Security is a topic that is often overlooked in the frontend world. But at least for you all - no longer! To make sure we cover Security for Vue and Nuxt applications as broad as possible, Michael and Alex are joined by Jakub Andrzejewski, who is not only a Senior Frontend Developer but also author of the Nuxt Security Module. We cover not only the module but also how to avoid common security mistakes as a Vue developer and how to protect your applications from vulnerabilities, and which are the most common ones.

Of course, we can't miss out on the State of Vue.js Survey, which is currently running and was co-created by Jakub as well!

Besides talking about the Security and the State of Vue.js, we also discuss how Jakub got into Vue.js at first and how he perceived the transition to Vue 3 and the Composition API.

Enjoy the episode!

Our Guest

Jakub Andrzejewski

• Blog
• Bluesky
• Twitter

Chapters

• (00:00) - Welcome to the DejaVue Podcast
• (00:12) - Introducing our Guest
• (02:07) - The Nuxt Ecosystem Team
• (07:47) - How did you get into Vue.js
• (13:09) - Transition to Vue 3 and Composition API
• (17:00) - React Livecoding as a Vue Dev
• (18:10) - vue-vine for multiple components
• (20:34) - State of Vue
• (30:30) - The Nuxt Security Module
• (37:36) - Will the module project you from everything?
• (41:59) - The ShipFast incident
• (45:05) - Ethical Hacking and NPM Security Vulnerabilities
• (49:24) - Privilege Escalation at Shopify
• (51:45) - Nuxt Security without a Server
• (54:28) - More Logic in the Frontend
• (55:38) - Nothing to Hide?
• (57:28) - Security Mistakes to Avoid as a Vue Developer
• (01:02:13) - Wrapping up

Links and Resources

• Fill out the State of Vue.js Survey
• And also the State of JS Survey 🙌

• Nuxt Security Module
• Vue Vine
• State of Frontend (Results out)
• OWASP Top 10
• DejaVue #E006 - Nuxt Server Components (with Julien Huang)
• Shipfast incident writeup

Your Hosts

Alexander Lichter

• Twitter
• YouTube
• Website

Michael Thiessen

• Twitter
• YouTube
• Website

---

Links marked with * are affiliate links. We get a small commission when you register for the service through our link. This helps us to keep the podcast running. We only include affiliate links for services mentioned in the episode or that we use ourselves.