, we will go through the specific setup aspects for React/Angular or other framework centric projects.
 5 | 
 6 | Let's have a look at a standard `package.json` on one our our projects:
 7 | ```javascript
 8 | {
 9 |   "name": "<project-name>",
10 |   "version": "1.0.0",
11 |   "description": "...",
12 |   "scripts": {
13 |     "dev": "webpack --progress --colors --watch",
14 |     "build": "webpack --progress",
15 |     "start": "nodemon --watch src/server.js",
16 |     "linter": "eslint src",
17 |     "test": "jest"
18 |     "bundlesize": "bundlesize",
19 |     "precommit": "npm run lint",
20 |     "prepush": "npm run test"
21 |   },
22 |   "browserslist": [
23 |     "> 1%",
24 |     "last 2 versions",
25 |     "Firefox ESR"
26 |   ],
27 |   "bundlesize": [
28 |     {
29 |       "path": "./dist/js/app.bundle.js",
30 |       "maxSize": "170 kB"
31 |     },
32 |     {
33 |       "path": "./dist/js/lib.bundle.js",
34 |       "maxSize": "110 kB"
35 |     }
36 |   ],
37 |   "dependencies": {
38 |   },
39 |   "devDependencies": {
40 |     "babel": "^6.3.26",
41 |     "babel-eslint": "^7.1.1",
42 |     "babel-loader": "^7.1.1",
43 |     "babel-minify-webpack-plugin": "^0.2.0",
44 |     "babel-preset-env": "^1.6.0",
45 |     "bundlesize": "^0.15.3",
46 |     "eslint": "^4.8.0",
47 |     "eslint-config-fortech": "^2.0.2",
48 |     "eslint-plugin-compat": "^1.0.2",
49 |     "eslint-plugin-import": "^2.7.0",
50 |     "friendly-errors-webpack-plugin": "^1.6.1",
51 |     "husky": "^0.14.3",
52 |     "jest": "^22.1.2",
53 |     "webpack": "^3.4.1",
54 |     "webpack-bundle-analyzer": "^2.2.1"
55 |   }
56 | }
57 | ```
58 | 
59 | Let's cover a few tools / libs from this setup.
60 | 
61 | #### Webpack
62 | We use Webpack for bundling modern web applications. We also use `Uglify` or `Minify` as plugins to output production code. Additionally, we integrate [webpack-bundle-analyzer](https://www.npmjs.com/package/webpack-bundle-analyzer) to generate more details about the bundle size and about how dependencies are composing in the production code. Finally, we add the [friendly-errors-plugin](https://www.npmjs.com/package/friendly-errors-webpack-plugin) for debugging purposes when running the project locally.
63 | 
64 | #### Babel
65 | In order to support older browsers we transpile the code via [Babel](https://babeljs.io/). The babel settings go into `.babelrc`. In order to use babel with Webpack we rely on `babel-preset-env` which can optionally transpile code based on the `browserlist` which is found in `package.json`.
66 | 
67 | A standard `.babelrc` file:
68 | ```json
69 | {
70 |     "presets": [
71 |         [ "env", { 
72 |             "modules": false
73 |         } ],
74 |         "react"
75 |     ]
76 | }
77 | ```
78 | 
79 | Note that `modules: false` will not transpile ESModules to RequireJS, enabling webpack to tree shake your code.
80 | 
81 | #### Husky
82 | In order to ensure stability and code quality we've come up with a standard practice of using precommit/prepush hooks to lint and test the code that ends up on the central repository. We're leveraging [husky's](https://github.com/typicode/husky) ability to simply use standard npm scripts: `precommit`, `prepush`.
83 | 
84 | #### Jest/Mocha
85 | We don't have a strong preference for one testing tool, but recently `Jest` has gained a lot of attention. We added it on multiple projects because of the easy setup behind it and because you get all the tools in one pack.
86 | 
87 | #### ESLint
88 | We have a common `eslint` config for all projects, with a specific flavor for `React` which supports `JSX` and other `React` specific rules. You can read more about our choices [on this repository, Coding Guidelines article](https://github.com/FortechRomania/js-team-showcase/blob/master/how-we-work/coding-guidelines.md). We run the `eslint` task on precommit hooks to make sure that only the code that respects all the standard rules ends up on the central repo.
89 | 
90 | #### Bundlesize
91 | Finally we want to keep the size of our bundles in control. We use `bundlesize` to test against some predefined values from `package.json`. Of course these values are subject to change as the project increases in size and complexity, but it's always a good reminder that we need to control the size of the code we ship.
92 | 
93 | ### React
94 | Under construction
95 | 
96 | ### Angular
97 | Under construction
98 | 


--------------------------------------------------------------------------------
/how-we-work/security/dev-security-checklist.md:
--------------------------------------------------------------------------------
  1 | # Developer's Security Checklist
  2 | 
  3 | ## Introduction
  4 | Security in web applications is very important and, at this moment, we believe that few developers are taking it seriously.
  5 | We want to do it right, reason for which we have put together a small checklist to help us guide through the must have security checks. Some of the checks can be implemented at the code-level while others are musts on a server setup.
  6 | Most of the solutions mentioned here are focused on JavaScript.
  7 | 
  8 | The main topics discussed on this page are:
  9 | * [System Misconfiguration](#system-misconfiguration)
 10 | * [Sensitive Data Exposure](#sensitive-data-exposure)
 11 | * [Dependency Vulnerabilities](#dependency-vulnerabilities)
 12 | * [Broken Authentication and Session Management](#broken-authentication-and-session-management)
 13 | * [Input Validation](#input-validation)
 14 | * [Cross-Site Request Forgery (CSRF)](#cross-site-request-forgery--csrf-)
 15 | * [Cross-Site Scripting (XSS)](#cross-site-scripting--xss-)
 16 | * [Clickjacking](#clickjacking)
 17 | * [Injection - SQL Injection](#injection---sql-injection)
 18 | * [Direct object references](#direct-object-references)
 19 | 
 20 | ## System Misconfiguration
 21 | Most of the security attacks occur when [server/system configuration](https://www.owasp.org/index.php/Top_10_2013-A5-Security_Misconfiguration) is not done properly.
 22 | 
 23 | We propose the following to be implemented:
 24 | * Inside the app configuration, disable HTTP header “x-powered by”. When using Node framework this can be implemented by using a syntax like `app.disable("x-powered-by")`.
 25 | * Always use HTTPS. If you are using HTTP, our advise is to switch to HTPPS. Also, make sure that, in the server configuration, the only opened port is `443`. Check it using `nmap` to scan all open ports on your server’s IP or using the command `netstat -lan | grep LISTEN` to display very detailed informations about how your server is communicating with other servers or network devices.
 26 | * Use SSL certificates and change them periodically or at least self signed certificates. Currently there are options like [Let's Encrypt](https://letsencrypt.org/) that can be used to get a free certificate.
 27 | * Setup firewalls.
 28 | * Use server providers that use IP filters.
 29 | * Use [iptables](https://help.ubuntu.com/community/IptablesHowTo) that filter IPs.
 30 | * Check the server's configuration and make sure it does not show its distribution (NGINX, Apache, Haproxy, etc.) and more importantly to not display the version of the installed distribution.
 31 | * Use machines that forward internet to production(px) servers. Px servers should not be connected directly to the internet - use instead internet gateways or [NATs](https://en.wikipedia.org/wiki/Network_address_translation).
 32 | * Implement credential rotation i.e. once in a while authorization keys/app tokens should be changed automatically.
 33 | * Implement logging system to detect flaws in applications or attacks for rogue users i.e.:
 34 |     - make sure that the logs don’t contain sensitive/invalidated information i.e. don’t log the source code, access tokens, authentication passwords, encryption keys, payment details (account, card holder personal data), session identification values, users' personal data, database connection strings or any other data that should be private.
 35 |     - store the logs in a dedicated server/separate partition. The simplest server configuration will generate local logs of their actions and errors, consuming the disk on the server. In the case of this system configuration, in the case of an attack, the system is compromised and the logs can be wiped out by the intruder to clean up all the traces (with tools like log zapper all traces are cleaned including the IP address of the attacker). If that happens there is no notification of the attack or no way to trace back how the attack occurred in the first place. By keeping the logs in a separate location and not on the web server itself, it is much easier to aggregate logs from different sources, logs cannot be found easily by the attackers, the log analysis can be done without affecting the server itself by not using the server’s resources, the application will not fail in case it is unable to write on the disk ([Denial of Service condition](https://en.wikipedia.org/wiki/Denial-of-service_attack)).
 36 |     - rotate the logs i.e. compress logs after a limited amount of time or after a maximum given size was reached.
 37 |     - monitor/review the logs to detect targeted attacks i.e. check the logs for 40x (not found errors) and 50x (server errors) messages. A large amount of 40x error messages might appear from [CGI](https://en.wikipedia.org/wiki/Common_Gateway_Interface) scanner tools used. The 50x server error messages appear when parts of the apps are failing e.g. the first phases of a SQL injection attack will produce these error message when the SQL query is not properly constructed and its execution fails on the back-end database. Conclusions from the log analysis should be stored in a different server than the app’s server to hide any possible vulnerabilities and improper configurations.
 38 |     - implement emailing streams when too many errors with the same error code is logged.
 39 |     - keep the logs sufficient time and make backups.
 40 | 
 41 | ## Sensitive Data Exposure
 42 | Attackers steal keys, execute man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s client/browser. Previously retrieved password databases could be brute forced by Graphics Processing Units (GPUs).
 43 | 
 44 | We propose to focus on the following actions:
 45 | * Classify data processed, stored or transmitted by the application.
 46 | * Apply controls depending on the classification i.e. try to implement roles and multiple authentication sessions.
 47 | * Remove code comments that may reveal any sensitive information.
 48 | * Do not store any sensitive data. If it is a must, then encrypt it.
 49 | * Do not store passwords in plain text. Use instead hashed/encrypted passwords. For Node, there are packages that hash passwords e.g. [bcrypt](https://www.npmjs.com/package/bcrypt) or [scrypt](https://en.wikipedia.org/wiki/Scrypt). Also, regarding passwords, don’t allow:
 50 |     - default, weak, or well-known passwords, such as "Password1" or "admin/admin“
 51 |     - weak or ineffective credential recovery and forgotpassword processes, such as "knowledge-based answers", which cannot be made safe
 52 |     - using plain text, encrypted, or weakly hashed passwords.
 53 | * Ensure that the encryption algorithms that are used are up-to-date and have strong standards/protocols.
 54 | * Encrypt all data in transit with secure protocols such as SSL or TLS with PFS ciphers (perfect forward secrecy).
 55 | * Disable caching for responses that contain sensitive data.
 56 | * Verify the effectiveness of the db’s configuration.
 57 | 
 58 | ## Dependency Vulnerabilities
 59 | Some of the attacks occur because some of the applications use already built components or dependencies that have vulnerabilities.
 60 | We propose to focus on the following actions:
 61 | * Remove unused dependencies.
 62 | * Remove unnecessary features and components.
 63 | * Do not add or expose files or documentation that is not supposed to be there (e.g. api docs).
 64 | * Check the versioning of components (both front-end and back-end dependencies) - use `yarn outdated` or `npm outdated` to check it.
 65 | * Use components from official sources and use secure links.
 66 | * Check for libraries and components that are unmaintained or have no security patches for older versions.
 67 | * For JavaScript you can use [snyk](https://snyk.io/) to determine any possible vulnerabilities in the app’s packages.
 68 | 
 69 | ## Broken Authentication and Session Management
 70 | The simplest application attack is automated and consists of credential stuffing i.e. the attacker has a list of valid usernames and passwords and tries them all until one is valid. That is why the app should not permit:
 71 | * Brute force or other automated attacks,
 72 | * Default, weak, or well-known passwords, such as "Password1" or "admin/admin“, uses weak or ineffective credential recovery and forgotpassword processes, such as "knowledge-based answers", which cannot be made safe,
 73 | * Plain text, encrypted, or weakly hashed passwords.
 74 | 
 75 | Read more about [authentication](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html) and [session management](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html) on OWASP.
 76 | 
 77 | Still, to avoid this we propose the following:
 78 | * Implement multi-factor authentication (MFA) - prevents automated, credential stuffing, brute force and stolen credential reuse attacks. E.g. gmail, internet banking apps.
 79 | * Apply the principle of least privilege - allow an user to access only the user's dedicated content; the rest should be denied.
 80 | * Use JWT (JSON Web Tokens) - read more on this [link](https://jwt.io/). To add it to your application you can find the following [tutorial](https://medium.freecodecamp.org/securing-node-js-restful-apis-with-json-web-tokens-9f811a92bb52).
 81 | * Do not deploy any default credentials, particularly for admin users.
 82 | * Implement weak-password checks (test new or changed passwords against a list of the top [10000 worst passwords](https://github.com/danielmiessler/SecLists/tree/master/Passwords)).
 83 | * Do not allow default, weak, or well-known passwords, such as "Password1" or "admin/admin".
 84 | * Do not allow weak or ineffective credential recovery and forgotpassword processes, such as "knowledge-based" answers.
 85 | * Align password length, complexity and rotation policies with the newest standards.
 86 | * Limit or add delay for repeatedly failed login attempts. Log all failed login attempts and alert the administrator and user for credential stuffing or brute force.
 87 | * Generate session ids with higher entropies on the server-side.
 88 | * Do not send session ids via URLs.
 89 | * In Node, brute force protection can be avoided with a package called [ratelimiter](https://www.npmjs.com/package/ratelimiter) or by implementing a middleware that adds a small delay if the same request is done too many times/minute.
 90 | 
 91 | ## Input Validation
 92 | Input validation is a must that should be performed to ensure that only properly formed data is used in the application. The validation of input should be implemented as early as possible in the data flow mostly to prevent malformed data from persisting in the database and triggering malfunction of various downstream components.
 93 | 
 94 | For validation, the focus is on:
 95 | * Data validation - mostly on the server-side. If you are validating on client-side build your own reqular expressions and make sure you do not use wildcards.
 96 | * Validate data before processing i.e. check API token/key, HTTP headers, URLS, parameters.
 97 | * Specify proper character sets, such as UTF-8, for all sources of input.
 98 | * Validation against DB schemas.
 99 | * Validate uploaded files i.e. check format, size, content, etc.
100 | * Type validation of expected data.
101 | * Defining minimum and maximum value range checks for numerical parameters.
102 | * Defining minimum and maximum length check for string parameters.
103 | * Validate the input against a whitelist of allowed characters, whenever possible. Prefer whitelist over blacklist for input validation i.e. define arrays of allowed values for small sets of string parameters e.g. days of the week, status, flags, etc.
104 | 
105 | ## Cross-Site Request Forgery (CSRF)
106 | [CSRF](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)) is an attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. This attack can result in transfer funds, password changing, items purchased in the user’s name.
107 | 
108 | To prevent this type of the attack we suggest the following checks:
109 | * Check standard headers to verify the request has the same origin i.e.:     
110 |     1. Determine where is the request coming from (source origin). To identify the source origin, we recommend using one of these two standard headers that almost all requests include one or both of the Origin Header or the Referer Header.
111 |     2. Determine where is the request going to (target origin).
112 | * Add CSRF token validation
113 | * Use POST instead of GET. This option is not always effective but it gives more work to the attacker.
114 | * Implement intermediate confirmation pages to inform the user that the operation might have other output that the one desired (“Are you sure you really want to do this?”, “Do you want to leave the current page?”) - not always effective but it gives more work to the attacker.
115 | * Implement automatic logout mechanisms.
116 | * For Node applications use [helmet](https://github.com/helmetjs/helmet) package to hide several details about the app. Helmet is a pluggable library for [ExpressJS](https://github.com/helmetjs/helmet) and [KOA](https://github.com/venables/koa-helmet) frameworks which provides a wide range of solutions related to the transport security layer. For example add the following to your code:
117 |     - `app.use(helmet.noCache());` to prevent the browser from caching/storing the page;
118 |     - `app.use(helmet.csp());` to allow loading websites/resources only from whitelisted domains;
119 |     - `app.use(helmet.hsts());` to block any HTTP requests and allows communication only on HTTPS;
120 |     - `app.use(csrf());` to enable express CSRF protection;
121 |     - `app.use(nosniff());` to force the browser to only use the Content-Type set in the response header instead of sniffing or guessing it.
122 | * For Node, there is another package that can be used. [CSRF](https://www.npmjs.com/package/csrf) module can be used as middleware to validate an additional token that can come from the front-end part of the app.
123 | 
124 | ## Cross-Site Scripting ( XSS )
125 | [XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) is an attack that implies code injection on a web site. Basically, one site manages to run a malicious script on another site, with the privileges of you, the user. [XSS attacks](https://www.acunetix.com/websitesecurity/cross-site-scripting/) do not target a direct victim - the attack exploits a vulnerability within a website/web app that any user can visit and by that vulnerability a malicious script is delivered.
126 | To prevent an attack we suggest the focus on the following:
127 | * Don’t allow inserting data except in the allowed locations.
128 | * Applying context-sensitive encoding when modifying the browser document on the client side acts against DOM XSS.
129 | * Use frameworks that automatically escape XSS by design ( ReactJS, RoR )
130 | * For Node use the `helmet` package mentioned above to hide several details about the app. For example:
131 |     - `app.use(helmet.hsts());` to block any HTTP requests and to allow communication only on HTTPS
132 |     - `app.use(helmet.xssFilter());` to enables XSS filter
133 |     - `app.use(helmet.iexss());` to enable XSS filter in IE (it is `on` by default)
134 | 
135 | ## Clickjacking
136 | [Clickjacking](https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html) is an attack that consists in tricking an user into clicking on something different from what the user perceives they are clicking on. The result might be revealing confidential information, losing control of the device in use, making a payment, etc. The attack takes the form of embedded code or script that is executed without the user’s knowledge when a simple operation of clicking (of a different function) on a button is performed.
137 | 
138 | The security checks that one should consider implementing are:
139 | * Employing defensive code in the UI to ensure that the current frame is the most top level window
140 | * Sending the proper Content Security Policy (CSP) frame-ancestors directive response headers that instruct the browser to not allow framing from other domains. This replaces the older X-Frame-Options HTTP headers.
141 | * For Node apps use `helmet` package to prevent opening a page inside of an frame or iframe i.e. add `app.use(helmet.xframe());` to your index file.
142 | 
143 | ## Injection - SQL Injection
144 | In general, when speaking about injection in terms of security we refer at the process of inserting any source of data inside the app i.e. over-writing environment variables, parameters, etc. with hostile data.
145 | 
146 | Some security checks are listed below:
147 | * Use a safe API, which avoids the use of the interpreter entirely or provides a parameterized interface, or migrate to use Object Relational Mapping Tools (ORMs).
148 | * Validate, filter and sanitize user-supplied data (Use server-side input validation)
149 | * Use LIMIT and other SQL controls within queries to prevent mass disclosure of records in case of SQL injection.
150 | 
151 | In particular, [SQL Injection](https://en.wikipedia.org/wiki/SQL_injection) is an attack that consists in accessing/corrupting database structure by using application codes. This type of attack allows creating, reading, updating, altering or deleting data stored in the database. Used when user input is incorrectly filtered for string literal escape characters embedded in sql or when user input in not strongly type and unexpectedly executed.
152 | 
153 | For this type of attack, one should focus on:
154 | * Never building SQL statements from the user input. To implement this read more at this [link](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet).
155 | 
156 | ## Direct object references
157 | [Insecure Direct Object References](https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html) allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user supplied input and uses it to retrieve an object without performing sufficient authorization checks.
158 | 
159 | To prevent this type of attack one can:
160 | * Use per user or session indirect object references to prevent from directly targeting unauthorized resources.
161 | * Check access at every user action i.e. each use of a direct object reference from an untrusted source must include an access control check to ensure that the user is authorized for the requested object.
162 | 
163 | ### Resources:
164 | * [OWASP](https://www.owasp.org)
165 | 


--------------------------------------------------------------------------------
/how-we-work/security/qa-security-checklist.md:
--------------------------------------------------------------------------------
  1 | # QA's Security checklist
  2 | 
  3 | ## Introduction
  4 | Security in web applications is very important and, at this moment, we believe that few developers are taking it seriously.
  5 | As QA, we want to make sure all is set in a proper way and the apps have no security breaches. For this reason we have put together a small checklist to help us guide through the must have security checks. Some of the checks can be included in the app's automated tests while others (e.g. security checks focused on the server setup) should run as scripts in the terminals.
  6 | 
  7 | The solutions mentioned here are focused on Javascript.
  8 | 
  9 | The main topics discussed on this page are:
 10 | * [System Misconfiguration](#system-misconfiguration)
 11 | * [Sensitive Data Exposure](#sensitive-data-exposure)
 12 | * [Dependency Vulnerabilities](#dependency-vulnerabilities)
 13 | * [Broken Authentication and Session Management](#broken-authentication-and-session-management)
 14 | * [Input Validation](#input-validation)
 15 | * [Cross-Site Request Forgery ( CSRF )](#cross-site-request-forgery--csrf-)
 16 | * [Cross-Site Scripting ( XSS )](#cross-site-scripting--xss-)
 17 | * [Clickjacking](#clickjacking)
 18 | * [Injection - SQL Injection](#injection---sql-injection)
 19 | * [Direct object references](#direct-object-references)
 20 | 
 21 | ## System Misconfiguration
 22 | Most of the security attacks occur when [server/system configuration](https://www.owasp.org/index.php/Top_10_2013-A5-Security_Misconfiguration) is not done properly.
 23 | 
 24 | Things we suggest to be tested:
 25 | * Verify that HTTP header “x-powered by” is disabled. When dealing with Node API check the response for `app.disable("x-powered-by")`.
 26 | * Make sure the applications always uses HTTPS. Check that, in the server configuration, the only opened port is `443`. Check it using `nmap` to scan all open ports on your server’s IP e.g. `nmap website.com`. To check specific things read about [Linux scanning network for open ports](https://www.cyberciti.biz/tips/linux-scanning-network-for-open-ports.html). Another option might be checking some of the ports on [canyouseeme.org/](http://canyouseeme.org/).
 27 | * The app should have its own SSL certificates. To verify the presence of the certificates check the response of `curl -vvI https://website.com`
 28 | * Verify that server distribution (NGINX, Apache, Haproxy, etc.) and more importantly the version are not visible.
 29 | * Use tools like Locust.io to check if a logging system is implemented and [Denial of Service condition](https://en.wikipedia.org/wiki/Denial-of-service_attack) is not applied. Use brute force for requests like `/login` to make sure delay is added on fail.
 30 | 
 31 | More information can be read on [tutorialspoint.com, Testing security misconfiguration](https://www.tutorialspoint.com/security_testing/testing_security_misconfiguration.htm).
 32 | 
 33 | ## Sensitive Data Exposure
 34 | Attackers steal keys, execute man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s client/browser. Previously retrieved password databases could be brute forced by Graphics Processing Units (GPUs).
 35 | Things we suggest to be tested:
 36 | * Check that developers classify the data processed, stored or transmitted by the application.
 37 | * Check if the app's control depends on the classification i.e. make sure roles are implemented and that multiple authentication sessions are in place.
 38 | * Make sure that no sensitive data is stored. If it is a must, make sure it is encrypted and that the key is not public.
 39 | * Make sure sensitive data is not exposed or hardcoded in the code/logs. To do that use `grep -r –E "Pass | password | pwd |user | guest| admin | encry | key | decrypt | sharekey " ./PathToSearch/` or `grep -r " {2\}[0-9]\{6\} "  ./PathToSearch/`
 40 | * Verify that the passwords are not stored in plain text. Verify if packages that hash/encrypt passwords e.g. [bcrypt](https://www.npmjs.com/package/bcrypt) or [scrypt](https://en.wikipedia.org/wiki/Scrypt) are used. Also, regarding passwords, make sure you test for:
 41 |     - default, weak, or well-known passwords, such as "Password1" or "admin/admin“
 42 |     - weak or ineffective credential recovery and forgotpassword processes, such as "knowledge-based answers", which cannot be made safe
 43 | 
 44 | More details can be found [on owasp.org, Testing for Sensitive Information](https://www.owasp.org/index.php/Testing_for_Sensitive_information_sent_via_unencrypted_channels_(OTG-CRYPST-003)).
 45 | 
 46 | ## Dependency Vulnerabilities
 47 | Some of the attacks occur because some of the applications use already built components or dependencies that have vulnerabilities.
 48 | Things we suggest to be tested:
 49 | * Check that there are no unused dependencies.
 50 | * Check if unnecessary features and components are present - make sure the automated tests have a good coverage.
 51 | * Make sure that files or documentation that is not supposed to be there (e.g. api docs) is not displayed to the public.
 52 | * Check the versioning of components (both front-end and back-end dependencies) - use `yarn outdated` or `npm outdated` to check it.
 53 | * Make sure the components are from official sources and use secure links.
 54 | * Check for libraries and components that are unmaintained or have no security patches for older versions.
 55 | * Use tools like [snyk](https://snyk.io/) to determine any possible vulnerabilities in the app’s packages. Other tools can be found on [techbeacon.com](https://techbeacon.com/13-tools-checking-security-risk-open-source-dependencies-0).
 56 | 
 57 | ## Broken Authentication and Session Management
 58 | The simplest application attack is automated and consists of credential stuffing i.e. the attacker has a list of valid usernames and passwords and tries them all until one is valid.
 59 | 
 60 | To avoid this we to check if the following are in place:
 61 | * Multi-factor authentication (MFA) - prevents automated, credential stuffing, brute force and stolen credential reuse attacks. E.g. gmail, internet banking apps.
 62 | * The principle of least privilege - allows an user to access only the user's dedicated content; the rest should be denied. Use `curl -kis http://website.com/notsupposetosee/` to verify.
 63 | * JWT (JSON Web Tokens) - read more on [jwt.io](https://jwt.io/). Check if it is added to your application.
 64 | * Weak-password checks (test new or changed passwords against a list of the top [10000 worst passwords](https://github.com/danielmiessler/SecLists/tree/master/Passwords)).
 65 | * No default, weak, or well-known passwords, such as "Password1" or "admin/admin".
 66 | * No weak or ineffective credential recovery and forgotpassword processes, such as "knowledge-based" answers.
 67 | * Password length, complexity and rotation policies aligns with the newest standards.
 68 | * Limited or delayed responses for repeatedly failed login attempts. Also, make sure al failed login attempts are logged and alert the administrator for credential stuffing or brute force.
 69 | * Session ids have higher entropies on the server-side.
 70 | * Session ids are not sent via URLs.
 71 | * Check if in Node, brute force protection is avoided with packages like [ratelimiter](https://www.npmjs.com/package/ratelimiter) or by implementing a middleware that adds a small delay if the same request is done to many times/minute.
 72 | 
 73 | More details can be found on [tutorialspoint.com, Testing Broken Authentication](https://www.tutorialspoint.com/security_testing/testing_broken_authentication.htm) or on [owasp.org, Testing for Session Management](https://www.owasp.org/index.php/Testing_for_Session_Management).
 74 | 
 75 | ## Input Validation
 76 | Input validation is a must that should be performed to ensure that only properly formed data is used in the application. The validation of input should be implemented as early as possible in the data flow mostly to prevent malformed data from persisting in the database and triggering malfunction of various downstream components.
 77 | 
 78 | Check for the following:
 79 | * Data validation - mostly on the server-side. If you are validating on client-side make sure the reqular expressions does not contain wildcards.
 80 | * Validate data before processing i.e. check API token/key, HTTP headers, URLS, parameters.
 81 | * Check if proper character sets e.g. UTF-8, are used for all sources of input.
 82 | * Check for validation against DB schemas.
 83 | * Check if uploaded files are valid i.e. check format, size, content, etc.
 84 | * Check the validity of expected data.
 85 | * Check minimum and maximum value range for numerical parameters.
 86 | * Check minimum and maximum length for string parameters.
 87 | * Check the input against a whitelist of allowed characters, whenever possible. Makes sure it is preferred whitelists over blacklists for input validation i.e. check if there is a defined array of allowed values for small sets of string parameters e.g. days of the week, status, flags, etc.
 88 | 
 89 | More details can be found on [owasp.org, Testing for Input Validation](https://www.owasp.org/index.php/Testing_for_Input_Validation).
 90 | 
 91 | ## Cross-Site Request Forgery (CSRF)
 92 | [CSRF](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)) is an attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. This attack can result in transfer funds, password changing, items purchased in the user’s name.
 93 | 
 94 | To prevent this type of the attack we suggest the following checks:
 95 | * Check standard headers to verify the request has the same origin i.e.:     
 96 |     1. Determine where is the request coming from (source origin). To identify the source origin, we recommend using one of these two standard headers that almost all requests include one or both of the Origin Header or the Referer Header.
 97 |     2. Determine where is the request going to (target origin).
 98 | * Check for CSRF token validation
 99 | * Check POST is used instead of GET. This option is not always effective but it gives more work to the attacker.
100 | * Check for intermediate confirmation pages to inform the user that the operation might have other output that the one desired (“Are you sure you really want to do this?”, “Do you want to leave the current page?”).
101 | * Check for automatic logout mechanisms.
102 | * Make sure Node applications use [helmet](https://github.com/helmetjs/helmet) package to hide several details about the app.
103 | * Make sure that packages like [CSRF](https://www.npmjs.com/package/csrf) are used. This is a module used as middleware to validate an additional token that can come from the front-end part of the app.
104 | 
105 | More details can be found on [owasp.org, Testing for CSRF](https://www.owasp.org/index.php/Testing_for_CSRF_(OTG-SESS-005)).
106 | 
107 | ## Cross-Site Scripting (XSS)
108 | [XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) is an attack that implies code injection on a web site. Basically, one site manages to run a malicious script on another site, with the privileges of you, the user. [XSS attacks](https://www.acunetix.com/websitesecurity/cross-site-scripting/) do not target a direct victim - the attack exploits a vulnerability within a website/web app that any user can visit and by that vulnerability a malicious script is delivered.
109 | To check if this type of attacks might happen test for the following:
110 | * Data cannot be inserted in any other locations except in the allowed ones.
111 | * The app is built in frameworks that automatically escape XSS by design (ReactJS, Ruby on Rails)
112 | * If Node is in use, check for packages like `helmet`. For example:
113 |     - check that the browser from caching/storing the page - check if the index file contains a syntax like `app.use(helmet.noCache());`.
114 |     - check that the loading websites/resources is allowed only from whitelisted domains - check if the index file contains `app.use(helmet.csp());`
115 |     - check that HTTP requests are blocked and that the only allowed communication is done on HTTPS - check for `app.use(helmet.hsts());` syntax.
116 |     - check if express CSRF protection is enabled - check if the syntax `app.use(csrf());` is added.
117 |     - check if the browser is forced to only use the Content-Type set in the response header instead of sniffing or guessing it. Check for `app.use(nosniff());` syntax.
118 | 
119 | Other particularities can be found on [owasp.org, Testing for XSS](https://www.owasp.org/index.php/Testing_for_Cross_site_scripting).
120 | 
121 | ## Clickjacking
122 | [Clickjacking](https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet) is an attack that consists in tricking an user into clicking on something different from what the user perceives they is clicking on. The result might be revealing confidential information, losing control of the device in use, making a payment, etc. The attack takes the form of embedded code or script that is executed without the user’s knowledge when a simple operation of clicking (of a different function) on a button is performed.
123 | The security checks that should be verified are:
124 | * In the UI, the current frame is the most top level window.
125 | * The proper Content Security Policy (CSP) frame-ancestors directive response headers are used i.e. the browser does not allow framing from other domains.
126 | * If the app is built with Node, check if packages like `helmet` are used to prevent opening a page inside of an frame or iframe i.e. check if the index file contains a syntax like `app.use(helmet.xframe());`.
127 | 
128 | Other particularities can be found on [owasp.org, Testing for Clickjacking](https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)).
129 | 
130 | ## Injection - SQL Injection
131 | In general, when speaking about injection in terms of security we refer at the process of inserting any source of data inside the app i.e. over-writing environment variables, parameters, etc. with hostile data.
132 | In particular, [SQL Injection](https://en.wikipedia.org/wiki/SQL_injection) is an attack that consists in accessing/corrupting database structure by using application codes. This type of attack allows creating, reading, updating, altering or deleting data stored in the database. Used when user input is incorrectly filtered for string literal escape characters embedded in sql or when user input in not strongly type and unexpectedly executed.
133 | 
134 | For this type of attack, one should test if:
135 | * SQL statements cannot be built from the user input.
136 | 
137 | More details can be found on [owasp.org, Testing for SQL Injection](https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)).
138 | 
139 | ## Direct object references
140 | [Insecure Direct Object References](https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)) allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user supplied input and uses it to retrieve an object without performing sufficient authorization checks.
141 | To prevent this type of attack one should check [owasp.org, Testing for Insecure Direct Object Reference](https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)).
142 | 
143 | ### Resources:
144 | * [OWASP](https://www.owasp.org)
145 | 


--------------------------------------------------------------------------------
/how-we-work/security/security-cheatsheet.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FortechRomania/js-team-showcase/72ba01948cde3cb2726b10d52424e4f25b409666/how-we-work/security/security-cheatsheet.png


--------------------------------------------------------------------------------
/how-we-work/software-engineering-process.md:
--------------------------------------------------------------------------------
 1 | # Software engineering process
 2 | In the following section we will showcase some of the engineering/process practices that we follow when we work in small or large teams.
 3 | 
 4 | ## Git Flow
 5 | We adopted [one flow](http://endoflineblog.com/oneflow-a-git-branching-model-and-workflow) as a standard approach on all projects (small or large). 
 6 | 
 7 | Together with this, we follow a couple of rules when working on projects:
 8 | * Never push on **master**. Always create a branch, even for tiny changes.
 9 | * Always create feature branches linked with tickets (JIRA, redmine, gitlab)
10 | * Ticket naming should be standard and should contain the ticket number at the end or at the beginning of the name. Examples: `12345_update_dependencies`, `CP-12345`. Optionally, the name can include a few words about the ticket or can just be the project identifier.
11 | * Commit messages should reference the ticket numbers, based on the PM tool used, so that the commits are reflected in the tickets. Ex: `refs #12345`.
12 | * The person that opens the MR/PR is responsible for merging the code once he/she gets the approval from the reviewer/team.
13 | * Always enforce CI pipelines (linter, tests, bundlesize, etc.) **before** merging the branch.
14 | * Always delete old branches after they are merged.
15 | * Make use of CI pipelines to automatically deploy any changes to `master` in a **QA environment**.
16 | * Use a simple tag naming convention, ex: 1.0.0.
17 | 
18 | ## Code Reviews
19 | We have a couple of rules that we follow while reviewing each other's work:
20 | * Make sure PRs are **small enough** to be easily grasped by your teammates.
21 | * Treat code reviews with the **highest priority** during a sprint.
22 | * Do not test functionality, unless specific cases for front-end (cross-browser, responsiveness, edge cases).
23 | * Split your time between the following: LOGIC > REFACTORING OPPORTUNITIES > CODING STYLE keeping this order of importance.
24 | * Give your feedback in max 48h from when the PR was open.
25 | * On high complexity tasks, have two reviewers who approve the changes.
26 | 
27 | ## CI/CD
28 | Coming soon
29 | 


--------------------------------------------------------------------------------
/how-we-work/testing/end-to-end-testing.md:
--------------------------------------------------------------------------------
  1 | The purpose of this page is to provide an overview end to end testing solutions used within one of our projects.
  2 | 
  3 | # End to end testing
  4 | 
  5 | For end to end testing on hybrid mobile apps, we are using:
  6 | * [appium](http://appium.io/)
  7 | * [webdriver.io](http://webdriver.io/)
  8 | * [mocha](https://mochajs.org/)
  9 | * chai
 10 | * [sauceLabs](https://saucelabs.com/enterprise#automated-testing-platform) - cloud based platform for automated web and mobile testing
 11 | 
 12 | For end to end testing on web, we are using: 
 13 | * [testcafe](http://devexpress.github.io/testcafe/)
 14 | * [sauceLabs](https://saucelabs.com/enterprise#automated-testing-platform) - cloud based platform for automated web and mobile testing
 15 | 
 16 | **Testcafe**
 17 | *Installation*
 18 | 
 19 | 1st option: TestCafe Github: https://github.com/DevExpress/testcafe
 20 | ```
 21 | run npm install -g testcafe
 22 | ```
 23 | 
 24 | 2nd option: TestCafe official website: https://testcafe.devexpress.com/
 25 | Download TestCafe for your current OS & Install
 26 | 
 27 | *Running test with TestCafe*
 28 | ```
 29 | testcafe chrome tests/
 30 | ```
 31 | Runs all file tests that are inside the folder “tests/”. The tests are done on the currently installed version of Chrome Browser.
 32 | 
 33 | ```
 34 | testcafe safari tests/
 35 | ```
 36 | Runs all file tests that are inside the folder “tests/”. The tests are done on the currently installed version of Safari Browser.
 37 | 
 38 | ```
 39 | testcafe firefox tests/
 40 | ```
 41 | Runs all file tests that are inside the folder “tests/”. The tests are done on the currently installed version of Mozilla Firefox Browser.
 42 | 
 43 | ```
 44 | testcafe all tests/
 45 | ```
 46 | Runs all file tests that are inside the folder “tests/” on all locally installed browsers. The tests run in parallel.
 47 | 
 48 | ```
 49 | testcafe "chrome:emulation:device=iphone 6" tests/test.js
 50 | ```
 51 | or
 52 | ```
 53 | testcafe "chrome:emulation:width=100;height=200;mobile=true;orientation=vertical;touch=true" tests/test.js
 54 | ```
 55 | Runs tests in Chrome's built-in device emulator
 56 | 
 57 | ```
 58 | testcafe remote --qr-code test/test.js
 59 | ```
 60 | Generates qr code that can be used on several devices (both desktop and mobile)
 61 | 
 62 | *Integration with SauceLabs*
 63 | 
 64 | Install the plugin that integrates TestCafe with SauceLabs Testing Cloud -  created by Developer Express Inc. (https://devexpress.com) - testCafe owners
 65 | ```
 66 | npm install testcafe-browser-provider-saucelabs
 67 | ```
 68 | 
 69 | More info on: https://www.npmjs.com/package/testcafe-browser-provider-saucelabs
 70 | Set Environment Variables for Authentication Credentials. More details here.
 71 | Open Terminal mode, enter vi `~/.bash_profile`, and then press Enter.
 72 | Press i key to insert text into your profile file.
 73 | Enter these lines:
 74 | 
 75 | ```
 76 | export SAUCE_USERNAME="your Sauce username"
 77 | export SAUCE_ACCESS_KEY="your sauce access key"
 78 | ```
 79 | 
 80 | Press Escape.
 81 | Hold Shift and press Z twice (z z) to save your file and quit vi.
 82 | In the terminal, enter 
 83 | ```
 84 | source ~/.bash_profile.
 85 | ```
 86 | 
 87 | To determine the available browser aliases by running:
 88 | ```
 89 | testcafe -b saucelabs
 90 | ```
 91 | 
 92 | To run on an emulated device:
 93 | ```
 94 | testcafe "saucelabs:Android Emulator Tablet@4.4" './test/testjs'
 95 | ```
 96 | 
 97 | To run on more emulated devices just chain the name of the desired devices:
 98 | ```
 99 | testcafe "saucelabs:iPhone 6 Plus Simulator@9.3","saucelabs:Android Emulator Tablet@4.4" './test/test.js'
100 | ```
101 | 
102 | **Resources**
103 | * [Testcafe Features](https://vs.componentsource.com/product/testcafe/features)
104 | * [Test api](http://devexpress.github.io/testcafe/documentation/test-api/)
105 | * [Testcafe browsers support](https://docs.devexpress.com/TestCafeStudio/400191/concepts/browsers)
106 | * [How to use testcafe with saucelabs](https://devexpress.github.io/testcafe/documentation/guides/continuous-integration/travis-and-sauce-labs.html)
107 | * [Testing browser with gulp and phantoms](http://blog.silicak.es/2016-07-07-testing-browser-gulp-phantomJS-mocha-istanbul)
108 | 
109 | **Saucelabs**
110 | * [Pricing](https://saucelabs.com/pricing)
111 | * [Platform Configurator](https://wiki.saucelabs.com/display/DOCS/Platform+Configurator#/)
112 | * automated testing on emulators only
113 | * versions available > IOS 8.1, Android 4.4
114 | * CI integration
115 | 
116 | **AWS Device Farm**
117 | * [Pricing](https://aws.amazon.com/device-farm/pricing/)
118 | * [What is it](https://docs.aws.amazon.com/devicefarm/latest/developerguide/welcome.html)
119 | * automated testing on real mobile devices
120 | * [List of real devices available for testing on AWS Device Farm](http://awsdevicefarm.info/)
121 | * CI Integration ([Jenkins](https://github.com/awslabs/aws-device-farm-jenkins-plugin/blob/master/README.md))
122 | 


--------------------------------------------------------------------------------
/how-we-work/testing/qa-processes.md:
--------------------------------------------------------------------------------
 1 | # The QA processes
 2 | 
 3 | Explained in the most straight-forward manner, the role of a QA is answering these two questions: **Are we building the right product? Are we building the product right?** To answer these questions, we have to take a look at the software testing life cycle that we apply on all projects:
 4 | 
 5 | ## Requirement and specification analysis
 6 | 
 7 | Analyzing the provided documents/specifications to learn the features to be implemented. This involves a sprint planning discussion and a breakdown of the features.
 8 | > Get to know the product.
 9 | 
10 | ## Test planning
11 | 
12 | Deciding what testing types will be used. Deciding what to automate & what not. Deciding the tools and resources that will be used in the given timeframe. In this phase we look over past issues and features to plan out a regression test suite. 
13 | > Plan ahead
14 | 
15 | ## Environment setup and test case development 
16 | 
17 | Setting up testing environment can mean: making sure that an actual testing environment of the application is ready, setting up a test case platform (manual / automation or both), setting up a CI if needed. The main activity of this phase is developing the tests.
18 | > Getting ready
19 | 
20 | ## Test execution
21 | 
22 | Run the tests and analyze the test results. Decide what is an error and what is a failure. Confirm and close tickets based on the results.
23 | > Make it or break it
24 | 
25 | ## Test maintenance & Test cycle closure
26 | 
27 | This phase involves refactoring the test cases, finishing up all tickets and making sure that the release criterias are met. 
28 | > Release
29 | 


--------------------------------------------------------------------------------
/how-we-work/testing/testing-javascript.md:
--------------------------------------------------------------------------------
 1 | # Tests categories
 2 | 
 3 | Tests written to check software functionality can be grouped into a few categories. Some of the most popular categories include:
 4 | 
 5 | * unit tests: check input => output of self-contained functions.
 6 | * integration tests: check that individual pieces of your app play nicely together.
 7 | * end-to-end tests (automation): check that entire features work from the user’s perspective.
 8 | 
 9 | A great overview of testing and testing tools can be found on [medium.com, An Overview of JavaScript Testing in 2018](https://medium.com/welldone-software/an-overview-of-javascript-testing-in-2018-f68950900bc3).
10 | 
11 | On [sitepoint.com](https://www.sitepoint.com/sinon-tutorial-javascript-testing-mocks-spies-stubs/)'s a brief explanation about spies vs. stubs vs. mocks. In a nutshell, use: 
12 | * Spies - if you simply want to watch and verify somethings happens in your test case.
13 | * Stubs - if you simply want to specify how something will work to help your test case.
14 | * Mocks - if you want to have both of the above on a single dependency in your test case.
15 | 
16 | Another great resource on testing node can be found on [hackernoon.com, Testing Node in JS](https://hackernoon.com/testing-node-js-in-2018-10a04dd77391).
17 | 
18 | # Tests tools
19 | 
20 | There are a couple of tools that facilitate tests writing. These can be grouped in categories as follows.
21 | 
22 | ### Mocking libraries
23 | * [Sinon](http://sinonjs.org/)
24 | * [Js-mock](https://www.npmjs.com/package/js-mock)
25 | * [Nock](https://github.com/nock/nock)
26 | * [mock-require](https://github.com/boblauer/mock-require)
27 | 
28 | ### Assertion libraries: 
29 | * [should.js](https://shouldjs.github.io/) - BDD style 
30 | * [expect.js](https://github.com/Automattic/expect.js?files=1) - expect() style assertions
31 | * [chai](http://chaijs.com/api/) - expect(), assert() and should-style assertions
32 | * [better-assert](https://github.com/tj/better-assert) - C-style self-documenting assert()
33 | 
34 | ### Test frameworks
35 | * [Mocha](https://mochajs.org/) 
36 | * [Jasmine](https://jasmine.github.io/)
37 | * [QUnit](http://qunitjs.com/)
38 | * [Jest](https://facebook.github.io/jest/) - has assertion, mocking, runner built-in
39 | 
40 | ### Test runners
41 | * [Karma](https://karma-runner.github.io/1.0/index.html) (test framework agnostic)
42 | 
43 | ### Test "utilities"
44 | * [Enzyme](https://github.com/airbnb/enzyme)
45 | * [PhantomJs](http://phantomjs.org/)
46 | 
47 | ### Browser automation (End-to-End tests)
48 | * [Selenium](http://www.seleniumhq.org/)
49 | * [Testcafe](https://testcafe.devexpress.com/)
50 | 
51 | ### Automation libraries (End-to-End tests)
52 | * Appium (http://appium.io/docs/en/about-appium/intro/, https://github.com/appium/appium/blob/master/docs/en/about-appium/intro.md, https://www.npmjs.com/package/appium-test, https://github.com/admc/wd)
53 | * [Webdriver.io](http://webdriver.io/)
54 | 
55 | ### Cloud testing (browsers and devices providers)
56 | * [Browserstack](https://www.browserstack.com/automate)
57 | * [Saucelabs](https://saucelabs.com/)
58 | * [AWS device farm](https://aws.amazon.com/device-farm/)
59 | 
60 | ### Code coverage
61 | * Istanbul
62 | 
63 | # Examples
64 | 
65 | A basic JavaScript testing setup with webpack, karma, mocha, chai, sinon and istanbul can be found at [https://github.com/ancutac/javascript-testing](https://github.com/ancutac/javascript-testing)
66 | 
67 | On [sitepoint.com](https://www.sitepoint.com/unit-test-javascript-mocha-chai/) you can find another article explaining unit testing setup with mocha.
68 | 
69 | If want want to skip all the tedious configuration, you can use Jest, a testing framework with everything built in. On [https://github.com/ancutac/javascript-testing/tree/jest](https://github.com/ancutac/javascript-testing/tree/jest) is an example project setup. Since that's a branch of a previous configuration, you can check the comparison between jest setup and karma + mocha + chai + sinon + instanbul.
70 | 


--------------------------------------------------------------------------------
/images/cake-for-breakfast.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FortechRomania/js-team-showcase/72ba01948cde3cb2726b10d52424e4f25b409666/images/cake-for-breakfast.jpg


--------------------------------------------------------------------------------
/images/cake-for-breakfast.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FortechRomania/js-team-showcase/72ba01948cde3cb2726b10d52424e4f25b409666/images/cake-for-breakfast.png


--------------------------------------------------------------------------------
/images/the-cake.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FortechRomania/js-team-showcase/72ba01948cde3cb2726b10d52424e4f25b409666/images/the-cake.jpg


--------------------------------------------------------------------------------
/we-recommend/books.md:
--------------------------------------------------------------------------------
 1 | # Reading List
 2 | For passionate JavaScript (and not only) developers.
 3 | 
 4 | ### Beginners 
 5 | * [Eloquent JavaScript](http://eloquentjavascript.net/) by Marijn Haverbeke
 6 | * [You Don't Know JavaScript](https://github.com/getify/You-Dont-Know-JS) by Kyle Simpson
 7 | 
 8 | ### Intermediate-Advanced
 9 | * [Programming JavaScript Applications](http://chimera.labs.oreilly.com/books/1234000000262/index.html) by Eric Elliott
10 | * [JavaScript Allongé](https://leanpub.com/javascriptallongesix/read) by Reginald Braithwaite
11 | 
12 | ### Angular
13 | * [Ng-Book](https://www.ng-book.com/2/) by Nathan Murray, Ari Lerner, Felipe Coury, Carlos Taborda
14 | 


--------------------------------------------------------------------------------
/we-recommend/daily-bookmarks.md:
--------------------------------------------------------------------------------
  1 | # Web Development Bookmarks
  2 | 
  3 | ### 8.09.2020
  4 | - [Ground Rules for Web Animations | CSS-Tricks](https://css-tricks.com/ground-rules-for-web-animations/)
  5 | 
  6 | ### 11.08.2020
  7 | - [text-mask/text-mask](https://github.com/text-mask/text-mask/blob/master/componentDocumentation.md)
  8 | 
  9 | ### 6.08.2020
 10 | - [Mock Functions · Jest](https://jestjs.io/docs/en/mock-function-api)
 11 | 
 12 | ### 27.07.2020
 13 | - [Tips for Yahoo! Email](https://www.emailonacid.com/blog/article/email-development/9_ways_to_prevent_yahoo_headaches/)
 14 | 
 15 | ### 15.07.2020
 16 | - [docker rm](https://docs.docker.com/engine/reference/commandline/rm/)
 17 | 
 18 | ### 2.06.2020
 19 | - [Causes of Memory Leaks in JavaScript and How to Avoid Them](https://www.ditdot.hr/en/causes-of-memory-leaks-in-javascript-and-how-to-avoid-them)
 20 | 
 21 | ### 20.05.2020
 22 | - [Website Speed Test by Cloudinary](https://webspeedtest.cloudinary.com/)
 23 | 
 24 | ### 19.05.2020
 25 | - [HTML Email Best Practices](https://templates.mailchimp.com/getting-started/html-email-basics/)
 26 | 
 27 | ### 29.04.2020
 28 | - [Introducing Insomnia Designer](https://insomnia.rest/blog/introducing-designer/)
 29 | 
 30 | ### 23.04.2020
 31 | - [Async/await without try/catch in JavaScript](https://itnext.io/async-await-without-try-catch-in-javascript-6dcdf705f8b1)
 32 | 
 33 | ### 14.04.2020
 34 | - [DJ3D.io](https://dj3d.io/)
 35 | 
 36 | ### 20.03.2020
 37 | - [TensorFlow.js models](https://www.tensorflow.org/js/models)
 38 | 
 39 | ### 16.03.2020
 40 | - [Introduction to design systems](https://www.learnstorybook.com/design-systems-for-developers/react/en/introduction/)
 41 | 
 42 | ### 9.03.2020
 43 | - [goldbergyoni/nodebestpractices](https://github.com/goldbergyoni/nodebestpractices#readme)
 44 | 
 45 | ### 3.03.2020
 46 | - [Serverless - The Serverless Application Framework powered by AWS Lambda, API Gateway, and more](https://serverless.com/)
 47 | 
 48 | ### 27.02.2020
 49 | - [Why the GOV.UK Design System team changed the input type for numbers - Technology in government](https://technology.blog.gov.uk/2020/02/24/why-the-gov-uk-design-system-team-changed-the-input-type-for-numbers/|https://technology.blog.gov.uk/2020/02/24/why-the-gov-uk-design-system-team-changed-the-input-type-for-numbers/)
 50 | 
 51 | ### 26.02.2020
 52 | - [Conditional Types in TypeScript](https://mariusschulz.com/blog/conditional-types-in-typescript)
 53 | 
 54 | ### 25.02.2020
 55 | - [Fixing memory leaks in web applications](https://nolanlawson.com/2020/02/19/fixing-memory-leaks-in-web-applications/)
 56 | 
 57 | ### 20.02.2020
 58 | - [Illustrations | unDraw](https://undraw.co/illustrations)
 59 | 
 60 | ### 19.02.2020
 61 | - [tagspace/trevor-demo](https://github.com/tagspace/trevor-demo)
 62 | 
 63 | ### 15.02.2020
 64 | - [12 Signs You’re Working in a Feature Factory](https://cutle.fish/blog/12-signs-youre-working-in-a-feature-factory)
 65 | 
 66 | ### 14.02.2020
 67 | - [All – Tiny Helpers](https://tiny-helpers.dev/)
 68 | 
 69 | ### 12.02.2020
 70 | - [Baptiste Adrien on Twitter](https://twitter.com/shinework/status/1227528562091188226?s=20|https://twitter.com/shinework/status/1227528562091188226?s=20)
 71 | 
 72 | ### 11.02.2020  
 73 | - [Performant front-end architecture | DebugBear](https://www.debugbear.com/blog/performant-front-end-architecture)
 74 | 
 75 |  - [Optimizing your talking points](https://rachelbythebay.com/w/2018/04/28/meta/)
 76 |  - [Oh, don&apos;t worry, I&apos;ve screwed up plenty of things too](https://rachelbythebay.com/w/2020/02/10/broken/)
 77 | ### 7.02.2020
 78 | - [React Libraries in 2020 - RWieruch](https://www.robinwieruch.de/react-libraries)
 79 | 
 80 | ### 6.02.2020 
 81 | - [StaticGen | Top Open Source Static Site Generators](https://www.staticgen.com/)
 82 | 
 83 |  - [Eleventy is a simpler static site generator.](https://www.11ty.dev/)
 84 | ### 3.02.2020 
 85 | - [Share reusable code components as a team · Bit](https://bit.dev/)
 86 | 
 87 |  - [Rebass](https://rebassjs.org)
 88 | ### 28.01.2020  
 89 | - [oldboyxx/jira_clone](https://github.com/oldboyxx/jira_clone)
 90 | 
 91 |  - [Introduction to JAMstack (and What’s in Store for 2020)](https://snipcart.com/blog/jamstack)
 92 |  - [SOLID: The Software Design and Architecture Handbook](https://solidbook.io/)
 93 | ### 8.01.2020 
 94 | - [rehooks/awesome-react-hooks](https://github.com/rehooks/awesome-react-hooks)
 95 | 
 96 |  - [The React Cookbook: Advanced Recipes to Level Up Your Next App](https://www.youtube.com/watch?v=lG6Z0FQj_SI)
 97 | ### 7.01.2020 
 98 | - [Computer Science from the Bottom Up](https://www.bottomupcs.com/index.xhtml)
 99 | 
100 |  - [lorem](https://atom.io/packages/lorem)
101 | ### 11.12.2019
102 | - [A Recap of Frontend Development in 2019](https://levelup.gitconnected.com/a-recap-of-frontend-development-in-2019-1e7d07966d6c)
103 | 
104 | ### 2.12.2019
105 | - [tjunnone/npm-check-updates](https://github.com/tjunnone/npm-check-updates)
106 | 
107 | ### 27.11.2019
108 | - [Write tests. Not too many. Mostly integration.](https://kentcdodds.com/blog/write-tests)
109 | 
110 | ### 26.11.2019
111 | - [tannerlinsley/react-table](https://github.com/tannerlinsley/react-table/blob/master/docs/concepts.md)
112 | 
113 | ### 25.11.2019
114 | - [Email Address Regular Expression That 99.99% Works.](https://emailregex.com/)
115 | 
116 | ### 18.11.2019
117 | - [React Hooks cheat sheet: Unlock solutions to common problems - LogRocket Blog](https://blog.logrocket.com/react-hooks-cheat-sheet-unlock-solutions-to-common-problems-af4caf699e70/)
118 | 
119 | ### 15.11.2019 
120 | - [Build your own React](https://pomb.us/build-your-own-react/)
121 | 
122 |  - [danistefanovic/build-your-own-x](https://github.com/danistefanovic/build-your-own-x#build-your-own-git)
123 | ### 11.11.2019 
124 | - [Getting To Know The Partial Type in TypeScript](https://netbasal.com/getting-to-know-the-partial-type-in-typescript-ecfcfbc87cb6)
125 | 
126 |  - [Streamline 3.0](https://streamlineicons.com/)
127 | ### 6.11.2019
128 | - [react-dom@16.11.0 ❘ BundlePhobia](https://bundlephobia.com/result?p=react-dom@16.11.0)
129 | 
130 | ### 1.11.2019
131 | - [htop explained](https://peteris.rocks/blog/htop/)
132 | 
133 | ### 28.10.2019
134 | - [Lessons learned from 5 years in React.docx](https://www.dropbox.com/s/tsid5bnphznbvjv/Lessons%20learned%20from%205%20years%20in%20React.docx?dl=0)
135 | 
136 | ### 21.10.2019 
137 | - [Tips for Writing Self-Documenting Code](https://itnext.io/tips-for-writing-self-documenting-code-e54a15e9de2)
138 | 
139 |  - [smooth-code/svgr](https://github.com/smooth-code/svgr)
140 | ### 15.10.2019
141 | - [Using sourcemaps on production without exposing the source code 🕵️‍](https://itnext.io/using-sourcemaps-on-production-without-revealing-the-source-code-%EF%B8%8F-d41e78e20c89)
142 | 
143 | ### 8.10.2019
144 | - [How To Create Meaningful Names In Code](https://medium.com/better-programming/how-to-create-meaningful-names-in-code-20d7476537d4)
145 | 
146 | ### 5.10.2019
147 | - [Don't Use JavaScript Variables Without Knowing Temporal Dead Zone](https://dmitripavlutin.com/javascript-variables-and-temporal-dead-zone/)
148 | 
149 | ### 4.10.2019 
150 | - [Testing in Production - TALIA NASSI](https://youtu.be/Y_D9t98dGh4?t=1)
151 | 
152 |  - [Authentication in React Applications](https://kentcdodds.com/blog/authentication-in-react-applications)
153 | ### 3.10.2019
154 | - [The Complete Guide to NgRx Testing (2019)](https://christianlydemann.com/the-complete-guide-to-ngrx-testing/)
155 | 
156 | ### 30.09.2019
157 | - [Which companies are using Erlang, and why? #MyTopdogStatus | Erlang Solution blog](https://www.erlang-solutions.com/blog/which-companies-are-using-erlang-and-why-mytopdogstatus.html)
158 | 
159 | ### 27.09.2019
160 | - [avelino/awesome-go](https://github.com/avelino/awesome-go)
161 | 
162 | ### 19.09.2019
163 | - [Responsive Components: a Solution to the Container Queries Problem &#x2014; Philip Walton](https://philipwalton.com/articles/responsive-components-a-solution-to-the-container-queries-problem/)
164 | 
165 | ### 18.09.2019 
166 | - [React hooks: not magic, just arrays](https://medium.com/@ryardley/react-hooks-not-magic-just-arrays-cd4f1857236e)
167 | 
168 |  - [goldbergyoni/javascript-testing-best-practices](https://github.com/goldbergyoni/javascript-testing-best-practices)
169 | ### 17.09.2019
170 | - [The boring technology behind a one-person Internet company](https://broadcast.listennotes.com/the-boring-technology-behind-listen-notes-56697c2e347b)
171 | 
172 | ### 15.09.2019
173 | - [The history and legacy of jQuery - LogRocket Blog](https://blog.logrocket.com/the-history-and-legacy-of-jquery/)
174 | 
175 | ### 10.09.2019
176 | - [21 Performance Optimization Techniques for React](https://medium.com/better-programming/https-medium-com-mayank-gupta-6-88-21-performance-optimizations-techniques-for-react-d15fa52c2349)
177 | 
178 | ### 6.09.2019 
179 | - [Amelia Wattenberger](https://wattenberger.com/blog/d3#intro)
180 | 
181 |  - [How to do a code review](https://google.github.io/eng-practices/review/reviewer/)
182 | ### 5.09.2019 
183 | - [Boost your JavaScript Debugging Skills With These Console Tricks](https://medium.com/better-programming/boost-your-javascript-debugging-skills-with-these-console-tricks-ab984c70298a)
184 | 
185 |  - [Write fewer, longer tests](https://kentcdodds.com/blog/write-fewer-longer-tests?utm_source=ponyfoo+weekly&amp;utm_medium=email&amp;utm_campaign=183)
186 | ### 3.09.2019
187 | - [The Vue Instance - Intro to Vue.js | Vue Mastery](https://www.vuemastery.com/courses/intro-to-vue-js/vue-instance)
188 | 
189 | ### 2.09.2019
190 | - [cmiscm/leonsans](https://github.com/cmiscm/leonsans)
191 | 
192 | ### 26.08.2019 
193 | - [Using Native JavaScript Modules in Production Today &#x2014; Philip Walton](https://philipwalton.com/articles/using-native-javascript-modules-in-production-today/)
194 | 
195 |  - [How to build a plugin system on the web and also sleep well at night](https://www.figma.com/blog/how-we-built-the-figma-plugin-system/)
196 | ### 23.08.2019
197 | - [3 Ways to Create a Modal Window With the Angular CDK - MentorMate](https://mentormate.com/blog/create-modal-window-with-angular-cdk/)
198 | 
199 | ### 22.08.2019
200 | - [Angular ng-template, ng-container and ngTemplateOutlet: Guided Tour](https://blog.angular-university.io/angular-ng-template-ng-container-ngtemplateoutlet/)
201 | 
202 | ### 19.08.2019  
203 | - [How to get HTTPS working on your local development environment in 5 minutes](https://www.freecodecamp.org/news/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec/)
204 | 
205 |  - [Angular ng-content and Content Projection - The Complete Guide](https://blog.angular-university.io/angular-ng-content/)
206 |  - [Custom Overlays with Angular's CDK](https://blog.thoughtram.io/angular/2017/11/20/custom-overlays-with-angulars-cdk.html)
207 | ### 12.08.2019
208 | - [React v16.9.0 and the Roadmap Update – React Blog](https://reactjs.org/blog/2019/08/08/react-v16.9.0.html#performance-measurements-with-reactprofiler)
209 | 
210 | ### 5.08.2019
211 | - [Regex For Noobs (like me!) - an illustrated guide](https://www.janmeppe.com/blog/regex-for-noobs/)
212 | 
213 | ### 2.08.2019 
214 | - [The Complete Guide to ES10 Features](https://medium.com/@js_tut/the-complete-guide-to-es10-features-f09a8c7be1bd)
215 | 
216 |  - [React + Redux + Comlink = Off-main-thread — DasSur.ma](https://dassur.ma/things/react-redux-comlink/)
217 | ### 30.07.2019      
218 | - [The Difference Between Throttling and Debouncing | CSS-Tricks](https://css-tricks.com/the-difference-between-throttling-and-debouncing/)
219 |  - [Throttling and Debouncing in JavaScript](https://codeburst.io/throttling-and-debouncing-in-javascript-b01cad5c8edf)
220 |  - [Google](https://google.com)
221 |  - [Amazon.com: Online Shopping for Electronics, Apparel, Computers, Books, DVDs &amp; more](https://amazon.com)
222 |  - [Cloud Build - Automated builds for continuous integration  |  Cloud Build  |  Google Cloud](https://cloud.google.com/cloud-build/)
223 | ### 29.07.2019                 
224 | - [State Management with React Hooks and Context API in 10 lines of code!](https://medium.com/simply/state-management-with-react-hooks-and-context-api-at-10-lines-of-code-baf6be8302c)
225 | 
226 |  - [symbioticlabs/express-router-adapter](https://github.com/symbioticlabs/express-router-adapter)
227 |  
228 |  - [Angular](https://angular.io/tutorial)
229 | 
230 |  - [Tutorial: Intro to React – React](https://reactjs.org/tutorial/tutorial.html)
231 | ### 24.05.2018
232 | - [JavaScript Algorithm](https://github.com/trekhleb/javascript-algorithms)
233 |     - tags: algorithms, data structures
234 | 
235 | ### 28.03.2018
236 | - [ESModules: A cartoon deep dive](https://hacks.mozilla.org/2018/03/es-modules-a-cartoon-deep-dive/)
237 | 
238 | ### 14.03.2018
239 | - [How to be a great junior team member](https://medium.muz.li/how-to-be-a-great-junior-team-member-649740ccb757 )
240 | 
241 | ### 01.03.2018
242 | - [V8 Internals for JavaScript Developers](https://www.youtube.com/watch?v=EhpmNyR2Za0)
243 | 
244 | ### 01.03.2018
245 | - [When to use Component or PureComponent](https://codeburst.io/when-to-use-component-or-purecomponent-a60cfad01a81)
246 | 
247 | ### 22.02.2018
248 | - [Encoding URL (EncodeURI vs EncodeURIComponent)](https://coderwall.com/p/y347ug/encodeuri-vs-encodeuricomponent)
249 |     - tags: javascript, encoding, url
250 |  
251 | ### 15.02.2018
252 | - [React Performance Fixes on Airbnb Listing Pages](https://medium.com/airbnb-engineering/recent-web-performance-fixes-on-airbnb-listing-pages-6cd8d93df6f4)
253 |     - tags: react, performance, article
254 | 
255 | ### 14.02.2018
256 | - [Modern CSS explained for dinosaurs](https://medium.com/actualize-network/modern-css-explained-for-dinosaurs-5226febe3525)
257 |     - tags: css, css grid, article
258 | 
259 | ### 09.02.2018
260 | - [An overview of javascript testing in 2018](https://medium.com/welldone-software/an-overview-of-javascript-testing-in-2018-f68950900bc3)
261 |     - tags: javascript, tests, tools
262 | - [Performance improvements in webpack](https://developers.google.com/web/fundamentals/performance/webpack/)
263 |     - tags: webpack, performance, web
264 | 
265 | ### 05.02.2018
266 | - [CSS Grid changes everything](https://www.youtube.com/watch?v=txZq7Laz7_4)
267 |     - tags: css, css grid, talk
268 | 
269 | ### 07.12.2017
270 | - [Web Development in 2018 - A Practical Guide](https://www.youtube.com/watch?v=Zftx68K-1D4)
271 |     - tags: web development
272 | 
273 | ### 22.11.2017
274 | - [The cost of JavaScript](https://medium.com/dev-channel/the-cost-of-javascript-84009f51e99e)
275 |     - tags: javascript, performance
276 | 
277 | ### 10.11.2017
278 | - [Simple React Patterns](http://lucasmreis.github.io/blog/simple-react-patterns/)
279 |     - tags: react, HOCs, patterns
280 | 
281 | ### 08.11.2017
282 | - [I wish I knew these before diving into React](https://engineering.opsgenie.com/i-wish-i-knew-these-before-diving-into-react-301e0ee2e488)
283 | - [When programming was no longer fun](https://dev.to/carlhembrough/programming-used-to-be-fun)
284 | 
285 | ### 07.11.2017
286 | - [Functional Programming Jargon](https://functional.works-hub.com/blog/Functional-Programming-Jargon)
287 |     - tags: js, javascript, es6, functional programming, fp
288 | 
289 | ### 04.11.2017
290 | - [Coding with clarity](https://alistapart.com/article/coding-with-clarity)
291 |     - tags: clean code
292 | 
293 | ### 31.10.2017
294 | - [ECMAScript Compatibility Table](http://kangax.github.io/compat-table/es6/)
295 |     - tags: javascript, ES6
296 |     
297 | ### 24.10.2017
298 | - [Modern JavaScript explained for dinosaurs](https://medium.com/@peterxjang/modern-javascript-explained-for-dinosaurs-f695e9747b70)
299 |     - tags: javascript, npm, node
300 | 
301 | ### 19.10.2017
302 | - [Frontend Checklist](https://github.com/thedaviddias/Front-End-Checklist)
303 | 
304 | ### 16.10.2017
305 | - [ On being a senior engineer ](https://www.kitchensoap.com/2012/10/25/on-being-a-senior-engineer/)
306 | - [ The four rules of "this" in Javascript ](https://john-dugan.com/this-in-javascript/)
307 | 
308 | ### 10.10.2017
309 | - [ The whole web at maximum FPS: How WebRender gets rid of jank ](https://hacks.mozilla.org/2017/10/the-whole-web-at-maximum-fps-how-webrender-gets-rid-of-jank/)
310 |     - tags: style, layout, paint, composite, css optimisation, css, translate, transform, perf, performance
311 | 
312 | ### 06.10.2017
313 | - [Learning vim in four weeks](https://medium.com/@peterxjang/how-to-learn-vim-a-four-week-plan-cd8b376a9b85)
314 |     - tags: vim, vim tutorial, learn vim
315 | - [async await](https://mathiasbynens.be/notes/async-stack-traces)
316 | - [Imperative vs Declarative Programming](https://tylermcginnis.com/imperative-vs-declarative-programming/)
317 |     - tags: imperative, declarative, programming
318 | 
319 | ### 04.10.2017
320 | - [Image Optimisation Techniques](https://images.guide/)
321 | - [Worst JavaScript Flaws That Hackers Love To Abuse](https://www.youtube.com/watch?v=0dgmeTy7X3I)
322 |     - tags: js, javascript, optimisation
323 | - [Inside the V8 engine + 5 tips on how to write optimized code](https://blog.sessionstack.com/how-javascript-works-inside-the-v8-engine-5-tips-on-how-to-write-optimized-code-ac089e62b12e)
324 |     - tags: js, javascript, optimisation
325 | - [Philip Roberts: What the heck is the event loop anyway? |](https://www.youtube.com/watch?v=8aGhZQkoFbQ)
326 |     - tags: js, javascript, how javascript works
327 | - [babel-preset-env](https://github.com/babel/babel-preset-env)
328 |     - A Babel preset that compiles ES2015+ down to ES5 by automatically determining the Babel plugins and polyfills you need based on your targeted browser or runtime environments.
329 | - [Rendering Performance](https://developers.google.com/web/fundamentals/performance/rendering/)
330 |     - tags: javascript, style, layout, paint, composite, google, 60fps
331 | - [Compositor only properties](https://developers.google.com/web/fundamentals/performance/rendering/stick-to-compositor-only-properties-and-manage-layer-count)
332 |     - tags: javascript, style, layout, paint, composite, google, 60fps, will-change, translate, transform, perf, performance
333 | - [Avoid Large, Complex Layouts and Layout Thrashing](https://developers.google.com/web/fundamentals/performance/rendering/avoid-large-complex-layouts-and-layout-thrashing#avoid-forced-synchronous-layouts)
334 | - [What forces layout / reflow - by Paul Irish](https://gist.github.com/paulirish/5d52fb081b3570c81e3a)
335 | - [What CSS properties trigger what](https://csstriggers.com/)
336 | - [ON LAYOUT & WEB PERFORMANCE](http://kellegous.com/j/2013/01/26/layout-performance/)
337 | 


--------------------------------------------------------------------------------
/we-recommend/frontend-united-utrecht-2018-notes.md:
--------------------------------------------------------------------------------
 1 | # Frontend United Utrecht 2018 Notes
 2 | 
 3 | ### 1. [Harry Roberts - FaCSSt—CSS and Performance (duration: 46:00)](https://www.youtube.com/watch?v=2Rn8an74khk)
 4 | - csswz.it/2FQHt2S
 5 | - base64 images make 1mb css files
 6 | - Images don't delay critical path
 7 | - Mixin vs extend when gzipping
 8 | - Link in body
 9 | - speakerdeck.com/csswizardry
10 | - Link pre connect in header
11 | 
12 | ## Blake Newman - Vue.js deep dive, looking to the future
13 | - use statickaly with unpkg.com
14 | - pull reactivity system vs push reactivity system
15 | - Not implemented by default in neither framework
16 | - static node hoisting
17 | - Proxies for reactivity system?
18 | - monophonic?
19 | - slides.com/blakenewman
20 | - weex is the equivalent of react native
21 | - vuepress
22 | 
23 | ## Simona Cotin - PWAs, are we there yet?!
24 | - Alex Russel
25 | - what is the baseline for a PWA
26 | - service workers
27 | - Dean Alan Hume
28 | - SW available in Edge, Safari, Chrome, Firefox
29 | - Lifecycle events
30 | - In Angular you can implement this using the ng cli
31 | - Research tomayac.github.io/pwa-features
32 | - pwa builder
33 | - workbox
34 | - hackernewa PWA
35 | 
36 | ## Aga Naplocha - Breaking the norm with creative CSS
37 | - talk link: http://aganaplocha.com/breaking-the-norm.pdf
38 | - brutalist websites
39 | - hover states
40 | - bloomberg museum
41 | - moco museum
42 | - stadelic museum
43 | - clip path 
44 | - Svg defs
45 | - Transparent jpg css tricks
46 | - CSS masks
47 | - shape outside works on floated elements
48 | - James Bosworth
49 | - Stedelijk
50 | 
51 | Resources used in this talk:
52 | https://css-tricks.com/transparent-jpg-svg/
53 | 
54 | ## Preston So - Talk over text: Conversational interface design and usability
55 | - Freshbot
56 | - aquaia labs - acquia.com
57 | - Erika Hall some book about some book
58 | - open source drupal connection
59 | - preston so
60 | 
61 | ## Sara Vieira - We need to talk about Preact
62 | - How to setup Preact
63 | - The Preact ecosystem and cli
64 | - Using Preact on existing React projects with preact-compat
65 | 
66 | ## Stefan Judis - Decrease your conversions – common ways to lock people out
67 | - Accessibility
68 | - a11y, contrast standards, font size, reduce motion
69 | - Performance is also a way to lock people out
70 | - funkify, a chrome plugin that simulates disabilities
71 | 
72 | ## Mike Herschel - Debugging, Profiling, & Rocking Out with Browser-Based Developer Tools!
73 | - content editable
74 | - h for toggling visibility
75 | - Request blocking
76 | - Eager evaluation
77 | - Paint flashing
78 | - Backface visibility?
79 | 
80 | ## Van Damme
81 | - 
82 | 
83 | ## Burke Holland - Visual Studio Code can do that?
84 | - https://vscodecandothat.com/
85 | 
86 | ## Asim Hussain - I’ve built a SPA, now what?
87 | - A nice explanation of Serverless and IaaS, PaaS, FaaS, etc.
88 | - How to improve performance by shipping SPAs as static resources
89 | 
90 | ## Heydon Pickering - Get Your Priorities Straight
91 | - Why accessibility matters
92 | - You have to see this talk!
93 | 


--------------------------------------------------------------------------------
/we-recommend/reactive-conf-bratislava-2017-notes.md:
--------------------------------------------------------------------------------
 1 | # Reactive Conf 2017, Bratislava. Notes
 2 | 
 3 | ## Day 1
 4 | ### Main Stage
 5 | 
 6 | #### 1. [David Nolen - Out of the Tarpit, revisited (duration: 25:00)](https://www.youtube.com/watch?v=7y1phdZkLw4&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
 7 | Links: [Twitter](https://twitter.com/swannodette?lang=en), [Github](https://github.com/swannodette), [Blog](http://swannodette.github.io/)
 8 | 
 9 | #### 2. [Robin Frischman - CSS IN JS: THE GOOD & THE BAD PARTS (duration: 26:00)](https://www.youtube.com/watch?v=95M-2YzyTno&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
10 | Links: [Twitter](https://twitter.com/rofrischmann?lang=en), [Github](https://github.com/rofrischmann), [Blog](https://medium.com/@rofrischmann)
11 | 
12 | #### 3. [Nikita Propkopov - Client and server need to talk (duration: 30:00)](https://www.youtube.com/watch?v=PQM1hHzcJiY&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
13 | Links: **[Slides](http://tonsky.me/2017-10-Reactive/slides/)**,[Twitter](https://twitter.com/rofrischmann?lang=en), [Github](https://github.com/tonsky), [Blog](http://tonsky.me/)
14 | 
15 | #### 4. [Uri Goldshtein - GraphQL Subscriptions (duration: 34:00)](https://www.youtube.com/watch?v=Wi7P39sF2nw&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
16 | Links: [Twitter](https://twitter.com/rofrischmann?lang=en), [Github](https://github.com/Urigo)
17 | 
18 | #### 5. [Rogelio Guzman - Jest as a Platform (duration: 26:00)](https://www.youtube.com/watch?v=NtjyeojAOBs&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
19 | Links: **[Slides](https://github.com/rogeliog/jest-as-a-platform-talk/blob/master/Jest%20as%20a%20Platform.pdf)**, [Twitter](https://twitter.com/rogeliog?lang=en), [Github](https://github.com/rogeliog)
20 | 
21 | #### 6. [Igor Minar - Let's Tree-shake it... (duration: 32:00)](https://www.youtube.com/watch?v=75ObMlqrhFY&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
22 | Links: **[Slides](https://docs.google.com/presentation/d/e/2PACX-1vQIJK_Fv323qG-vj05TG9MvMLQTYSK9Qj9mZXCH1w6uooN8aM7IsDgK8XfVAFwVqXdLU-OiFxwS0m9c/pub?start=false&loop=false&delayms=3000&slide=id.p)**, [Twitter](https://twitter.com/IgorMinar), [Github](https://github.com/IgorMinar/stock-shaker)
23 | 
24 | #### 7. [Evan You - Compile-time Optimizations in JavaScript Applications (duration: 33:00)](https://www.youtube.com/watch?v=7iy8XQ7TSnc&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
25 | Links: [Slides](https://docs.google.com/presentation/d/1AjT8HeXFeAO61voCsyAEM7UnjjjeY8rHumyVlxs7YbY/edit), [Twitter](https://twitter.com/youyuxi?lang=en), [Github](https://github.com/yyx990803), [Blog](http://blog.evanyou.me/)
26 | 
27 | ## Day 2
28 | ### Discovery Stage
29 | 
30 | #### 1. Sean Larkin & Tobias Koppers - Understanding Webpack from inside out
31 | Sean Larkin Links: [Twitter](https://twitter.com/TheLarkInn), [Github](https://github.com/TheLarkInn)
32 | Tobias Koppers Links: [Twitter](https://twitter.com/wsokra), [Github](https://github.com/sokra), [Blog](https://medium.com/@sokra)
33 | 
34 | #### 2. Javi Velasco
35 | Links: [Twitter](https://twitter.com/javivelasco), [Github](https://github.com/javivelasco), [Blog](https://dev.to/rtfeldman/)
36 | 
37 | ### Main Stage
38 | 
39 | #### 1. [Richard Feldman - CSS as Bytecode (duration: 27:00)](https://www.youtube.com/watch?v=bt1TzVngOqY&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
40 | Links: [Twitter](https://twitter.com/rtfeldman), [Github](https://github.com/rtfeldman), [Blog](https://dev.to/rtfeldman/)
41 | 
42 | #### 2. [Jared Forsyth - Reason: JavaScript-flavored OCalm (duration: 24:00)](https://www.youtube.com/watch?v=lN78ystnVw4&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
43 | Links: **[Slides](https://github.com/jaredly/reactiveconf-reasonml)**, [Twitter](https://twitter.com/jaredforsyth), [Github](https://github.com/jaredly), [Blog](https://jaredforsyth.com/)
44 | 
45 | #### 3. [Andrey Sitnik - Using Logux in Production (duration: 26:00)](https://www.youtube.com/watch?v=DvHNOplQ-tY&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
46 | Links: [Twitter](https://twitter.com/andreysitnik), [Github](https://github.com/ai), [Personal Site](http://sitnik.ru/en), [Logux](https://github.com/logux)
47 | 
48 | #### 4. [Tom Dale - Secrets of the Glimmer VM](https://www.youtube.com/watch?v=nXCSloXZ-wc&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
49 | Links: [Twitter](https://twitter.com/tomdale?lang=en), [Github](https://github.com/tomdale), [Personal Site](https://tomdale.net/), [Glimmer JS](https://glimmerjs.com/)
50 | 
51 | #### 5. [Sarah Drasner - Animating Vue (duration: 32:00)](https://www.youtube.com/watch?v=y5LAAkwQK6c&feature=youtu.be&mc_cid=1c46d9ef3e&mc_eid=512b3a9aff)
52 | Links: [Twitter](https://twitter.com/sarah_edo), [Github](https://github.com/sdras), [Personal Site](https://sarahdrasnerdesign.com/)
53 | 


--------------------------------------------------------------------------------
/we-recommend/resources/graphQL.md:
--------------------------------------------------------------------------------
1 | # GraphQL resources
2 | 
3 | * [GraphQL introduction](https://graphql.github.io/learn/)
4 | * [GraphQL tutorial with exercises](https://www.howtographql.com/basics/0-introduction/)
5 | * [Why GraphQL: Advantages, Disadvantages and Alternatives](https://www.robinwieruch.de/why-graphql-advantages-disadvantages-alternatives/)
6 | * [Why Apollo: Advantages, Disadvantages and Alternatives](https://www.robinwieruch.de/why-apollo-advantages-disadvantages-alternatives/)
7 | * [GraphQL Server Tutorial with Apollo Server and Express](https://www.robinwieruch.de/graphql-apollo-server-tutorial/)
8 | 


--------------------------------------------------------------------------------
/we-recommend/resources/js.md:
--------------------------------------------------------------------------------
 1 | # Javascript resources
 2 | 
 3 | * [Javascript Algorithms and Data Structures](https://github.com/trekhleb/javascript-algorithms#readme)
 4 | * [How to simplify your codebase with map(), reduce() and filter() in Javascript (15 examples)](https://medium.freecodecamp.org/15-useful-javascript-examples-of-map-reduce-and-filter-74cbbb5e0a1f)
 5 | * [Functional Programming Jargon](https://github.com/hemanth/functional-programming-jargon)
 6 | * [The Two Pillars of Javascript Part1](https://medium.com/javascript-scene/the-two-pillars-of-javascript-ee6f3281e7f3)
 7 | * [The Two Pillars of Javascript Part2](https://medium.com/javascript-scene/the-two-pillars-of-javascript-pt-2-functional-programming-a63aa53a41a4)
 8 | * [The state of Javascript 2018](https://stateofjs.com/)
 9 | * [Advanced Javascript Roadmap](https://coggle.it/diagram/XE3ZoVj-rtA5hcxj/t/advanced-javascript)
10 | * [For vs forEach vs for/in vs for/of](http://thecodebarbarian.com/for-vs-for-each-vs-for-in-vs-for-of-in-javascript.html)
11 | 


--------------------------------------------------------------------------------
/we-recommend/resources/node.md:
--------------------------------------------------------------------------------
 1 | # Node.js resources
 2 | 
 3 | * [ES2015 Support for Node.js versions](https://node.green/)
 4 | * [Backend Developer Roadmap](https://github.com/preciousokwu/developer-roadmap-guide-2018/blob/master/pdf/backend.pdf)
 5 | * [Security vulnerabilities with example and solution explanation](https://www.hacksplaining.com/lessons)
 6 | * [Serving static files in Express](http://expressjs.com/en/starter/static-files.html)
 7 | * [Setup PostgreSQL with Sequelize in Express](https://www.robinwieruch.de/postgres-express-setup-tutorial/)
 8 | * [SQL vs NoSQL: The Differences](https://www.sitepoint.com/sql-vs-nosql-differences/)
 9 | * [Relational vs non-relational databases: Which one is right for you](https://www.pluralsight.com/blog/software-development/relational-non-relational-databases)
10 | * [Cookies vs Tokens: The Definitive Guide](https://dzone.com/articles/cookies-vs-tokens-the-definitive-guide)
11 | * [The Ultimate Guide: Node.js Internationalization (I18n)](https://phraseapp.com/blog/posts/node-js-i18n-guide/)
12 | 


--------------------------------------------------------------------------------
/we-recommend/resources/react-native.md:
--------------------------------------------------------------------------------
1 | # React Native resources
2 | 
3 | * [What are the main differences between ReactJS and React-Native](https://medium.com/@alexmngn/from-reactjs-to-react-native-what-are-the-main-differences-between-both-d6e8e88ebf24)
4 | * [Understanding React Native flexbox layout](https://medium.com/the-react-native-log/understanding-react-native-flexbox-layout-7a528200afd4)
5 | * [React Native Styling Cheat Sheet](https://github.com/vhpoet/react-native-styling-cheat-sheet)
6 | 


--------------------------------------------------------------------------------
/we-recommend/resources/react.md:
--------------------------------------------------------------------------------
 1 | # React.js resources
 2 | 
 3 | * [A colletion of awesome things regarding React ecosystem](https://github.com/enaqx/awesome-react)
 4 | * [React Developer Roadmap](https://github.com/adam-golab/react-developer-roadmap)
 5 | * [React lifcycle methods diagram](http://projects.wojtekmaj.pl/react-lifecycle-methods-diagram/)
 6 | * [Controlled and uncontrolled form inputs in React](https://goshakkk.name/controlled-vs-uncontrolled-inputs-react/)
 7 | * [How Does React Tell a Class from a Function](https://overreacted.io/how-does-react-tell-a-class-from-a-function/)
 8 | * [Create a React application from scratch](https://blog.cloudboost.io/create-a-react-application-from-scratch-part-1-introduction-b2e66dfb3aae)
 9 | * [10 React tips that you need to know today](https://www.creativebloq.com/news/5-expert-reactjs-tips-that-you-need-to-know-today)
10 | * [React as a UI Runtime](https://overreacted.io/react-as-a-ui-runtime/)
11 | * [Making Sense of React Hooks](https://medium.com/@dan_abramov/making-sense-of-react-hooks-fdbde8803889)
12 | * [React 16 Lifecycle Methods: How and When to Use Them](https://blog.bitsrc.io/react-16-lifecycle-methods-how-and-when-to-use-them-f4ad31fb2282)
13 | * [React Hooks: A Complete Introduction](https://www.youtube.com/watch?v=jd8R0a2Ur8Q)
14 | * [React Hooks: Custom Hooks](https://www.youtube.com/watch?v=fnT5b2u1PHE)
15 | * [React Hooks: Advanced Hooks](https://www.youtube.com/watch?v=YKmiLcXiMMo)
16 | * [Making setInterval Declarative with React Hooks](https://overreacted.io/making-setinterval-declarative-with-react-hooks/)
17 | * [React Hooks Lib, a list of usefull Hooks](https://github.com/beizhedenglong/react-hooks-lib)
18 | * [Collection of React Hooks](https://nikgraf.github.io/react-hooks/)
19 | * [List of custom hooks](https://usehooks.com/)
20 | * [Concurrent Rendering in React](https://www.youtube.com/watch?v=ByBPyMBTzM0)
21 | * [10 Tips for better Redux Architecture](https://medium.com/javascript-scene/10-tips-for-better-redux-architecture-69250425af44)
22 | * [5 Tips for Working with Redux in Large Applications](https://techblog.appnexus.com/five-tips-for-working-with-redux-in-large-applications-89452af4fdcb)
23 | * [What is Redux-Saga](https://engineering.universe.com/what-is-redux-saga-c1252fc2f4d1)
24 | * [All about React Router 4](https://css-tricks.com/react-router-4/)
25 | * [Router with Hooks and Suspense](https://frontarm.com/james-k-nelson/navi-react-router-hooks-suspense/)
26 | * [Optimizing React Apps in Practice](https://marmelab.com/blog/2017/02/06/react-is-slow-react-is-fast.html)
27 | * [Checklist for eliminating common React performance issues](https://logrocket-blog.ghost.io/death-by-a-thousand-cuts-a-checklist-for-eliminating-common-react-performance-issues/)
28 | * [Checklist to make React sites more performant](https://houssein.me/progressive-react)
29 | * [Hight Performance React: 3 New Tools to Speed Up Your Apps](https://medium.freecodecamp.org/make-react-fast-again-tools-and-techniques-for-speeding-up-your-react-app-7ad39d3c1b82)
30 | * [Deep dive with the React DevTools profiler](https://www.youtube.com/watch?v=nySib7ipZdk)
31 | * [Live edit and debud your React apps directly from VS Code](https://medium.com/@auchenberg/live-edit-and-debug-your-react-apps-directly-from-vs-code-without-leaving-the-editor-3da489ed905f)
32 | * [Server Side Rendering in React with Next.js](https://nextjs.org/)
33 | * [Build Full-Stack Apps with Serverless and React on AWS](https://serverless-stack.com/)
34 | 
35 | 


--------------------------------------------------------------------------------
/we-recommend/resources/testing.md:
--------------------------------------------------------------------------------
1 | # Testing resources
2 | 
3 | * [An Overview of Javascript Testing in 2018](https://medium.com/welldone-software/an-overview-of-javascript-testing-in-2018-f68950900bc3)
4 | * [Testing Node.js in 2018](https://hackernoon.com/testing-node-js-in-2018-10a04dd77391)
5 | * [How to exclude CSS, Images, anything from Unit Tests](https://diessi.ca/blog/how-to-exclude-css-images-anything-from-unit-tests/)
6 | * [Unit Testing Redux Connected Components](https://hackernoon.com/unit-testing-redux-connected-components-692fa3c4441c)
7 | * [Snapshot Testing with Jest](https://jestjs.io/docs/en/snapshot-testing.html)
8 | * [Frisby.js](https://www.frisbyjs.com/)
9 | 


--------------------------------------------------------------------------------
/we-recommend/resources/vue.md:
--------------------------------------------------------------------------------
 1 | # Vue.js resources
 2 | 
 3 | * [The Vue Handbook](https://medium.freecodecamp.org/the-vue-handbook-a-thorough-introduction-to-vue-js-1e86835d8446)
 4 | * [How to integrate ESLint with Vue.js and Vetur in VS Code](https://alligator.io/vuejs/eslint-vue-vetur/)
 5 | * [What is Vuex](https://vuex.vuejs.org/)
 6 | * [Vue.js 3.0 Updates](https://docs.google.com/presentation/d/1yhPGyhQrJcpJI2ZFvBme3pGKaGNiLi709c37svivv0o/preview?slide=id.p)
 7 | * [Vuetify: Material Design Component Framework](https://vuetifyjs.com/en/)
 8 | * [Vuex-pathify](https://github.com/davestewart/vuex-pathify)
 9 | * [Vue.js debugging in Chrome and VS Code](https://github.com/Microsoft/vscode-recipes/tree/master/vuejs-cli)
10 | 


--------------------------------------------------------------------------------
/we-recommend/talks.md:
--------------------------------------------------------------------------------
 1 | # The List
 2 | A compilation of the most memorable talks on software engineering, in arbitrary order.
 3 | 
 4 | ## Programming
 5 | * [On the spectrum of Abstraction - **Cheng Lou**](https://www.youtube.com/watch?v=mVVNJKv9esE)
 6 | * [Idée Fixe - **David Nolen**](https://www.youtube.com/watch?v=lzXHMy4ewtM)
 7 | * [The Future of Programming - **Robert Martin**](https://www.youtube.com/watch?v=ecIWPzGEbFc&t=1638s) (clean code, history)
 8 | * [Simplicity Matters - **Rich Hickey**](https://www.youtube.com/watch?v=rI8tNMsozo0)
 9 | * [The Melting Pot of JavaScript - **Dan Abramov**](https://www.youtube.com/watch?v=G39lKaONAlA)
10 | * [Functional Programming: What? Why? When? - **Robert Martin**](https://vimeo.com/97514630)
11 | * [Microservices - **Martin Fowler**](https://www.youtube.com/watch?v=wgdBVIX9ifA) (architecture)
12 | * [The Many Meanings of Event-Driven Architecture - **Martin Fowler**](https://www.youtube.com/watch?v=STKCRSUsyP0) (architecture)
13 | * [The Value of Values - **Rich Hickey**](https://www.infoq.com/presentations/Value-Values)
14 | * [Old is the New New - **Kevlin Henney**](https://www.youtube.com/watch?v=AbgsfeGvg3E)
15 | 
16 | ## JavaScript
17 | * [The JavaScript Starter Kit Manifesto - **Cory House**](https://www.youtube.com/watch?v=jubd2opc4Ps)(tools, setup)
18 | * [A Skeptics Guide To Functional STYLE JavaScript - **Jonathan Mills**](https://www.youtube.com/watch?v=oF9XTJoScOE)
19 | * [Learning Functional Programming with JavaScript - **Anjana Vakil**](https://www.youtube.com/watch?v=e-5obm1G_FY)
20 | * [JavaScript Combinators - **Reginald Braithwaite**](https://www.youtube.com/watch?v=3t75HPU2c44) (functional, code)
21 | * [Classical Inheritance is Obsolete: How to Think in Prototypal OO - **Eric Elliott**](https://www.youtube.com/watch?v=lKCCZTUx0sI) (object oriented)
22 | * [What the heck is the event loop anyway? - **Philip Roberts**](https://www.youtube.com/watch?v=8aGhZQkoFbQ) (internals)
23 | * [Down the Rabbit Hole: Javascript in Wonderland - **Claudia Hernández**](https://www.youtube.com/watch?v=gE9xn-KOp1I) (fun and weird javascript)
24 | * [Async Programming in ES7 - **Jafar Husain**](https://www.youtube.com/watch?v=lil4YCCXRYc)
25 | * [A Cartoon Intro to Fiber - **Lin Clark**](https://www.youtube.com/watch?v=ZCuYPiUIONs)
26 | * [Unorthodox Performance - **John-David Dalton**](https://www.youtube.com/watch?v=NthmeLEhDDM) (lodash, coding)
27 | * [Hey Underscore, You're Doing It Wrong - **Brian Lonsdorf**](https://www.youtube.com/watch?v=m3svKOdZijA) (functional programming)
28 | 
29 | ## Web
30 | * [A Cartoon Intro to WebAssembly - **Lin Clark**](https://www.youtube.com/watch?v=HktWin_LPf4)
31 | * [What if the user was a function? - **Andre Staltz**](https://www.youtube.com/watch?v=1zj7M1LnJV4)
32 | * [Production Progressive Web Apps With JavaScript Frameworks - **Addy Osmani**](https://www.youtube.com/watch?v=aCMbSyngXB4) (PWA, performance)
33 | * [Critical Rendering Path - **Ilya Grigorik**](https://www.youtube.com/watch?v=PkOBnYxqj3k)
34 | 
35 | ## Process
36 | * [Implementing Programmer Anarchy - **Fred George**](https://www.youtube.com/watch?v=tIxHmsWCd7g)
37 | 
38 | ## Further resources
39 | * [awesometalks.party](https://awesometalks.party/)
40 | 


--------------------------------------------------------------------------------
/we-train/README.md:
--------------------------------------------------------------------------------
1 | ## Training and mentoring
2 | 
3 | Listed here, you will find some of the training and mentoring initiatives we undertake with our team. Our target groups vary a lot, but our main goal is to put everyone on the right track for a successful career in IT.
4 | 
5 | * [Junior Development Program](https://github.com/FortechRomania/js-team-showcase/tree/master/we-train/junior-development-program)
6 | * [Mentoring in IT](https://github.com/FortechRomania/js-team-showcase/tree/master/we-train/mentoring-in-it)
7 | * [Node School](https://github.com/FortechRomania/js-team-showcase/tree/master/we-train/node-school)
8 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/README.md:
--------------------------------------------------------------------------------
 1 | # Junior Development Program
 2 | During the last couple of years we have perfected this program through which we want to help you develop your skills as a junior engineer. We work mainly on two areas: **Full Stack JavaScript Engineers** and **QA Automation Engineers**.
 3 | 
 4 | No prior work experience is required for joining this program.
 5 | 
 6 | We offer a 3-month program during which you will be guided through the world of JavaScript, from basic algorithms and data structures to patterns of functional programming and object-oriented programming. Each junior has a **mentor** that guides him throughout the 3 months. In parallel with the training curricula, the juniors are joining the team in all activities, including *workshops*, *R&D projects* and *showcases*. 
 7 | 
 8 | Based on the specifics of the branch you follow and the context inside the team, the last period can be dedicated to a specific technology, whether it's on building a UI Automation Framework with JavaScript, or building a React/Angular frontend application, or a Node.js server side web app.
 9 | 
10 | If you are interested in apply for the program, read more about our selection process for [full stack engineers](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/dev-selection-process.md) and [qa automation engineers](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/qa-selection-process.md). 
11 | 
12 | If you want to follow the curricula by yourself, here you can find the [the full stack engineer one](https://github.com/FortechRomania/js-team-showcase/tree/master/we-train/junior-development-program/full-stack) and here the [the qa automation engineers one](https://github.com/FortechRomania/js-team-showcase/tree/master/we-train/junior-development-program/qa-automation).
13 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/dev-selection-process.md:
--------------------------------------------------------------------------------
 1 | Our selection process consists of the initial testing, a coding problem and a technical interview.
 2 | 
 3 | Since there are some recurring patterns during the selection process these are some things we've noticed and would like to pass on as "lessons learned":
 4 | 
 5 | ## Some dos and don'ts before the interview
 6 | First and foremost, before you get creative, please note that we're more interested to see that the project is **working**. Make sure you understand the requirements, ask away your questions and get busy hammering out the relevant aspects of your application.
 7 | 
 8 | Don't waste time with shiny CSS or JavaScript frameworks. We want to see some raw code boiling in there. If you build an UI layer on top of your app and feel comfortable with jQuery, go ahead, but at the same time keep in mind that http://youmightnotneedjquery.com.
 9 | 
10 | We won’t dismiss your project for lack of folder structure so don't bother much but at the same time make sure your code is neatly written and organised. Use comments where necessary but don't abuse them.
11 | 
12 | Please, and this is very important, **work on your project by yourself**. We're eager to see what roadblocks you encountered, what was the reasoning behind the decisions you made and how you handled the tasks described in the challenge.
13 | 
14 | Please, and this is also very important, **be honest during the interview**. This is not an exam, you don't have to cram technology buzzwords one night before so you look cool.
15 | 
16 | Don't be afraid to admit there are things you don't know, there's no shame in that. Sure, the whole point of the interview is to select one candidate in favour of the other, but it's also a chance to find out where you are on your career path and how we can help you develop further.
17 | 
18 | __Notes__:
19 | - It's mandatory you send us a link to a public repository either on github.com or bitbucket.com. If you don't know what `git` is or how it works, don't worry, there are a ton of tutorials out there to get you off the ground in no time.
20 | 
21 | ## Some common sense things during the interview
22 | Make sure you budget between 1 and 1/2 hours for the interview. While we're focused on your technical skills, we also want to know what other things make you an awesome human being.
23 | 
24 | Don't schedule anything before or after **for at least an hour**. Let your friends know you're busy, turn off your phone and try to focus.
25 | 
26 | Make sure you know the exact address of the building where your interview will take place. Please note that Fortech has more than one location in the city. 
27 | 
28 | Get here 10 minutes earlier. We'll treat you with some coffee or water and make some small talk to break the ice before we proceed with the interview.
29 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/README.md:
--------------------------------------------------------------------------------
 1 | # Full-Stack Engineer Roadmap
 2 | 
 3 | Welcome to our development program for Full-stack JavaScript Engineers! This is roughly a 3-month program at a regular pace (8h/day) that will take you through the awesome ecosystem of web development, JavaScript, HTML/CSS and much more!
 4 | 
 5 | [A nice read on how to be a great junior team member](https://medium.muz.li/how-to-be-a-great-junior-team-member-649740ccb757) before you start!
 6 | 
 7 | Are you ready? Let's start!
 8 | 
 9 | ## Code module
10 | 
11 | We strongly believe that core skills come before learning to use libraries and frameworks. So a lot of your learning focus will be dedicated to understanding the basis web development is based upon. After finishing the code module, you will be able to learn any backend/frontend framework and you will have a much better understanding of what's under the hood of modern web applications.
12 | 
13 | The core module is built out of the following sub-modules:
14 | * [Introduction and Setup](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/full-stack/setup.md)
15 | * [The Web Platform](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/full-stack/web-platform.md)
16 | * [HTML/CSS](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/full-stack/html-css.md)
17 | * [JavaScript](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/full-stack/javascript.md)
18 | 
19 | ## Specialization
20 | 
21 | Now that you have a strong foundation, it's time to build!
22 | 
23 | Currently we have development programs for the following specializations:
24 | * [React](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/full-stack/reactjs.md)
25 | * [Angular](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/full-stack/angular.md)
26 | * [Node](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/full-stack/nodejs.md)
27 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/angular.md:
--------------------------------------------------------------------------------
 1 | ## Angular
 2 | 
 3 | ### Some prerequisites
 4 | * Typescript - [The missing intro](https://toddmotto.com/typescript-the-missing-introduction)
 5 | * RxJs - [The missing intro](https://gist.github.com/staltz/868e7e9bc2a7b8c1f754/)
 6 | 
 7 | ### Introduction
 8 | 
 9 | Go through the following topics in order to get a grasp of the building blocks of an Angular application and to get familiar with the specific syntax: 
10 | 
11 | * [Arhitecture](https://angular.io/guide/architecture)
12 | * [Displaying data](https://angular.io/guide/displaying-data)
13 | * [Template Syntax](https://angular.io/guide/template-syntax)
14 | * [Lifecycle-hooks](https://angular.io/guide/lifecycle-hooks)
15 | * [Component interaction](https://angular.io/guide/component-interaction)
16 | * [Component style](https://angular.io/guide/component-styles)
17 | * [Attribute directives](https://angular.io/guide/attribute-directives)
18 | * [Structural directives](https://angular.io/guide/attribute-directives)
19 | * [Pipes](https://angular.io/guide/pipes)
20 | * Angular Forms
21 |     * [User Input](https://angular.io/guide/user-input)
22 |     * [Template drive forms](https://angular.io/guide/forms)
23 |     * [Reactive forms](https://angular.io/guide/reactive-forms)
24 |     * [Form Validation](https://angular.io/guide/form-validation)
25 | * Angular [modules](https://angular.io/guide/ngmodule)
26 | * Dependency injection
27 |     * The [pattern](https://angular.io/guide/dependency-injection-pattern)
28 |     * DI in [angular](https://angular.io/guide/dependency-injection)
29 | 
30 | * [Http Client](https://angular.io/guide/http)
31 | * [Routing and navigation](https://angular.io/guide/router)
32 | 
33 | Exercise: Follow [the official tutorial on angular.io](https://angular.io/tutorial) tutorial to build a Heroes App.
34 | 
35 | Exercise: Build your own application. We recommend a movie catalog app, but feel free to decide for yourself if you think something works better for you.
36 | 
37 | At this step you should have these functionalities:
38 | * Display list of movies
39 | * Search for a movie based on title/description
40 | * Infinite scroll pagination
41 | * Integrate with an API to fetch the movies
42 | 
43 | ### Angular patterns
44 | There are a couple of useful patterns in Angular which should be studied in detail:
45 | * [Stateful and stateless components](https://toddmotto.com/stateful-stateless-components)
46 | * Observable data services [a blog post](https://blog.angular-university.io/how-to-build-angular2-apps-using-rxjs-observable-data-services-pitfalls-to-avoid/) or the `Data Architecture with Observables and RxJS` chapter from the [Ng-book](https://www.ng-book.com/2/)
47 | 
48 | You should enhance your application by: 
49 | * Making the movie list component the only stateful component and keep the rest as stateless components
50 | * Upgrade your services to use Behavior Subjects
51 | * Adding a Watchlist functionality with its own page
52 | 
53 | ### Advanced topics
54 | * Check out the official Angular [style guide](https://angular.io/guide/styleguide) for everything from naming conventions to a suggested application structure 
55 | * Read about testing components and services on [angular.io's Testing Guide](https://angular.io/guide/testing)
56 | 
57 | You could further enhance your app by:
58 | * Restructuring to have a movie feature folder, a core folder and a shared folder
59 | * Write tests for your component and services
60 | 
61 | ### Recommended time
62 | This module should take 4 to 5 weeks of learning and practicing.
63 | 
64 | ### Measurable progress
65 | At the end of this module you should be familiar with the Angular framework should be able to work on a small-medium size application without considerable support.
66 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/html-css.md:
--------------------------------------------------------------------------------
 1 | ## HTML/CSS
 2 | 
 3 | ### HTML
 4 | Understand the basic structure of an HTML file.
 5 | 
 6 | Learn about elements and attributes by practicing on [lynda.com, HTML Essential Training](https://www.lynda.com/HTML-tutorials/HTML-Essential-Training/170427-2.html). Another good tutorial can be found at [internetingishard.com, HTML and CSS](https://internetingishard.com/html-and-css/).
 7 | 
 8 | ### CSS
 9 | [CSS Intro course on pluralsight.com](https://www.pluralsight.com/courses/css-intro) is all about the basics. Focus on layouting: on float, flexbox and grid layouting.
10 | 
11 | Learn about element [positioning on pluralsight.com](https://www.pluralsight.com/courses/css-positioning-1834). Play around with relative, absolute, fixed and static positions.
12 | 
13 | [A nice read on medium.com, Modern CSS Explained for Dinosaurs](https://medium.com/actualize-network/modern-css-explained-for-dinosaurs-5226febe3525) to get a good understanding of the entire modern css ecosystem.
14 | 
15 | ### Excercises
16 | Practice your HTML and CSS skills on the following tasks:
17 | * [blog homepage](https://drive.google.com/file/d/0BzeWN3ftbKueZlh2LTRWNE9Dc2c/view)
18 | * [infinite image carousel](https://amazingcarousel.com/examples/jquery-image-carousel-slider-id13/)
19 | * [range slider](http://rangeslider.js.org/)
20 | 
21 | Remember: only HTML and CSS. Your code should not have any JavaScript/jQuery code.
22 | 
23 | ### Recommended time
24 | This module should take approximately 2 weeks of learning and practicing.
25 | 
26 | ### Measurable progress
27 | At the end of this module you should have the design of the blog page fully implemented with html/css. Also you should be familiar with the core use cases in terms of layouting and positioning as well as the semantic tags of HTML.
28 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/javascript.md:
--------------------------------------------------------------------------------
 1 | ## JavaScript
 2 | 
 3 | ### Setup node
 4 | In order to run JS only example, you should be familiar with how to run scripts with node, how to use dependencies and npm.
 5 | 
 6 | Install [nvm](https://github.com/creationix/nvm) or node version manager. This will help you switch between different versions of node with ease. Read more about [npm and package.json](https://www.sitepoint.com/beginners-guide-node-package-manager/).
 7 | 
 8 | ### Revisit Basic Program Structure
 9 | Quick read of the first two chapters of **Eloquent JavaScript**
10 | * [Values, Types, Operators](http://eloquentjavascript.net/01_values.html)
11 | * [Program Structure](http://eloquentjavascript.net/02_program_structure.html)
12 | 
13 | ### Modern JavaScript
14 | Understand [the modern JavaScript ecosystem](https://medium.com/@peterxjang/modern-javascript-explained-for-dinosaurs-f695e9747b70) based on npm modules.
15 | 
16 | Take a [history lesson](https://auth0.com/blog/a-brief-history-of-javascript/) of JavaScript, the EcmaScript Standard.
17 | * [ECMAScript2015/ES6](http://es6-features.org/#Constants)
18 | * [Egghead course on ES2015](https://egghead.io/courses/learn-es6-ecmascript-2015)
19 | 
20 | ### Data Structures and Algorithms
21 | Use [this book](https://github.com/amilajack/reading/blob/master/JavaScript/Learning%20Javascript%20Data%20Structures%20and%20Algorithms.pdf) as a reference. You should be familiar with basic algorithms and other data structures. In order to practice a bit on these, let's do some simple exercises:
22 | * Check if a number is a [palindrome](https://en.wikipedia.org/wiki/Palindrome).
23 | * Implement a [quick sort](https://en.wikipedia.org/wiki/Quicksort) algorithm in JavaScript.
24 | * Implement the [Sieve of Erathosthenes](https://en.wikipedia.org/wiki/Sieve_of_Eratosthenes)
25 | 
26 | ### Functions & Modules
27 | Get familiar with JavaScript functions:
28 | * [Function Definitions](http://eloquentjavascript.net/03_functions.html)
29 | * [Callbacks](https://dev.to/faradayyg/understanding-javascript-callbacks-58i)
30 | * [Scopes](https://scotch.io/tutorials/understanding-scope-in-javascript)
31 | * [Closures](https://medium.freecodecamp.org/lets-learn-javascript-closures-66feb44f6a44)
32 | * [Modules](https://toddmotto.com/mastering-the-module-pattern/)
33 | * [ES Modules](https://hacks.mozilla.org/2018/03/es-modules-a-cartoon-deep-dive/)
34 | 
35 | ### Objects and OOP
36 | Read [chapter 4](http://eloquentjavascript.net/04_data.html) of Eloquent JavaScript, about Objects and Arrays.
37 | 
38 | Also read [chapter 3](https://github.com/agelessman/MyBooks/blob/master/programming-javascript-applications-eric-elliott(www.ebook-dl.com).pdf) from Programming JavaScript Applications.
39 | 
40 | ### Excercises
41 | Practice your combined HTML, CSS and JS skills on the following tasks:
42 | * [Infinite Image Carousel](https://amazingcarousel.com/examples/jquery-image-carousel-slider-id13/)
43 | * [Range Slider](http://rangeslider.js.org/)
44 | 
45 | ### Clean Code
46 | Watch [Clean Code Fundamentals](https://cleancoders.com/videos/clean-code/fundamentals) especially focusing on episodes 2 to 5, which are the foundation of well engineered code.
47 | 
48 | Also watch the series on [Clean Code in the Browser](https://cleancoders.com/videos/clean-code-in-the-browser)
49 | 
50 | Read more about [clean code concepts](https://alistapart.com/article/coding-with-clarity): Single Responsibility Principle, High Cohesion, Low Coupling.
51 | 
52 | ### JavaScript Styleguide
53 | Read about [airbnb's styleguide](https://github.com/airbnb/javascript) and the rules they enforce through it. Also install the official [fortech styleguide](https://github.com/FortechRomania/eslint-config-fortech) which is inheriting the airbnb one with a few notable changes. Make sure you setup your future projects using [this ESlint config package](https://github.com/FortechRomania/eslint-config-fortech).
54 | 
55 | ### Unit testing
56 | Test suites ensure that our code is stable as we perform changes or refactor over time. [Here](https://github.com/FortechRomania/js-team-showcase/tree/master/how-we-work/testing) you can find further details on all the elements of the testing ecosystem. 
57 | 
58 | Pick your preferred testing framework and write tests for your existing code. Make sure you write tests for all the remaining exercises you do.
59 | 
60 | As a plus, configure coverage reports for your tests to help you visualise which branches and functions are covered.
61 | 
62 | ### Asynchronous Programming
63 | Learn about the model of execution in JavaScript and the call stack. Wrap your head around asynchronous programming with the following resources:
64 | * [Understand the event loop](https://www.youtube.com/watch?v=8aGhZQkoFbQ)
65 | * [Promises](https://scotch.io/tutorials/javascript-promises-for-dummies)
66 | * [Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API)
67 | * [Async/Await](https://tutorialzine.com/2017/07/javascript-async-await-explained)
68 | * [Async/Await full tutorial](https://egghead.io/courses/asynchronous-javascript-with-async-await)
69 | 
70 | ### Functional Programming
71 | Reading materials:
72 | * [Pure Functions](https://hackernoon.com/functional-programming-paradigms-in-modern-javascript-pure-functions-797d9abbee1)
73 | * [Immutability](https://hackernoon.com/functional-programming-paradigms-in-modern-javascript-immutability-4e9751ca005c)
74 | 
75 | You can follow a couple of example from [this workshop on Functional JavaScript Workshop by Alex Moldovan](https://github.com/alexnm/functional-javascript-workshop). Focus on:
76 | * [High Order Functions](https://egghead.io/courses/mastering-asynchronous-programming-the-end-of-the-loop)
77 | * [Partial Application](https://medium.com/javascript-scene/curry-or-partial-application-8150044c78b8)
78 | * [Function Composition](https://medium.com/javascript-scene/master-the-javascript-interview-what-is-function-composition-20dfb109a1a0)
79 | 
80 | ### Build and Setup
81 | Build a modern project setup following [this pluralsight.com's tutorial, JavaScript Development Environment](https://www.pluralsight.com/courses/javascript-development-environment).
82 | 
83 | ### Recommended time
84 | This module should take 5 to 6 weeks of learning and practicing.
85 | 
86 | ### More articles
87 | * [Closures (article in Romanian)](https://www.3data.ro/viewart.php/8/Despre-notiunea-de-closure---in-JavaScript)
88 | * [Web Security](https://www.hacksplaining.com/)
89 | 
90 | ### Measurable progress
91 | At the end of this module you should be familiar with the core concepts and paradigms revolving around JavaScript. You should also be able to write clean, tested and efficient code following our guidelines. Finally, you should understand how to build a modern JavaScript driven project with ES2015 and Webpack.
92 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/nodejs.md:
--------------------------------------------------------------------------------
 1 | ## Node.js
 2 | 
 3 | ### Introduction
 4 | Read about Node.js [on their official website, nodejs.org](https://nodejs.org/en/).
 5 | This [Node JS Tutorial by airpair.com](https://www.airpair.com/javascript/node-js-tutorial) shows how can you start working with it.
 6 | 
 7 | We highly recommend to practice node features on several tutorials offered by the [nodeschool](https://nodeschool.io/#workshoppers).
 8 | Check out the following workshops:
 9 | * ["Learn your node"](https://github.com/workshopper/learnyounode)
10 | * ["How to npm"](https://github.com/workshopper/how-to-npm)
11 | 
12 | #### API Reference Documentation
13 | The API reference documentation provides detailed information about functions and objects in Node.js. Details can be found at [https://nodejs.org/api/](https://nodejs.org/api/).
14 | 
15 | #### ECMAScript2015/ES6 Features
16 | Check out on [ES6's docs on nodejs.org](https://nodejs.org/en/docs/es6/) how the new features from ECMAScript are enabled by default in Node.js.
17 | 
18 | #### Node.js Modules
19 | This [article](https://team.goodeggs.com/export-this-interface-design-patterns-for-node-js-modules-b48a3b1f8f40) about what are node modules, how and/or when to write them and what are the benefits of using them. This [presentation](https://darrenderidder.github.io/talks/ModulePatterns/#/1) contains more code examples that might help in understanding this concept.
20 | 
21 | #### Recap: Async JavaScript
22 | If you want to have a good understanding of the Node ecosystem here are a couple of features that you should know about:
23 | * [Promises - nodeschool](https://github.com/stevekane/promise-it-wont-hurt)
24 | * [Async/Await](https://blog.risingstack.com/mastering-async-await-in-nodejs/)
25 | * [Generator functions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/function%2A). Check out [co - an npm package](https://www.npmjs.com/package/co) if you want to put it into practice.
26 | 
27 | ### Express
28 | There are several frameworks that are built over Node.js.
29 | On [nodeframework.com](http://nodeframework.com/) you can find a list of the most popular ones.
30 | Check out this article on [airpair.com - NodeJS Framework Comparison](https://www.airpair.com/node.js/posts/nodejs-framework-comparison-express-koa-hapi) for the comparison of three of them. As a team, we used most Express.
31 | 
32 | Practice with the node school workshop on [Express](https://github.com/azat-co/expressworks).
33 | 
34 | #### Installation
35 | Follow the [official documentation](https://expressjs.com/en/starter/installing.html) to add Express to your project.
36 | 
37 | #### Understand Routing
38 | General information about Node.js routing can be found on [Academind's YouTube Channel](https://www.youtube.com/watch?v=tiMLxUKrB-g). In Express is rather similar - read about it on the [official website](https://expressjs.com/en/guide/routing.html).
39 | This article on [scotch.io](https://scotch.io/tutorials/learn-to-use-the-new-router-in-expressjs-4) might help you also understand the whole routing process.
40 | 
41 | #### The purpose of middlewares
42 | Middlewares are functions that have access to the request, response object and the next function in the application's request-response cycle. This functions are invoked in the order they are added and they are mostly used to keep the application's code as simplified as possible.
43 | 
44 | Read more about the usage, purpose and advantages of middlewares on [expressjs official website](https://expressjs.com/en/guide/using-middleware.html)
45 | 
46 | Play around with a few middlewares:
47 | * [Cookie parser](https://www.npmjs.com/package/cookie-parser)
48 | * [Body parser](https://github.com/expressjs/body-parser)
49 | 
50 | #### Express best practices
51 | This is a [great resource that covers several practices for expressjs](https://expressjs.com/en/advanced/best-practice-performance.html):
52 | * compression
53 | * logging
54 | * error handling
55 | * process management
56 | 
57 | ### MongoDB and Mongoose
58 | [MongoDB](https://docs.mongodb.com/manual/) is an open-source, document based database. The guys from [nodeschool](https://nodeschool.io) have an interesting [tutorial on Evan Lucas' GitHub account](https://github.com/evanlucas/learnyoumongo) on how to start working with it.
59 | 
60 | [Mongoose](http://mongoosejs.com/) is a tool built over MongoDB that is used for object modeling and validation. To work with it we recommend to check out this tutorial on [scotch.io](https://scotch.io/tutorials/using-mongoosejs-in-node-js-and-mongodb-applications) or this other one on [developer.mozilla.org](https://developer.mozilla.org/en-US/docs/Learn/Server-side/Express_Nodejs/mongoose) tutorials. You can use the [validation resource from mongoose](http://mongoosejs.com/docs/validation.html) to see how model validation is done. Also you can play around with [queries](http://mongoosejs.com/docs/queries.html).
61 | 
62 | ### Building an API from scratch
63 | At this step you should be starting practicing by building your own API with Node.js.
64 | The easiest way to do that is to use the [Express framework](https://expressjs.com/) and [MongoDB](https://docs.mongodb.com/manual/installation/).
65 | 
66 | In [our node starter project](https://github.com/FortechRomania/node-starter) you can find an application skeleton for a typical Node.js app. Clone the repository, install everything (do not forget the database) then start adding your code.
67 | 
68 | In [our express mongo example project](https://github.com/FortechRomania/express-mongo-example-project) you can find another skeleton for a Node.js app. The steps are the same: clone the repository, install everything and start writing your code.
69 | 
70 | If you take a look on both repositories the structure of the project is slightly different. Depending on how complex is your app you might use one or the other. The first one is used for smaller applications i.e. applications that have a small number of models and controllers. The second structure is preferred for applications that have a bigger complexity where the applications has to be properly modularized for maintenance purposes.
71 | 
72 | #### Movie catalog app
73 | At this stage you should start building your own application. We recommend a movie catalog app, but feel free to decide for yourself if you think something works better for you.
74 | 
75 | This app has the purpose of keeping track of movies. The app should contain the following functionalities:
76 | * Admin can login.
77 | * The admin can add/upload the initial list of movies.
78 | * Users can sign in.
79 | * Users can login.
80 | * An user can add other movies.
81 | * An user can rate a movie.
82 | * An user can logout.
83 | * An user can delete its account.
84 | 
85 | Keeping in mind the functionalities mentioned above, you should have these files in you app folder:
86 | * Express + MongoDB configuration
87 | * A file that contains the app's routes
88 | * App models (e.g. admin, user and movie)
89 | * App controllers (e.g. userController.js and movieController.js)
90 | * Middlewares (e.g. to validate an user/movie already exists)
91 | 
92 | ### Recommended time
93 | This module should take 3 to 5 weeks of learning and practicing.
94 | 
95 | ### Measurable progress
96 | At the end of this module you should be familiar with the Node.js ecosystem and you should be able to work on a small-medium size API.
97 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/reactjs.md:
--------------------------------------------------------------------------------
 1 | ## React
 2 | 
 3 | ### Introduction
 4 | Start with [Pete Hunt's HowTo on GitHub](https://github.com/petehunt/react-howto) to understand the context of React.
 5 | 
 6 | Follow the ["Start Using React to Build Web Applications" tutorial on egghead.io](https://egghead.io/courses/start-using-react-to-build-web-applications) to get a good grasp of the major features of React. 
 7 | 
 8 | Also [on egghead, Kent Dodds' "Learn React Fundamentals and Advanced Patterns"](https://blog.kentcdodds.com/learn-react-fundamentals-and-advanced-patterns-eac90341c9db), is a good reference for beginner and advanced usages for React.
 9 | 
10 | Also check this article on [engineering.opsgenie.com, "I wish I knew these before diving into React"](https://engineering.opsgenie.com/i-wish-i-knew-these-before-diving-into-react-301e0ee2e488) before you get started.
11 | 
12 | You can also follow this [react training by Alex Moldovan](https://github.com/alexnm/react-training) material, which covers all topics you should get familiar with regarding React.
13 | 
14 | Exercise: Re-write your image slider using React.
15 | 
16 | ### Movie catalog app
17 | At this stage you should start building your own application. We recommend a movie catalog app, but feel free to decide for yourself if you think something works better for you.
18 | 
19 | At this step you should have these functionalities:
20 | * Display list of movies
21 | * Search for a movie based on title/description
22 | * Infinite scroll pagination
23 | * Integrate with an API to fetch the movies
24 | 
25 | ### React Router
26 | At this step we're adding react router in the mix to create multiple pages and replicate the model of existing web sites.
27 | 
28 | Follow the [official documentation](https://reacttraining.com/react-router/) and this tutorial ["A simple React Router - v4 tutorial on Medium](https://medium.com/@pshrmn/a-simple-react-router-v4-tutorial-7f23ff27adf).
29 | 
30 | You should have the following pages:
31 | * Home page
32 | * Movie List (including search and pagination functionalities)
33 | * Movie Detail Page
34 | 
35 | Additionally, you should integrate your React slider component on the home page.
36 | 
37 | ### Redux
38 | At this step we are separating our application state and the business logic from our React components.
39 | 
40 | Understand the pattern behind redux by checking out egghead's lesson on ["JavaScript Redux - the single immutable state tree](https://egghead.io/lessons/javascript-redux-the-single-immutable-state-tree).
41 | 
42 | You should enhance your application by:
43 | * Adding redux to keep the application state
44 | * Adding a watchlist functionality with its own page
45 | 
46 | Additionally, you should read more about [redux middlewares](http://redux.js.org/docs/advanced/Middleware.html), one of the best ways of enhancing redux and specifically about [redux-thunk](https://github.com/gaearon/redux-thunk).
47 | 
48 | In order to actually fully understand redux, one good example is to [write it from scratch](https://gist.github.com/alexnm/f696f9b627f77a3715f70192518ca5d8) (in a minimal version).
49 | 
50 | ### React patterns
51 | There are a couple of useful patterns in React which should be studied in detail:
52 | * [Pure component](http://reactpatterns.com/#stateless-function)
53 | * [Container component](http://reactpatterns.com/#container-component)
54 | * [Conditional rendering](http://reactpatterns.com/#conditional-rendering)
55 | * [High order components](https://www.sitepoint.com/react-higher-order-components/)
56 | * [Render prop](https://reactrocket.com/post/turn-your-hocs-into-render-prop-components/)
57 | 
58 | ### Advanced topics
59 | Now that you have a good understanding of the React ecosystem, here are a couple of directions to follow:
60 | * Implement a login functionality in your application
61 | * Create a high order component for authenticated routes
62 | * Check out the proposal for structuring a [large application with redux](https://github.com/alexnm/re-ducks)
63 | * Write unit tests for your components using [enzyme](https://github.com/airbnb/enzyme)
64 | 
65 | ### Recommended time
66 | This module should take 4 to 5 weeks of learning and practicing.
67 | 
68 | ### Measurable progress
69 | At the end of this module you should be familiar with the React ecosystem and you should be able to work on a small-medium size application with React and Redux without considerable support.
70 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/reactnative.md:
--------------------------------------------------------------------------------
1 | ## React Native
2 | 
3 | ### Comming soon...
4 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/setup.md:
--------------------------------------------------------------------------------
 1 | ## Introduction and Setup
 2 | 
 3 | ### Setup Github account.
 4 | For guidance check out this [tutorial from GitHub](https://help.github.com/articles/set-up-git/).
 5 | 
 6 | Learn [Git essentials on lynda.com](https://www.lynda.com/Git-tutorials/Git-Essential-Training/100222-2.html)
 7 | 
 8 | ### Setup editor of choice.
 9 | We recommend one on the following:
10 | * [Visual Studio Code](https://code.visualstudio.com/)
11 | * [Atom](https://atom.io/)
12 | 
13 | Add plugins like [ESLint](https://eslint.org/) or [Emmet](https://emmet.io/) to your editor.
14 | 
15 | ### Access to resources
16 | Fortech employees have access to our company accounts for the following resources:
17 | * [Pluralsight](https://www.pluralsight.com/)
18 | * [Egghead](https://egghead.io/)
19 | 
20 | We recommend them as excellent sources of online materials, but of course you can learn from your own sources if you wish.
21 | 
22 | ### Recommended time
23 | While the rest of the chapters are quantifiable in time, this one should be pretty straight forward and not time bound. 
24 | 
25 | ### Measurable progress
26 | At the end of this module you should have a good understanding of the basic git commands (clone, commit, push, pull, merge) and should be able to create a project structure with different file types (html, css, js) inside your editor of choice.
27 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/full-stack/web-platform.md:
--------------------------------------------------------------------------------
 1 | ## The Web Platform
 2 | 
 3 | ### The Internet
 4 | Understand [how the internet works](https://ed.ted.com/on/tdUFCocK).
 5 | 
 6 | Understand the [Client-Server Architecture](http://tutorials.jenkov.com/software-architecture/client-server-architecture.html) in the context of software architecture.
 7 | 
 8 | ### Browsers
 9 | At this [link](https://www.html5rocks.com/en/tutorials/internals/howbrowserswork/) you can find an interesting tutorial that includes general functioning of a browser, its structure, rendering engines and HTML or CSS code parsing.
10 | 
11 | ### HTTP Protocol
12 | Learn a little about HTTP and HTTPS. Understand the following:
13 | * [Requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods)
14 | * [Responses](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status)
15 | * [Methods](https://www.tutorialspoint.com/http/http_methods.htm)
16 | * [Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)
17 | 
18 | ### REST and Web APIs 
19 | What is CRUD and what is a [RESTful API](http://www.restapitutorial.com/lessons/httpmethods.html)?
20 | 
21 | Practice API skills on the [tutorial](https://www.lynda.com/Flask-tutorials/CRUD-REST-basics/521200/533063-4.html).
22 | 
23 | Install [Postman](https://www.getpostman.com/postman) and play around with the tool.
24 | 
25 | ### Browser APIs
26 | * What is a [cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies)?
27 | * What is a [session](https://developer.mozilla.org/en-US/docs/Web/HTTP/Session)?
28 | * What is [localStorage](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage)?
29 | 
30 | ### Recommended time
31 | This module should take approximately 1 week of learning and practicing.
32 | 
33 | ### Measurable progress
34 | At the end of this module you should have a good understanding of how the web platform is working and how browsers work. You should also be able o understand HTTP communication and the separation between the server and the client. You should also be able to simulate different types of requests using Postman.
35 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/junior-manifesto.md:
--------------------------------------------------------------------------------
 1 | ### There are no stupid questions
 2 | Ask, always ask when something is unclear. Don't let loose ends in your knowledge and don't allow fear (of being wrong or not knowing) cripple your learning and development path. Also, asking early on is easier (and less judged if you want) than asking months down the road. We are here to guide you and answer your questions.
 3 | 
 4 | ### When stuck, put yourself a time limit for debugging
 5 | Our team says one of the juniors's guilt is spending too much time trying to solve something on your own when you’re stuck, instead of asking for help. Do not agonize over it, ask for help (sooner rather than later).
 6 | 
 7 | P.S. Having a system in place is a good idea. Have a time limit for how much time you allow yourself to spend on it. Search what the www says, check notes, try things, get a [rubber duck](https://en.wikipedia.org/wiki/Rubber_duck_debugging), but when ideas run out, just put your ego aside and ask for help. We have all been there.
 8 | 
 9 | ### Learn from others, help others learn from you
10 | Be open minded and accept input, suggestions. At the same time, don't let the _junior_ position make you feel like the others cannot learn from you. There are for sure interests of yours, both technical and non-technical, that you can bring to the table and that make you valuable.
11 | 
12 | ### Be pragmatic, not perfectionist
13 | Finding the perfect solution should not be your utmost goal. Getting things done and iteratively improving them depending on the available time is far preferred than spending days without delivering. Be agile.
14 | 
15 | ### Hone your craft, reserve time for deliberate practice
16 | Take time to play without having the pressure to necessarily finish a pet project. The point is to experiment and get a deeper understanding of the niche you want to focus on.
17 | 
18 | ### Try things, but don't follow every trend
19 | Be critical and in here you can also suggest debates within our team.
20 | 
21 | ### Aim for simplicity
22 | Whenever in doubt, choose the simple way, the simple solution, the simple anything.
23 | 
24 | ### You code for people, not for machines
25 | While your code needs to be run on computers, remember that ultimately, your code needs to be clear for people. And those people might be _you_ in a couple of years.
26 | 
27 | ### Master your tools
28 | Make your life easier by learning your tools, whether we are talking about editors, shells or keyboard shortcuts.
29 | 
30 | ### Be grateful for every code review because someone helps you get better
31 | Of course, you can also take it personal, but you should not. Try to learn from these suggestions and also appreciate the fact that someone did care enough to submit a review.
32 | 
33 | ### Keep a brag file
34 | Keep a file where you log your progress and brag yourself for your achievements. Whether you do that daily or weekly, it might serve both as a reflection point to see how far you have come, but also on your next review meeting with your manager.
35 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/qa-automation/README.md:
--------------------------------------------------------------------------------
 1 | # QA Automation Engineer Roadmap
 2 | 
 3 | Welcome to our development program for QA Automation Engineers! This is roughly a 3-month program at a regular pace (8h/day) that will bring pleasure into your life by learning automation testing. We'll learn about test design, the web platform, Javascript and a lot more.
 4 | 
 5 | ## Basics and Setup
 6 | We can only build on a solid foundation, so we're starting with the basics:
 7 | * Creating a git repository 
 8 | * Setting up an automation project
 9 | * Test case design
10 | * Identifying elements
11 | * Write the scripts
12 | * Test debugging
13 | 
14 | + If we got your attention, read the [QA basics on our js-team-showcase repository](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/qa-automation/qa-basics.md) and also the [Setup, also on our js-team-showcase repository](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/qa-automation/setup.md) files for further information.
15 | 
16 | ## The Web Platform
17 | To test something properly, it is crucial to understand the context in which you're working in. This is why you should 'inspect' the [Web Platform](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/qa-automation/web-platform.md).
18 | 
19 | ## Introduction to programming
20 | We understand that creating and maintaining an automation test suite is every child's dream growing up, but it's easier said than done. To be able to write the tests of your dreams, you'll first need to understand a programming language and to master it. This will be your foundation on building automated test scenarios. You'll be introduced in the world of programming and learn [Javascript](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/qa-automation/javascript.md).
21 | 
22 | ## Tools
23 | Problems solved > problems caused. This is the basic expression on which we select our tools. If you'd like to know what tools we use and exactly how, just check out [our automation tools list](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/qa-automation/automation-tools.md). 
24 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/qa-automation/automation-tools.md:
--------------------------------------------------------------------------------
 1 | ### Tools we use
 2 | 
 3 | ## Testcafe
 4 | 
 5 | [Testcafe](https://devexpress.github.io/testcafe/) is a node.js tool to automate **end-to-end web testing**. You can write your Testcafe tests in **Javascript** or **Typescript** and while some may say this is not enough, we strongly disagree. Testcafe offers sollutions for any needs, except testing mobile apps.
 6 | 
 7 | #### Test suites created in Testcafe can be executed:
 8 | * on any desktop browser
 9 | * on any mobile browser
10 | * it can be integrated with Jenkins
11 | * it can be executed on devices from a cloud-based platform like Browserstack or SauceLabs.
12 | 
13 | #### It's setup is as straight forward as it can get: 
14 | * Create a repository
15 | * In the repository, install `testcafe` locally with the command `npm install testcafe --dev-save`.
16 | Now you can start going through the documentation [Here](https://devexpress.github.io/testcafe/documentation/getting-started/) and start on the tests.
17 | 
18 | ## Postman
19 | 
20 | Once you're accustomed to the Web Platform and understand how HTTP communication works between the client and the server, you can simulate some API requests with Postman. Postman is an easy-to-use tool for **API testing**. You can download Postman [Here](https://www.getpostman.com/) and start having fun.
21 | 
22 | ## FrisbyJS
23 | 
24 | If you're looking for an automated **REST API testing** replacement for Postman, we present you FrisbyJS. Frisby comes with an easy setup and an easy to understand syntax. Integrated with a testing platform like Jest or Jasmine, this is an excellent setup for API testing. You can find more information about how to use Frisby on the documentation [page](https://www.frisbyjs.com/installation.html) or on [Frisby Github](https://github.com/vlucas/frisby).
25 | 
26 | ## Jmeter
27 | 
28 | Jmeter is a **performance testing** tool, which allows you to perform Load & Stress testing on your application. The tool setup is straigh-forward: you need to download it from [jmeter's official website](http://jmeter.apache.org/download_jmeter.cgi) and on the command line, just run `jmeter` to open the GUI mode, but the test setup needs a little documentation, which can be found [on jmeter's index page](http://jmeter.apache.org/index.html). 
29 | 
30 | ## Selenium & Cucumber (optional)
31 | 
32 | If for some reason, Testcafe is not a satisfactory option for your **end-to-end testing**, there is always Selenium as back-up plan. Selenium supports tests in many languages and it can be easily integrated with [Cucumber](https://cucumber.io/docs), which is a very helpful tool for organizing the tests in a Given-When-Then format and making them understandable by all parties involved. Because this setup is less straight-forward than the previous examples, you can follow [this Google doc](https://docs.google.com/document/d/1GKDSiPltddffuthqKtgYuVcNiorrqKjzWfCZChA_FPs/edit) example on how to get started.
33 | 
34 | If you're not a fan of headaches, there's a [git repository from LaszloQ](https://github.com/LaszloQ/WebdriverJSDemo) with the setup done, which you can just clone and test it out.
35 | 
36 | ## Appium
37 | So far we've covered browser e2e testing, api testing and performance testing, but we need a solution for **mobile app testing** so here comes Appium in the picture. Appium can be integrated with numerous other tools in order to get the testing setup of your need. For further documentation, you can check out [the official Appium page](http://appium.io/).
38 | 
39 | > Good luck on your journey.
40 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/qa-automation/javascript.md:
--------------------------------------------------------------------------------
 1 | ## JavaScript
 2 | 
 3 | ### Setup node
 4 | In order to run JS only example, you should be familiar with how to run scripts with node, how to use dependencies and npm. Install [node](https://nodejs.org/en/) to be able to install npm packages and run any js file in node for exercising purposes. Read more about [npm and package.json](https://www.sitepoint.com/beginners-guide-node-package-manager/).
 5 | 
 6 | ### Functions
 7 | Get familiar with JavaScript functions:
 8 | * [Function Definitions](http://eloquentjavascript.net/03_functions.html)
 9 | * [Callbacks](https://dev.to/faradayyg/understanding-javascript-callbacks-58i)
10 | * [Scopes](https://scotch.io/tutorials/understanding-scope-in-javascript)
11 | * [Closures](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Closures)
12 | * [Modules](https://toddmotto.com/mastering-the-module-pattern/)
13 | 
14 | ### Modern JavaScript
15 | 
16 | Take a [history lesson](https://auth0.com/blog/a-brief-history-of-javascript/) of JavaScript the EcmaScript Standard.
17 | * [ECMAScript2015/ES6](http://es6-features.org/#Constants)
18 | * [Egghead course on ES2015](https://egghead.io/courses/learn-es6-ecmascript-2015)
19 | * [ES Modules](http://2ality.com/2014/09/es6-modules-final.html)
20 | 
21 | ### Get familiar with Javascript
22 | Read [Eloquent JavaScript](http://eloquentjavascript.net/00_intro.html) to learn about Values, Types, Operators and Data structures. The first 6 chapters should be enough to cover the ground for QA Automation.
23 | You should read [this book](http://shop.oreilly.com/product/0636920029557.do) in order to get familiar with Objects, Arrays and other data structures. Each step should be code reviewed by your mentor.
24 | Also read [chapter 3](http://chimera.labs.oreilly.com/books/1234000000262/ch03.html) from Programming JavaScript Applications.
25 | 
26 | ### Clean Code
27 | Watch [Clean Code Fundamentals](https://cleancoders.com/videos/clean-code/fundamentals) especially focusing on episodes 2 to 5, which are the foundation of well engineered code.
28 | 
29 | ### JavaScript Styleguide
30 | Read about [airbnb's styleguide](https://github.com/airbnb/javascript) and the rules they enforce through it. Also install the official [fortech styleguide](https://github.com/FortechRomania/eslint-config-fortech) which is inheriting the airbnb one with a few notable changes. Make sure you setup your future projects using this eslint config package.
31 | 
32 | ### Asynchronous Programming
33 | Learn about the model of execution in JavaScript and the call stack. Wrap your head around asynchronous programming with the following resources:
34 | * [Understand the event loop](https://www.youtube.com/watch?v=8aGhZQkoFbQ)
35 | * [Promises](https://scotch.io/tutorials/javascript-promises-for-dummies)
36 | * [Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API)
37 | * [Async/Await](https://tutorialzine.com/2017/07/javascript-async-await-explained)
38 | * [Async/Await full tutorial](https://egghead.io/courses/asynchronous-javascript-with-async-await)
39 | 
40 | ### Functional Programming
41 | You can follow a couple of example from [this workshop](). Focus on:
42 | * [High Order Functions](https://egghead.io/courses/mastering-asynchronous-programming-the-end-of-the-loop)
43 | * [Partial Application](https://medium.com/javascript-scene/curry-or-partial-application-8150044c78b8)
44 | * [Function Composition](https://medium.com/javascript-scene/master-the-javascript-interview-what-is-function-composition-20dfb109a1a0)
45 | 
46 | ### Exercises
47 | * [W3Schools](https://www.w3schools.com/js/default.asp)
48 | * [Pluralsight](https://www.pluralsight.com/paths/javascript)
49 | * [Codeacademy](https://www.codecademy.com/)
50 | * [Codewars](https://www.codewars.com/)
51 | 
52 | ### Recommended time
53 | This module should take 2 to 3 weeks of learning and practicing.
54 | 
55 | ### Measurable progress
56 | At the end of this module you should be familiar with the core concepts and paradigms revolving around JavaScript. You should also be able to write clean and efficient code following our guidelines.
57 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/qa-automation/qa-basics.md:
--------------------------------------------------------------------------------
 1 | ### Test cases
 2 | 
 3 | 1. How to write a test case?
 4 |    Don't you know how to write test cases? No problem. Check out this [Test Case tutorial on guru99.com](https://www.guru99.com/test-case.html).
 5 | 2. Sample test scenarios for testing web applications?
 6 |    Never seen a test scenario? Well.. on [softwaretestinghelp.com](http://www.softwaretestinghelp.com/sample-test-cases-testing-web-desktop-applications/) there are 180+ samples.
 7 | 3. [Points to follow/writing hacks on qasymphony.com](https://www.qasymphony.com/blog/5-manual-test-case-writing-hacks/)
 8 | 
 9 | ### Selectors
10 | 
11 | In order to performs actions on any page elements through an automation tool, first we need to identify the element with a selector so that the tool can recognize and interact with it. Automation tools support a variety of selectors, like:
12 | * [IDs](https://www.w3schools.com/tags/att_global_id.asp)
13 | * [ClassName](https://www.w3schools.com/html/html_classes.asp)
14 | * [Xpath](https://www.w3schools.com/xml/xpath_intro.asp) & [Xpath Cheatsheet](https://devhints.io/xpath)
15 | * [CSS Selectors](https://www.w3schools.com/cssref/css_selectors.asp)
16 | 
17 | Example: On a webpage, you want to click the "Dogs" button from the following html structure:
18 | ```[HTML]<div>
19 |   <ul class="navbar">
20 |     <li>
21 |       <button> Cats </button>
22 |     </li>
23 |     <li>
24 |       <button> Dogs </button>
25 |     </li>
26 |     <li>
27 |       <button> Weasels </button>
28 |     </li>
29 |   </ul>
30 | </div>
31 | ```
32 | There are several ways to "catch" the button, this is only one example of how to do this:
33 | * Using css selectors: `.navbar > li:nth-of-type(2) > button`
34 | * Using xpath: `//ul[@class='navbar']/li[2]/button`
35 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/qa-automation/setup.md:
--------------------------------------------------------------------------------
 1 | ## Introduction and Setup
 2 | 
 3 | ### Setup Github account.
 4 | For guidance check out this [tutorial from GitHub](https://help.github.com/articles/set-up-git/).
 5 | 
 6 | Learn [Git essentials](https://www.lynda.com/Git-tutorials/Git-Essential-Training/100222-2.html).
 7 | 
 8 | ### Setup editor of choice.
 9 | We recommend one of the following:
10 | * [Virtual Studio Code](https://code.visualstudio.com/)
11 | * [Atom](https://atom.io/)
12 | 
13 | Add plugins like [ESLint](https://eslint.org/) or [Emmet](https://emmet.io/) to your editor.
14 | 
15 | ### Access to resources
16 | Fortech employees have access to our company accounts for the following resources:
17 | * [Pluralsight](https://www.pluralsight.com/)
18 | * [Egghead](https://egghead.io/)
19 | 
20 | We recommend them as excellent sources of online materials, but of course you can learn from your own sources if you wish.
21 | 
22 | ### Recommended time
23 | While the rest of the chapters are quantifiable in time, this one should be pretty straight forward and not time bound. 
24 | 
25 | ### Measurable progress
26 | At the end of this module you should have a good understanding of the basic git commands (clone, status, commit, push, pull, merge) and should be able to create a project structure with different file types (html, css, js) inside your editor of choice.
27 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/qa-automation/web-platform.md:
--------------------------------------------------------------------------------
 1 | ## The Web Platform
 2 | 
 3 | ### The Internet
 4 | Understand [how the internet works](https://ed.ted.com/on/tdUFCocK).
 5 | 
 6 | Understand the [Client-Server Architecture](http://tutorials.jenkov.com/software-architecture/client-server-architecture.html) in the context of software architecture.
 7 | 
 8 | ### Browsers
 9 | On [html5rocks.com](https://www.html5rocks.com/en/tutorials/internals/howbrowserswork/) you can find an interesting tutorial by Tali Garsiel and Paul Irish that includes general functioning of a browser, its structure, rendering engines and HTML or CSS code parsing.
10 | 
11 | ### HTTP Protocol
12 | Learn a little about HTTP and HTTPS. Understand the following:
13 | * [Requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods)
14 | * [Responses](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status)
15 | * [Methods](https://www.tutorialspoint.com/http/http_methods.htm)
16 | * [Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)
17 | 
18 | ### REST and Web APIs 
19 | What is CRUD and what is a [RESTful API](http://www.restapitutorial.com/lessons/httpmethods.html)?
20 | 
21 | Practice API skills on the [CRUD-REST basics tutorial](https://www.lynda.com/Flask-tutorials/CRUD-REST-basics/521200/533063-4.html).
22 | 
23 | Install [Postman](https://www.getpostman.com/postman) and play around with the tool.
24 | 
25 | ### Browser APIs
26 | * What is a [cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies)?
27 | * What is a [session](https://developer.mozilla.org/en-US/docs/Web/HTTP/Session)?
28 | * What is [localStorage](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage)?
29 | 
30 | ### Recommended time
31 | This module should take approximately 1 week of learning and practicing.
32 | 
33 | ### Measurable progress
34 | At the end of this module you should have a good understanding of how the web platform is working and how browsers work. You should also be able to understand HTTP communication and the separation between the server and the client. You should also be able to simulate different types of requests using Postman.
35 | 


--------------------------------------------------------------------------------
/we-train/junior-development-program/qa-selection-process.md:
--------------------------------------------------------------------------------
1 | ## Coming soon


--------------------------------------------------------------------------------
/we-train/node-school/README.md:
--------------------------------------------------------------------------------
 1 | # Nodeschool Cluj
 2 | 
 3 | ![Nodeschool Cluj](https://nodeschool.io/cluj/node_school_logo.jpg)
 4 | 
 5 | [Nodeschool](https://nodeschool.io/) is an open-source platform aimed at teaching basic JavaScript skills to everyone. The event is held in a lot of countries worldwide and we're bringing it to Cluj as one of our team activities, with the mentors being members of our JS team.
 6 | 
 7 | ---
 8 | 
 9 | Our latest event took place on the **9th of December 2017** and it exceeded our expectations.
10 | 
11 | ![nodeschool cluj image](https://nodeschool.io/cluj/img1.jpg)
12 | 
13 | In spite of the gloomy December morning, the latest Nodeschool Cluj event gathered almost 40 participants from all walks of life. The event took place in the fancy cafeteria at Fortech's headquarter in Cluj-Napoca.
14 | 
15 | Together with the awesome mentors, our guests spent most of the day hacking in the console, trying to figure out the javascripting challenges. The tasks consist of working on small tasks meant to take the user from absolute beginner to a level where one can feel comfortable writing simple programs in Javascript.
16 | 
17 | ## Back to the basics
18 | Important to note that the focus of the workshop was on the language itself and not on the environment where Javascript runs. As one of the mentors pointed out in the first presentation, Javascript nowadays runs everywhere, from browsers and server to Internet of Things (IoT) devices. 
19 | 
20 | So building a strong foundation is the key that can ultimately enable the writing of robust apps, no matter where they run.
21 | 
22 | ## Focus on learning
23 | Trying to figure out the longest word in a string, a Fibonacci sequence or the bubble sort algorithm proved hard for some, easy for others but fun for everybody. 
24 | 
25 | Solving problems is what programming is all about. But doing this along with others, in a controlled environment where mentors are always ready to step in is a lot more satisfying. As one participant put it, 
26 | >
27 | > "you can focus on what is important, and that is learning, instead of wasting time trying to fix syntax errors".
28 | 
29 | ## Sharing is caring
30 | While some of the mentors talked about the core skills a programmer should strive to acquire, others spoke about their time as interns while attending the Junior Development Program program at Fortech.
31 | 
32 | The panel proved particularly useful since most of the attendees were curious to find out how such programs actually work and what can one expect at the end of the training period.
33 | 
34 | ## Next steps: bigger, better
35 | 
36 | In the aftermath of the event some new ideas started to take shape among the mentors. Some of the discussions regarding future events lead to a few key points:
37 | 
38 | - future events will have a clearly outlined attendee level requirement. This means we will have different events for absolute beginners, novices and people who've used Javascript before.
39 | - the target is to have more participants and more mentors, keeping the same learning experience but aiming for maximum impact.
40 | 
41 | While we wait for participant feedback to start dripping in, we are already cooking up the next event, which will probably take part in March 2018. Keep an eye on our [page](https://nodeschool.io/cluj/) to make sure you don't miss out! You can also visit our [github repo](https://github.com/nodeschool/cluj) to address any questions.
42 | 


--------------------------------------------------------------------------------
/what-we-do/README.md:
--------------------------------------------------------------------------------
 1 | # What we do
 2 | Our projects vary a lot in complexity and timeline. We don't have a recipe we follow but we tend to prefer long term collaborations with challenging technical problems. We would rather skip standard CRUD/CMS projects if they don't offer something interesting to focus on. We are also not tied to a specific framework or library as we like to explore new things and try out different combinations. Also, we have no preferences towards frontend/backend projects as we usually like to get involved as **full stack** developers. 
 3 | 
 4 | There's a good chunk of the team focusing on React, Vue and Angular with their corresponding ecosystems, but we also have a lot of interest in Node and we have active projects with Express and Koa. Also we are exploring React Native as a solution for cross-platform native applications, but we are also investing effort into PWAs and pushing the limits of the web further and further.
 5 | 
 6 | ### Technical Radar
 7 | 
 8 | We're using the great technical radar tool created by [Thoughtworks](https://www.thoughtworks.com/) to visualize the frameworks, tools and areas of interest in our team.
 9 | 
10 | Click on the image below to check out the details of our technical radar:
11 | 
12 | [![Technical Radar](./technical-radar.png)](https://radar.thoughtworks.com/?sheetId=https%3A%2F%2Fdocs.google.com%2Fspreadsheets%2Fd%2F16ykOXD9J-DMyB0_i7EGcqsd8kB1CQ7s1vmBJNnpJlEQ%2Fedit%23gid%3D0)
13 | 
14 | ### Technical Prototypes
15 | 
16 | * [React-Redux Architecture](https://github.com/FortechRomania/react-redux-complete-example)
17 | * [Express-Mongo Architecture](https://github.com/FortechRomania/express-mongo-example-project)
18 | * React-Native (coming soon)
19 | * Vue.js (coming soon)
20 | 
21 | ### Technology Showcases
22 | 
23 | * [GraphQL](https://github.com/FortechRomania/js-team-showcase/blob/master/what-we-do/showcase/graphql.md)
24 | * [Firebase](https://github.com/FortechRomania/js-team-showcase/blob/master/what-we-do/showcase/firebase.md)
25 | * [nginx](https://github.com/FortechRomania/js-team-showcase/blob/master/what-we-do/showcase/nginx.md)
26 | * [flowtype](https://github.com/FortechRomania/js-team-showcase/blob/master/what-we-do/showcase/flowtype.md)
27 | * [vue](https://github.com/FortechRomania/js-team-showcase/blob/master/what-we-do/showcase/vue.md)
28 | 


--------------------------------------------------------------------------------
/what-we-do/showcase/firebase.md:
--------------------------------------------------------------------------------
  1 | # Firebase
  2 | ### Getting Started with Firebase
  3 | #### What is Firebase?
  4 | Firebase is a Backend-as-a-Service.
  5 | 
  6 | Firebase helps developers to focus on more important stuff, like delivering good experience for users, without worrying about the backend, data synchronization or scalability.
  7 | 
  8 | Firebase SDK offers integration with:
  9 | * Android
 10 | * iOS
 11 | * Web (JavaScript)
 12 | * Node.js
 13 | * Java
 14 | * C++
 15 | * Python
 16 | 
 17 | Firebase also has an handful of libraries that help integration with different languages or frameworks (Angular, React, Ember, etc….).
 18 | 
 19 | ### Database
 20 | Firebase offers two types of databases, both NoSQL: Realtime Database and Firestore. Firestore is in beta, but it is the new flagship of Google Firebase.
 21 | 
 22 | Firestore is the next generation of Realtime Database, it has better queries and automatic scaling, it was built keeping in mind the drawbacks that realtime databases had. You can find a list of differences between them [pn this article, RTDB vs Firestore on firebase.google.com](https://firebase.google.com/docs/database/rtdb-vs-firestore).
 23 | 
 24 | **The most important feature of Firebase databases is that it keeps all your data in sync automatically through WebSockets.**. This way you can sync your data to all your clients almost instantly. The other option would be get your data from the database only when you request it. It all depends on the type of application you wish to develop, if you need instant data syncronization or not.
 25 | 
 26 | **Data Model**
 27 | 
 28 | Firestore data model is quite simple, the information is stored in collections, the collection contain documents.
 29 | This is a usual data model for a NoSQL database, but one interesting feature of Firestore database is that documents can contain subcollections.
 30 | <ul>
 31 |  <li>Chat Rooms (col) </li>
 32 |    <ul>
 33 |     <li>
 34 |       General (doc)
 35 |       <ul>
 36 |        <li>description (info)</li>
 37 |        <li>
 38 |         messages (subcollection)
 39 |         <ul>
 40 |          <li>message 1 (doc)</li>
 41 |          <li>message 2 (doc)</li>
 42 |          <li>message 3 (doc)</li>
 43 |         </ul>
 44 |        </li>
 45 |       </ul>
 46 |     </li>
 47 |     <li>
 48 |      Random Chat (doc)
 49 |      <ul>
 50 |       <li>description (info)</li>
 51 |        <li>
 52 |         messages (subcollection)
 53 |         <ul>
 54 |          <li>message 1 (doc)</li>
 55 |          <li>message 2 (doc)</li>
 56 |          <li>...</li>
 57 |         </ul>
 58 |        </li>
 59 |      </ul>
 60 |     </li>
 61 |    </ul>
 62 | </ul>
 63 | 
 64 | ### Authentication
 65 | * Supports authentication using, email/password, phone numbers and also popular federated identity providers like Google, Facebook, Twitter…
 66 | * You can use the Firebase Authentication SDK or FirebaseUI Auth
 67 | 
 68 | ### Cloud Storage
 69 | * it's designed to help you quickly and easily store and serve user-generated content, such as photos and videos
 70 | 
 71 | ### Firebase Hosting
 72 | * it's an easy to use file hosting, your files will be served from CDNs using http2
 73 | 
 74 | ### Pricing
 75 | * they have pretty decent free tier plan, you have the option to pay as you go or to choose a monthly subscription
 76 | * [more about pricing](https://firebase.google.com/pricing/)
 77 | 
 78 | You can find all the products offered by Firebase [on their official products page](https://firebase.google.com/products/).
 79 | 
 80 | Firebase can be added in two ways in a web project, you can add it as a script using a google CDN or you can install it via npm - [Firebase](https://www.npmjs.com/package/firebase).
 81 | 
 82 | ```
 83 | npm install --save firebase
 84 | ```
 85 | One problem with the npm package is that it is quite big and will increase your bundle size.
 86 | ![alt text](https://preview.ibb.co/edVh2G/Screen_Shot_2018_01_06_at_17_38_53.png "Firebase Size")
 87 | 
 88 | ### Sample Code
 89 | In the sample code below we:
 90 | * import firebase
 91 | * set in the config all the information to the firestore database
 92 | * we initialize firebase with the configuration info
 93 | * we save the firestore reference in db
 94 | * then we access the posts from the database and listen for any changes with `onSnapshot` function
 95 | * then we add each post inside the targeted `div`
 96 | * if any changes are done in the posts database, we get the updates almost instantly
 97 | 
 98 | ```html
 99 | <!DOCTYPE html>
100 | <html>
101 | <head>
102 | <title>Firestore</title>
103 | </head>
104 | <body>
105 |     <div id="content">Loading...</div>
106 |     <script src="https://www.gstatic.com/firebasejs/4.6.0/firebase.js"></script>
107 |     <script src="https://www.gstatic.com/firebasejs/4.6.0/firebase-firestore.js"></script>
108 |     <script>
109 |         const config= {
110 |             //All this information can be found in your firebase console (unique for each project)
111 |             apiKey: "Your Api Key",
112 |             authDomain: "Your AuthDomain",
113 |             databaseURL: "Your DatabaseURL",
114 |             projectId: "Your Project ID",
115 |             storageBucket: "Your storage bucket",
116 |             messagingSenderId: "Your ID"
117 |         };
118 |         firebase.initializeApp( config );
119 |         const db = firebase.firestore( ); //geting the reference to the firestore database
120 |         db.collection( "posts" )
121 |           .onSnapshot( snapshot => {
122 |             const target =  document.querySelector( "#content" );
123 |             let html = "";
124 |             if ( snapshot ) {
125 |               snapshot.forEach( doc => {
126 |                 const { title, content } = doc.data( );
127 |                    html += `<div>${ doc.id }</div><div>${ title }</div><div>${ content }</div><hr/>`;
128 |               } );
129 |               target.innerHTML = html;
130 |             }
131 |         } );
132 | </script>
133 | </body>
134 | </html>
135 | ```
136 | 
137 | ### Resources
138 | * [Youtube Official Firebase Channel](https://www.youtube.com/user/Firebase)
139 | * [React Native Firebase](https://github.com/invertase/react-native-firebase) - most popular React Native and Firebase implementation (it supports Firestore as well).
140 | 


--------------------------------------------------------------------------------
/what-we-do/showcase/flowtype.md:
--------------------------------------------------------------------------------
1 | We're currently assessing [flowtype](https://flow.org/) as a static type analyzer tool.
2 | 
3 | A few useful links to start with:
4 | * [Installation Guide](https://flow.org/en/docs/install/)
5 | * [Basic Primitives](https://flow.org/en/docs/types/primitives/)
6 | * [Cheat Sheet](https://www.saltycrane.com/flow-type-cheat-sheet/latest/)
7 | 


--------------------------------------------------------------------------------
/what-we-do/showcase/graphql.md:
--------------------------------------------------------------------------------
 1 | # GraphQL
 2 | 
 3 | ### Getting Started with GraphQL
 4 | Before jumping into GraphQL you must understand what it is and that it comes as an alternative to traditional REST APIs. One important note is that GraphQL is not tied to any specific language or framework. It is just a protocol used for communicating between clients and servers.
 5 | * [Understand what GraphQL is about](https://dev-blog.apollodata.com/the-basics-of-graphql-in-5-links-9e1dc4cac055)
 6 | * Check the [official documentation](http://graphql.org/learn/) for basic concepts
 7 | * Build your first server following [this egghead course](https://egghead.io/courses/build-a-graphql-server)
 8 | 
 9 | ### GraphQL and Mongo
10 | Once you've built your first GraphQL server you can check this article with a nice and simple example on how to connect the `query` and `mutation` resolvers to a Mongo database.
11 | * [Using GraphQL with MongoDB](https://www.compose.com/articles/using-graphql-with-mongodb/)
12 | 
13 | ### GraphQL and Apollo
14 | This 8-part article is a great reference to start building a React app powered by a GraphQL backend. **Apollo** is an easy-to-use client for GraphQL which allows you to write queries and mutations on any frontend application in order to communicate with a GraphQL endpoint. This series of articles goes through the basic functionalities exposed by **React-Apollo**, the library used for connecting React apps to GraphQL.
15 | * [Getting started with React-Apollo](https://dev-blog.apollodata.com/full-stack-react-graphql-tutorial-582ac8d24e3b)
16 | 
17 | **Notes**
18 | 
19 | Be aware that GraphQL and Apollo are at new versions at the moment so setup might be a bit different. Took me a while to figure out exactly how to do it. The recommended approach is to visit the [oficial documentation](https://www.apollographql.com/docs/react/basics/setup.html) for setting up `React-Apollo`.
20 | 
21 | The suggested way for first time users is
22 | ```
23 | npm install apollo-client-preset react-apollo graphql-tag graphql --save
24 | ```
25 | 
26 | And then 
27 | 
28 | ```javascript
29 | import { graphql, ApolloProvider } from "react-apollo";
30 | import ApolloClient from "apollo-client";
31 | import gql from "graphql-tag";
32 | import { HttpLink } from "apollo-link-http";
33 | import { InMemoryCache } from "apollo-cache-inmemory";
34 | 
35 | const client = new ApolloClient( {
36 |     link: new HttpLink( { uri: "<link to graphql endpoint>" } ),
37 |     cache: new InMemoryCache( ),
38 | } );
39 | ```
40 | 
41 | Also, keep in mind that you to set your express server to allow cross-origin requests since the backend and the frontend will run on different ports. You can easily to that with the `cors` package in express.
42 | 
43 | ```
44 | const cors = require( "cors" );
45 | 
46 | server.use( "*", cors( { origin: "http://localhost:3000" } ) );
47 | ```
48 | 
49 | Also please note that when adding **subscriptions**, the interface of the `apollo client` setup is changed drastically. You can follow the [example code from this repo](https://github.com/alexnm/graphql-playground) that I created to make it work. You can easily follow the [official documentation](https://www.apollographql.com/docs/react/features/subscriptions.html) also.
50 | 
51 | The rest of the code is similar with what is described in the article.
52 | 
53 | Also worth reading while getting deeper into React-Apollo:
54 | * [Caching](https://www.apollographql.com/docs/react/features/caching.html)
55 | * [Optimistic UI](https://www.apollographql.com/docs/react/features/optimistic-ui.html)
56 | * [Using Fragments](https://www.apollographql.com/docs/react/features/fragments.html)
57 | 
58 | ### Demo
59 | 
60 | [Here is a demo app](https://github.com/alexnm/graphql-playground) I built using the major features of `GraphQL`.
61 | 
62 | ### Further reading
63 | 
64 | * [Getting started with React and Apollo](https://www.howtographql.com/react-apollo/1-getting-started/)
65 | * [Building a real-time chat with GraphQL](https://blog.graph.cool/how-to-build-a-real-time-chat-with-graphql-subscriptions-and-apollo-d4004369b0d4)
66 | * [Using Vue with Apollo](https://medium.com/yld-engineering-blog/using-vue-with-apollo-65e2b1297592)
67 | 


--------------------------------------------------------------------------------
/what-we-do/showcase/nginx.md:
--------------------------------------------------------------------------------
  1 | # Nginx
  2 | 
  3 | ### Getting Familiar With NGINX
  4 | NGINX is a free, open-source, high-performance HTTP server and reverse proxy. We use their official [website](http://nginx.org/en/) to read about their latest updates. We use also [Digital Ocean](https://www.digitalocean.com) for learning purposes.
  5 | This article on [understanding nginx server and location block selection algorithms](https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms) might help you start your work in this direction. This [beginner's guide from nginx](http://nginx.org/en/docs/beginners_guide.html) might also come in handy.
  6 | 
  7 | We choose NGINX servers because:
  8 | * Open-Source & Free
  9 | * Addresses [C10k problem](http://www.kegel.com/c10k.html)
 10 | * Easy to install. Easy to  configure
 11 | * Designed for big apps but also suitable for small ones
 12 | * Scales in all directions: from the smallest VPS to large clusters of servers
 13 | * Not threaded to handle requests
 14 | * Small and predictable amounts of memory under load
 15 | 
 16 | #### How To Install
 17 | Depending on the operating system: installation steps described [on the nginx wiki](https://www.nginx.com/resources/wiki/start/topics/tutorials/install/).
 18 | 
 19 | ##### Installation example for Ubuntu 16.04
 20 | 
 21 | ```
 22 | deb http://nginx.org/packages/ubuntu/ xenial nginx
 23 | deb-src http://nginx.org/packages/ubuntu/ xenial nginx
 24 | sudo apt-get update
 25 | sudo apt-get install nginx
 26 | ```
 27 | 
 28 | #### Server Configuration Structure
 29 | * /etc/nginx: contains all configuration files.
 30 | * /etc/nginx/nginx.conf: the main/universal NGINX configuration file.
 31 | * /etc/nginx/sites-available/: the directory where all "server blocks" can be stored. NGINX will not use the configuration files found in this directory unless they are linked to the sites-enabled directory. Typically, all server block configuration is done in this directory, and then enabled by linking to the other directory.
 32 | * /etc/nginx/sites-enabled/: The directory where all enabled "server blocks" are stored. Typically, these are created by linking to configuration files found in the sites-available directory.
 33 | 
 34 | 
 35 | #### How To Use - Main Commands
 36 | * Start server
 37 | ```
 38 | sudo /etc/init.d/nginx start
 39 |     or
 40 | sudo systemctl start nginx
 41 | ```
 42 | * Check Status
 43 | ```
 44 | systemctl status nginx
 45 | ```
 46 | * Stop server
 47 | 
 48 | This stop option implies that a fast/forced shutdown is applied i.e. the process is killed instantly even if there is a current request in progress.
 49 | ```
 50 | nginx -s stop  
 51 |     or
 52 | kill - s processId ( ps aux | grep nginx )
 53 | ```
 54 | * Quit server
 55 | 
 56 | This stop option graceful shuts down the server. That means that it waits for the worker processes to finish serving current requests.
 57 | ```
 58 | nginx -s quit
 59 | ```
 60 | * Test/Check for correct syntax the configuration from the NGINX config file.
 61 | ```
 62 | nginx -t
 63 | ```
 64 | * Restart service
 65 | ```
 66 | sudo systemctl restart nginx
 67 | ```
 68 | * Reload the configuration file
 69 | ```
 70 | sudo systemctl reload nginx
 71 |     or
 72 | nginx -s reload
 73 | ```
 74 | * (Re)open log files
 75 | ```
 76 | nginx -s reopen
 77 | ```
 78 | 
 79 | #### Main Configuration Blocks
 80 | * [`http`](http://nginx.org/en/docs/http/ngx_http_core_module.html#http) - main configuration from the `nginx.conf` file; in this block the universal configuration is done.
 81 | * [`server`](http://nginx.org/en/docs/http/ngx_http_core_module.html#server) - block that contains all the configuration for the virtual server.
 82 | * [`listen`](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen) - describes addresses and ports that accept connection with the server. In this block can be defined one of the following:
 83 | 
 84 |     - an ip/address/port combination
 85 |     - a lone IP what will listen the default port 80
 86 |     - a lone port that will listen every address on that port
 87 |     - a path to other unix socket
 88 | 
 89 | * [`server_name`](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) - indicates all server names. With this block you can define several names for your server. Keep in mind that the 1st name listed is the primary name. The server can be a string that can contain `*`, `~`, or regex.
 90 | * [`ssl_certificate`](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) & [`ssl_certificate_key`](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key) - blocks applicable for https; they indicate the paths to ssl certificates.
 91 | * [`error_log`](http://nginx.org/en/docs/ngx_core_module.html#error_log), http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log - blocks used to indicate the path where logs will be stored. To specify the format of the log, [`log_format`](http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) directive can be used.
 92 | * [`location`](http://nginx.org/en/docs/http/ngx_http_core_module.html#location) - block with config used for handling requests for different resources and URIs for the parent server.
 93 | * [`gzip`](http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip) - block used for on-the-fly gzip compression to limit the amount of bandwidth used and speed up some transfers. This block can be configured in such matter that only files bigger than a certain size are included in the gzip compression - only relevant compression is done and the transfer process is done rapidly.
 94 | * [`root`](http://nginx.org/en/docs/http/ngx_http_core_module.html#root) - sets the root directory for requests. That means that the path from the root directory will be the first one used to search for a file. In case of an request, to obtain the path of a requested file, NGINX appends the request URI to the path specified by the root directive. This directive can be used at any level within the http, server, or location contexts.
 95 | * [`index`](http://nginx.org/en/docs/http/ngx_http_index_module.html#index) - defines what will be used as index; it is nested inside location for internal redirect.
 96 | * [`proxy_pass`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) - if specified inside a location, this directive passed a request to an HTTP proxied server.
 97 | * [`try_files`](http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files) - checks the existence of files in the specified order and uses the first found file for request processing; the processing is performed in the current context.
 98 | * [`alias`](http://nginx.org/en/docs/http/ngx_http_core_module.html#alias): defines a replacement for the specified location.
 99 | 
100 | #### Static Server Configuration Example
101 | The following configuration example can be used on an NGINX server that only serves static content. The example is focused on the way one should define the paths that are searched to find requested files, and on how to set up index files.
102 | The first `root` directive defined like below means that it applies to all location blocks where the root directive is not included to explicitly redefine the root/over-written. For example, take a look on the `location` directive definitions: for every request of an image, NGINX searches for a URI that starts with /images/ in the /www/data/images/ directory on the file system. But, in the case, of a request asks for a .mp3 file ( i.e. the URI ends with the .mp3 extension ), NGINX instead searches for the file in the /www/media/ directory because it is defined in the matching location block.
103 | If a request ends with a slash, NGINX treats it as a request for a directory and tries to find an index file in the directory. The index directive defines the index file’s name (the default value is `index.html`). One can list more than one filename in the index directive. NGINX searches for files in the specified order and returns the first one it finds.
104 | 
105 | ```
106 | server {
107 |     root /home/work;
108 | 
109 |     location / {
110 |         index index.html index.php;
111 |     }
112 | 
113 |     location /images/ {
114 |     }
115 | 
116 |     location ~ \.(mp3) {
117 |         root /home/media;
118 |     }
119 | }
120 | ```
121 | 
122 | #### Dynamic Server Configuration Example
123 | The following configuration example is a basic NGINX configuration used for two UI applications - an user app and an admin dashboard. The applications were built with create-react-app package do the deploy process was done following the instructions from this [link](https://medium.com/@johnbrett/create-react-app-push-state-nginx-config-a9f7530621c1).
124 | On HTTP, the server will listen to the default port `80`. When on HTTPS, the `443` port will be listened and the ssl certificates will be checked. The server's name can be is called `myserver`. For logging all requests and the errors encountered, the path from local storage is setup. The `root` block points to the folder where the user app is stored. There are two `location` blocks used in this configuration file. The first one (`location /api/`) handles the requests to an HTTP proxied server - in this case the backend server. The second one(`location /admin`) handles the requests to the dashboard app.
125 | 
126 | ```
127 | server {
128 |     listen         80;
129 |     server_name    myserver.ro www.myserver.ro;
130 |     return         301 https://$server_name$request_uri;
131 | }
132 | 
133 | server {
134 |     listen 443 ssl;
135 |     server_name    myserver.ro www.myserver.ro;
136 |     ssl_certificate /etc/nginx/ssl/myserver_ro.crt;
137 |     ssl_certificate_key /etc/nginx/ssl/myserver.key;
138 | 
139 |     access_log /var/log/myserver/access.log;
140 |     error_log /var/log/myserver/error.log;
141 | 
142 |     root /home/work/ui/build_final;
143 |     try_files $uri /index.html;
144 | 
145 |     location /api/ {
146 |         proxy_pass http://127.0.0.1:3000;
147 |     }
148 | 
149 |     location /admin {
150 |         alias /home/work/dash/build_final;
151 |         try_files $uri /admin/index.html;
152 |     }
153 | }
154 | ```
155 | 
156 | #### Resources
157 | * [NGINX Official Website Documentation](https://nginx.org/en/docs/)
158 | * [NGINX Tutorial](http://nginx.org/en/docs/beginners_guide.html)
159 | * [Udemy Tutorial - NGINX Fundamentals ](https://www.udemy.com/nginx-fundamentals/learn/v4/overview)
160 | * [Digital Ocean Tutorial - Understanding NGINX Server and Location Block Selection Algorithms](https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms)
161 | * [Static Server configuration](https://www.nginx.com/resources/admin-guide/serving-static-content/)
162 | * [Basics in Server Configuration](https://linode.com/docs/web-servers/nginx/how-to-configure-nginx/)
163 | * [Dynamic Virtual Hosts](https://gist.github.com/cbmd/4247040)
164 | 


--------------------------------------------------------------------------------
/what-we-do/showcase/vue.md:
--------------------------------------------------------------------------------
 1 | # Vue.js
 2 | 
 3 | ### Quick links
 4 | * [vue-cli](https://github.com/vuejs/vue-cli) - starting from a standard template
 5 | * [official guide](https://vuejs.org/v2/guide/) - starting from scratch
 6 | * [awesome vue](https://github.com/vuejs/awesome-vue) - a list of curated materials on Vue
 7 | * [vue templates for cli](https://github.com/vuejs-templates)
 8 | * [5 part article on getting started](https://css-tricks.com/guides/vue/)
 9 | * [vue devtools](https://github.com/vuejs/vue-devtools)
10 | * [vue.js and serverless](https://css-tricks.com/creating-vue-js-serverless-checkout-part-one/)
11 | 
12 | ### Fresh start
13 | In case you are new to the world of frontend libraries and frameworks, I think the [official documentation](https://vuejs.org/v2/guide/) is the right way to start. Forget about the vue-cli and the other tools around the ecosystem and get up to speed with vue in a regular old fashion single html file.
14 | 
15 | ### With prior experience
16 | If you worked with similar frontend frameworks before (ex: React, Angular) and you are aware of the modern JavaScript ecosystem (ex: Webpack, ES2015, Babel), then the *vue-cli* is the best option to get started fast with Vue.
17 | 
18 | We highly recommend you follow this [5-part article](https://css-tricks.com/guides/vue/) written by Sarah Drasner which takes you through the entire Vue ecosystem. I strongly advise you follow along and write your own code, while playing around with the Vue components. [Vue Devtools](https://github.com/vuejs/vue-devtools) is also a great addition to your browser.
19 | 
20 | Additional information about Vue Components and specifically on [methods, computed and watches](https://css-tricks.com/methods-computed-and-watchers-in-vue-js/)
21 | 
22 | #### Vuex
23 | If you have some experience with Redux, you can have a look at how Vuex works in conjunction with Vue. [The official guide](https://vuex.vuejs.org/en/) is a good way to start. You will need to understand what mutations and actions are because they differ a bit from what you may know from Redux. A good guide can be found on [vueschool.io](https://vueschool.io/courses/vuex-for-everyone) (free course).
24 | 
25 | #### Things to follow
26 | A couple of points where an in-depth understanding is needed in order to build a large scale application:
27 | * [ ] working with forms
28 | * [ ] integrating APIs
29 | * [ ] server side rendering
30 | * [ ] eslint config for Vue
31 | 


--------------------------------------------------------------------------------
/what-we-do/technical-radar.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FortechRomania/js-team-showcase/72ba01948cde3cb2726b10d52424e4f25b409666/what-we-do/technical-radar.png


--------------------------------------------------------------------------------
/who-we-are/README.md:
--------------------------------------------------------------------------------
 1 | # Who we are
 2 | We are a growing team of professionals focusing our skills and efforts around the JavaScript ecosystem (and not only). We work in a collaborative way on multiple projects, while still making sure everyone in the team adheres to our common vision and culture.
 3 | 
 4 | We wanted to write a few lines about the team name `Cake for Breakfast` but it’s self-explanatory anyway and we were too busy... 👇
 5 | 
 6 | <img src="../images/cake-for-breakfast.jpg" width="400" />
 7 | 
 8 | ### You are always part of the team
 9 | Before we start talking about *what* and *how* we work, let's make something clear: at any time, in any setup, under any circumstances, we are part of the **same team**. This is the corner stone of our team culture. Each and every member of the team is **equal** to the other and we all contribute to the development of the team. It doesn't matter if we work in different teams, on different projects with different customers. At the end of the day, we are part of the same team.
10 | 
11 | Read more about our [team activities](https://github.com/FortechRomania/js-team-showcase/tree/master/who-we-are/inside-the-team.md).
12 | 
13 | ### Why culture matters
14 | 
15 | Team work is a winner in today's software development world, that's a no brainer. Everyone understands the importance of team work and collaboration, but a team is more than the individuals that form it and the relations between them. The team exists outside the context of each individual and the team carries on, as long as the culture formed around it is strong. A strong team culture means that no individual is irreplaceable, but at the same time all individuals are valuable and an integral part of the team.
16 | 
17 | We work in an environment where everyone collaborates, help and support are unconditioned and the needs of the team come before the needs of the individual.
18 | 
19 | ### A culture built on mentoring
20 | 
21 | We believe mentoring is the key to success. It doesn't matter if you have 10 years of experience or 3 months, in our team you will be both a mentor and a mentee. From our [junior development program](https://github.com/FortechRomania/js-team-showcase/tree/master/we-train/junior-development-program) to our montly initiatives of learning and development, everything we do is based on learning, teaching and sharing. Some of our initiatives are also based on giving back to the community, so be ready to embrace mentoring and teaching as a primary activity.
22 | 
23 | ### Our core values
24 | 
25 | Althought our team is built around technology and the JavaScript ecosystem, our core values are not technology focused. They represent the sum of the human traits that we value most.
26 | 
27 | #### Passion
28 | 
29 | The main driver of most of our activities. It's hard to work in the software industry without passion. Hard work and skills will solve one problem at a time, passion will deliver the end result.
30 | 
31 | #### Honesty
32 | 
33 | We are not superstars, we are not all-knowing gods, everyone has flaws, gaps in knowledge and lack of understanding in all sorts of areas. We value honesty first and as long as there's willingness to learn and adapt, we can work with you. We do not value a cocky attitude towards colleagues and technology.
34 | 
35 | #### Motivation
36 | 
37 | Are willing to go the extra mile? Everyone has different incentives of motivation but we always value the positive motivation. Each team member is committed and engaged in what he or she does, whether it's about writing code, teaching others or any other endevour.
38 | 
39 | #### Curiosity
40 | 
41 | How much time do you spend exploring new things? Do you have a keen interest in technology and its evolution? Our wish is to empower people to try things out, to test new concepts, new tools and frameworks. Curiosity drives innovation and evolution.
42 | 
43 | #### Perseverence
44 | 
45 | Without it, dealing with complicated tasks becomes a burden. It's not only about hard work, it's also about asking all the right questions, getting deeper into the code to find the true source of a problem or making sure you covered all the cases.
46 | 


--------------------------------------------------------------------------------
/who-we-are/inside-the-team.md:
--------------------------------------------------------------------------------
 1 | # Inside the Team
 2 | Besides working on the daily tasks, we give each member of the team a chance to get involved in additional activities as part of the regular working hours. There are 3 types of activites or initatives that we tackle, some of them are ongoing and some of them are happening one time:
 3 | * personal development activities
 4 | * internal company activities
 5 | * external company activities
 6 | 
 7 | ### Personal Development Activities
 8 | While personal development should also be done during your own time, we try to offer as much time as possible for personal development during the working hours. We schedule together R&D, open-source or just learning activities that one takes ownership of. Let's say that for example that you want to learn [Vue](https://vuejs.org/) or you want to play a little with [GraphQL](http://graphql.org/). We plan this together with the rest of the team and you have a number of hours allocated to learning this during the working hours. The only condition is to prepare a dissemination of what you found out / learned during the time with the entire team, so that knowledge is distributed to all members. Similarly, you can opt-in to contribute to one of the open-source projects we started on [github](https://github.com/FortechRomania) or to start another one and we plan together some sessions with the team for analysis and review.
 9 | 
10 | ### Internal Company Activities
11 | This can vary from participating in tech interviews, to mentoring people as part of our [internship program](https://github.com/FortechRomania/js-team-showcase/blob/master/we-train/junior-development-program/). If you are more interested in teaching we are heavily involved in internal and external training activities, so we will definitely find time for this. We are also involved in developing some internal tooling for our support departments, so be ready for some potential work in that area.
12 | 
13 | ### External Company Activities
14 | These are the kind of activities that are helping us indirectly by creating a stronger brand around the team/company. But also they can help you build a stronger brand for yourself. So this can vary from being involved into the tech-sales process at Fortech, to speaking at events and conferences and to creating blog posts or external content for our company.
15 | 
16 | Overall, these activities are molding you into a better professional and are allowing you to try different types of responsibilities to see which one fits you better.


--------------------------------------------------------------------------------
/who-we-are/making-a-career.md:
--------------------------------------------------------------------------------
1 | # Growth within our team
2 | 
3 | As everybody else, we also have career paths defined for each team member, along with expectations for each phase you are in. For sure, we'll help you get where you want and expand your horizons.
4 | 
5 | There are four main streams you can follow within our team: **Front-End JavaScript Engineer**, **Back-End JavaScript Engineer**, **Full Stack Javascript Engineer** or **QA Automation Engineer**. Each team member is encouraged to follow his/her passion and supported in doing so.
6 | 
7 | For each stream we have a set of expectations defined. These expectations cover multiple areas: Team, Soft skills [ Communication, Attitude], Technical [Code, Architecture, Concepts, Technology]
8 | 


--------------------------------------------------------------------------------