LNUG #87 - August 2019

Join waitlist?

14 on waitlist


Conde Nast

Adelphi Building, 1-10 John Adam St Level 9 · London

How to find us

The nearest Tube stations are Embankment and Charing Cross

Location image of event venue


LNUG is hosted at Condé Nast in Adelphi Building, 1-10 John Adam St
***Please note: you will not be allowed through security unless you are listed as "Attending" on this event***

Security in Node.js
Forbes Lindesay

While working on large node.js projects, I’ve noticed that there is no clear answer to common questions like “how do I securely store passwords”. I’ve also noticed that all the popular frameworks lack key security features such as CSRF protection and Rate Limiting by default. It’s really easy to get security wrong, and it’s not your fault that this is so difficult.

In this talk, I’ll present some practical steps you can take to secure your applications, including protecting against some of the most common attack vectors. I’ll also attempt to inspire you to think differently about what the defaults should be when you build new applications and libraries. We can make our code default to security; it doesn’t have to be this way.

I'm a tech lead at Threads Styling and maintain several large open source projects, such as Pug, atauthentication.com and atdatabases.org. My twitter handle is @ForbesLindesay

Indie Hacking with Postgraphile
Thomas Ankcorn

Sometimes I get jealous of the speed people can build complex apps with things like laravel/rails. Node is a great run time but it is arguably a more complex choice for your tech stack, there is no standout MVC framework that does it all for you, instead, there are lots of small specialised tools. I want to talk about one of those. It’s called Postgraphile. It lets you generate a GraphQL API from a schema in a Postgres database. By writing just a little SQL you can create an application that would take a long time to create normally!

I'm going to show you how you can use it to build a meetup.com clone complete with JWT based authentication, real-time meetup ratings, and role-based access control.

I'm a senior software engineer at Near.st. We are building a real-time local inventory data platform to help small businesses fight back against the growth of online shopping. Outside of work, I'm chasing my life long dream of having a dog, and building silly things with javascript. Follow me on twitter here @thomasankcorn


Interested in speaking? Add a talk proposal as an issue at https://github.com/lnug/speakers

Find out more:






Thanks, as ever to the contributions from sponsors in our community:

NearForm provide the Pizza and Drinks

We are hosted by Condé Nast International

Video Recording Sponsored by Pusher:
You can view previous event talks and more by visiting the Pusher App YouTube channel!

Pusher is a hosted service with APIs, developer tools and open source libraries that greatly simplify integrating real-time functionality into web and mobile applications.

Pusher will automatically scale when required, removing all the pain of setting up and maintaining a secure, real-time infrastructure.

Pusher is already trusted to do so by thousands of developers and companies like GitHub, MailChimp, the Financial Times, Buffer and many more.

Getting started takes just a few seconds: simply go to pusher.com and create a free account. Happy hacking!