====== Web Development Notes ======

This page aggregates recurring themes about web development: JavaScript, HTML/CSS, backend choices, and databases.

===== Frontend: JavaScript, HTML & CSS =====

Common frontend stack elements in the conversations:

  * Vanilla **JavaScript** remains the baseline:
    * Understand the event loop, promises/async, and the DOM.
    * Avoid over-relying on heavy frameworks for simple tasks.

  * Modern frameworks/libraries:
    * React and similar ecosystems appear in discussions.
    * Recommendations emphasise:
      * Componentisation.
      * Clear state management.
      * Avoid unnecessary re-renders and over-engineering.

  * **HTML/CSS** fundamentals:
    * Semantic HTML for accessibility.
    * CSS flexbox/grid for layout instead of deeply nested floats.
    * Use of browser dev tools to inspect layout and performance.

Prominent advice: **understand the platform first** (HTML/JS/CSS) before “jumping straight into framework X”.

===== Backend: Languages & Frameworks =====

No single backend was “the only one”; discussions touched on several:

  * **Python** with small frameworks (Flask, FastAPI).
  * **Node.js** for lightweight REST APIs, websockets, and real-time apps.
  * Occasional mentions of Go, Rust, or PHP frameworks.

Common backend patterns:

  * Separate business logic from HTTP handling.
  * Use environment variables or config files for secrets.
  * Keep endpoints simple and well-documented.

===== Databases: SQL and Relational Thinking =====

SQL and relational databases showed up repeatedly:

  * **PostgreSQL** and **MySQL/MariaDB** as typical choices.
  * Emphasis on:
    * Modelling data with proper normalization where appropriate.
    * Using indexes thoughtfully.
    * Writing clear, maintainable SQL instead of burying everything in ORMs.

Typical guidance:

  * Start with a simple relational schema.
  * Only introduce complex sharding/replication once you truly need it.

===== Basic Security Practices for Web Apps =====

While not always spelled out systematically in the chat, the security mindset was present:

  * Always validate and sanitize user input.
  * Protect against:
    * SQL injection (use parameterised queries).
    * XSS (encode output, use CSP when possible).
    * CSRF (tokens or same-site cookies).
  * Use HTTPS everywhere; terminate TLS at nginx or a similar proxy.

===== Tooling & Workflow =====

Recurring tools and practices:

  * Version control with Git, often via self-hosted forge software.
  * Local development setups using containers (Docker-Compose) or lightweight virtualenvs for Python.
  * Linters and formatters:
    * ESLint/Prettier for JS.
    * Black/isort/flake8 for Python backends.

The underlying trend is towards **simple, well-understood stacks** rather than chasing every new framework.