What’s New In Next.js 12?

These days, Next.js is the most loved framework in the React ecosystem because of the great features that it provides such as hybrid static & server rendering, Typescript support, smart bundling, route pre-fetching and so on. On 26th October 2021, Next.js released its new version, which is Next.js 12. It includes features like performance optimization, middleware, react 18 support etc. If you’re going to use Next.js for your next project, then you are at the right place. Knowing the latest features of Next.js 12 will help you in development. Let’s see the amazing new features of Next.js 12.

What’s New In Next.js 12?

1. Middleware-

Middleware enables you to catch HTTP request and run some code and logic before it is complicated. We know that having middleware in web application is not new and you can experience similar concept being used in other programming languages or in Javascript frameworks such as Express.js. 

One of the benefit of having middleware in next.js 12 is that you can combine it with the features offered by the framework. While implementing a middleware, create a file as _middleware.js in directory which includes the routes that you want to intercept. If you want to create middleware that will manage web app pages, create a fine in /pages/_middleware.js. 

import { NextResponse } from "next/server";
   
const secretKey = "preview-mode";
 
export function middleware (request) {
  const headerKey = request.headers.get("secret-key");
 
  if (headerKey === secretKey) {
    return NextResponse.next();
  }
 
  return new Response(null, { status: 401 });
}

Programmers can use a Middleware for various use cases like localization, logging, Redirect/Rewrite, authentication, A/B testing and so on. Middleware makes use of runtime that supports standard Web APIs. If anyone want to implement a middleware in Next.js app, just run it locally using next start, or host it on Edge platforms such as Vercel, using brand new Edge Function.   

Vercel Edge Functions are serverless functions such as AWS Lambda or Azure Functions, except that they are deployed in CDNs, close to end users, enabling web app to work faster.

2. ES module support and URL import-

In the Next 12 version, ES module support is default. ES modules is official ECMAScript module standard for Javascript and supported by Node.js and its major browsers.

Next 12 prioritizes ES modules over CommonJS. But still it supports importing NPM modules that use CommonJS. It helps developers to incrementally adopt ES modules without affecting changes. Next 12 experimentally supports URL imports of packages that use ES modules. Meaning that a package can be imported directly from URL and there is no need for installation or separate build step. Also, these packages are cached locally to support offline development. It results that Next.js can process remote HTTP(S) resources such as local dependencies.

Next supports both client and server URL import. When Next detects URL import, it creates a next.lock file to track remote resource. While using this feature, add allowed URL prefixes inside next.config.js:

module.exports = {
  experimental: {
    urlImports: ['https://cdn.skypack.dev']
  }
}

And import modules:

import confetti from 'https://cdn.skypack.dev/canvas-confetti'

Any CDN which serves ES modules will work. For instance, JSPM, unpkg and jsDelivr.

3. Rust compiler-

Performance optimization is a key feature of Next 12. So as to improve the performance, Next.js replaced the Babel compiler with an extensible Rust compiler – SWC.  It takes the advantage of native compilation. SWC is faster than Babel on a single thread and 70 times faster on four cores.

With Rust compiler, Next.js offers optimized bundling and compiling with 3 times faster builds for production. This results in faster build time on production and quick feedback in local development, better developer experience and faster development time.

4. Smaller Images Using AVIF-

Inbuilt image optimization API of Next.js supports AVIF images. It enables 20 percent smaller images compared to WebP. This is opt-in feature and can be enabled by modifying image.format property in next.config.js file:

module.exports = {
  images: {
    formats: ['image/avif', 'image/webp']
  }
}

5. Bot-aware ISR fallback-

ISR(Incremental Static Regeneration allows you to update static pages after building website without need to rebuild a complete website. With the use of ISR, static pages are generated dynamically at runtime rather than build time. While using ISR, Next.js determines the pages to be generated by static site generation using paths returned from getStaticPath function. Thus if you return paths to the 1000 most viewed articles, these pages are generated at build time.

Other pages in application can be generated on demand using fallback:blocking or fallback:true.

fallback:blocking is favored because when a request is made to a page that has not been generated, Next will server-render that page the first time and serve subsequent requests from the cache. However, while using fallback:true, Next.js will promptly serve a static page on the first request with loading state. And when the data finishes loading, Next will re-render the page and cache the data. But with the Bot-Aware ISR fallback feature, when using fallback: true for web crawlers like search bots, Next.js will automatically server-render ISR pages. However, Next will still serve a static page with loading state to noncrawler user agents. Hence it prevents crawlers from indexing loading states.

6. React 18 Support-

Even before the officially release of Next.12, it provides support for React 18. Now, you can use experimental features such as React.lazy, Suspense or APIs such as startTransition in Next.js apps. With the support for React concurrent mode, now we can use server-side Suspense and SSR streaming. 

Read more

What Is Remix? All You Need To Know About

There are lots of React frameworks available in the market. However, the React framework has something special to offer. Remix is a react framework used for server-side rendering(SSR). Means both backend and frontend can be made using a single Remix app. Data is rendered on the server and served to the client side with minimum Javascript. In contrast to vanilla React, where data is fetched on the frontend and then rendered on screen, Remix fetches data on backend and serves HTML directly to the user. Here we’ll discuss all the basics of React Remix.

What Is React Remix?

React Remix is a new react framework that  lets you focus on user interface and work back through web fundamentals to deliver a fast, slick and resilient user experience. Main goal of React Remix is to provide new development tool to boost build time, performance on runtime and development fluidity. Also it is focussed on SEO improvements and accessibility.

Benefits Of Using React Remix-

1. Transitions-

Remix handles all loading states for you, you just need to tell Remix what to show when the app is loading. IN frameworks such as Next.js, you want to set the loading state using some state management library like Redux or Recoil. Libraries can help you to do the exact same in other frameworks, Remix has this built-in. 

2. Nested Pages-

Any page in the route folder is nested in this route rather than being separate. Meaning that, one can embed these components into your parent page, that means less loading time. Benefit of doing this is that, we can enforce error boundaries to embedded pages, that will help with error handling.

3. Traditional Forms-

Previously, when developers used PHP, they used to specify a form method and action with a valid PHP URL; we’ll use a similar approach in Remix.It doesn’t sound fun as we are used to onClick, onSubmit, and HTTP calls. Remix manages this situation in a different way by providing functions such as action and loader for server side operations. In these functions, form data is easily available, means there’s no need to serve Javascript to the frontend to submit a form.

Consider that, you have a simple website and you don’t actually need to serve javascript to frontend. This traditional form method works best for this situation. In other frameworks, you might need to serve Javascript to make a fetch or an axios call, but you don’t need to do it in Remix. It keeps things simple.

4. Error Boundaries-

Consider a case that, you get an error in a Remix component or a nested route, errors are restricted to the component and the component will fail to render or simply it will show error. In other frameworks, it will break the entire page, and will see a huge error screen. 

While error boundaries can be implemented in Next.js also, Remix has this built-in and it’s a great feature for production builds and so user doesn’t get locked out of the entire page for simple error.

Features of React Remix-

1. React Remix Routing, Nesting Routes, Suspense Cache, Scroll Restoration-

NextJS builds the routes based on project structure. We declare inside the pages folder the files we want and the framework uses the names to build all application routing system.  React Remix does the same using a folder called routes. It builds the routes based on the File System too. And this is biggest innovation in React Router. Rather than only replicating GatsbyJS or NextJS, they added Nesting Routes. Meaning that, we can have nested routes where children inherit parent layout without replicating in the code the container component.

Project Structure

In react router is used to provide loader for component and then will cache the rendered component. In this way, it doesn’t take care of browser history. Means if you change the order to get to a particular page, the cache will pick the rendered component as usual. In React Remix, they need to change this way, enabling a Suspense Cache based on Location. Whenever we push a page to history state, it becomes unique and Suspense caches the component based on the Location and not on the properties. If we navigate back and forward, or if we push again same page again by visiting it from the navigation link, it will be another record.

Concluding with routing features, it included a great functionality called scroll restoration. Every page will cache the scroll position if we get back to it and can continue from where we stop. Here main role is played by the Suspense that can store same pages but with different scrolls, if they are part of different location in history state.

2. React Remix Error Handling-

One more great feature of Remix is about Error boundaries. In React we can catch app errors having a top level component with function like componentDidCatch. In Remix, you can use Nested Error Boundaries and once more it is an export function, as far as the others before. Remix is easing everything.

// Use for runtime errors
export function ErrorBoundary({ error }: { error: Error })
{
console.error(error);
return (
  <div>
   <h1>There was an error</h1>
   <p>{error.message}</p>
  </div>
   );
  }

//Used for loaders or actions
export function CatchBoundary() {
const caught = useCatch();

let message;
switch (caught.status) {
case 401:
message = (
 <p>Oops! The page does not exist.</p>
);
break;

default:
 throw new Error(caught.data || caught.statusText);
}

return (
<div>
<h1>
{caught.status}. {caught.statusText}
</h1>
{message}
</div>
);
}

You can export ErrorBoundary for general runtime errors. You can use CatchBoundary for loaders or actions errors.

3. Server Side Rendering-

Simple answer to “What is React Remix” is Server Side Rendering. It is performant at runtime so helps to build better website particularly for first time user visit. This can improve SEO as NextJS is doing. Also, SSR can run in development mode and there is a small difference more and it is related with data loading. 

4. SEO tags-

SEO improvement is another goal of React Remix and they perfectly achieved it. A React Router can be used to improve SEO without using other libraries to improve meta tags or page title and react router uses an export to set meta tags. It is possible to set the page title and description. 

Read more

Top 10 App Performance Monitoring Tools

Applications are an important part of our life as we use it for our day to day tasks like online shopping, ordering food, cab booking and lots of like this. So many businesses are creating apps to deliver the best service to their customers. Hence it is also important to develop the best performing app. Only developing the best performing app is not sufficient, it is also important to monitor the app performance and make changes accordingly. But how could you monitor the app performance? Here comes the need of App performance monitoring tool.

App performance monitoring tools can reduce management burden, provide single platform to manage the burden by managing all the apps instead of managing and troubleshooting every app individually. It also ensures the issues related to app performance are defined and identified. App performance can be monitored or tracked using various categories like load time, response time and apdex score. Here we’ll discuss the best app performance monitoring tools. But before diving into the app performance monitoring tools, let’s see what app performance monitoring is.

Also know- Best Tips to improve your mobile App performance

What Is App Performance Monitoring?

App performance monitoring encompasses controlling overall performance, including code, app dependencies, transaction timings and user experience. One can observe the instances where users encountered problems and why it happened by using the warning issued to monitoring tool. It gives you a complete insight into app performance, helping DevOps teams to identify problems and preparing to respond to similar issues in the future. Here are the components of the application performance management solution.

• Basic server metrics
• Custom application metrics
• Application server metrics
• Detailed transaction trace
• Individual performance web request
• Performance use and performance
• Code level performance profiling
• Application error
• Application log data

Tips To Select Best App Performance Monitoring Tool-

Traditionally, app performance management solutions were available only to large businesses and were used to track business transaction. But, in recent years, APM tools have grown more inexpensive and essential for all enterprises. APM technologies have become an important aspect of DevOps initiatives.

Important things to consider-

• SaaS vs On-premises
• Cloud support
• Pricing
• Programming language
• Ease of use

Let’s see App performance monitoring tool list.

Top 10 App Performance Monitoring Tools-

1. AppDynamic Application Performance Monitoring-

Started in 2008, it provides automated cross-stack intelligence for BI and app performance monitoring. According to Gartner’s study report, AppDynamics was rated APM leader for the 9th time. Product suits like End user monitoring, Infrastructure visibility, business performance, app performance make up the AppDynamic Platform. Here are spem of the features of AppDynamic-

• End to end transaction tracking
• Code level visibility
• Languages support: Java, .Net, Node.js, Python, C++
• Dynamic baseline and alerting

2. New Relic Application Performance Monitoring-

Since 2008, it has swiftly expanded and evolved into an essential tool for programmers, business executives and IT support teams. Now it supports customers and helping them in improving the performance of their applications. Also it offers APM for mobile apps, infrastructure monitoring, advanced browser performance monitoring etc. Here are some of the great features of Relic-

• App monitoring performance trends at a glance
• Performance tracking of individual SQL statements
• Code level diagnostics
• Cross app tracing
• Languages- Ruby, node.js, PHP, Go, .NET, Java
• Monitor critical business

3. Scout(SolarWinds)-

It delivers auto-discovered topological visualizations of programs and their components by using its agent. You might need more time to learn so you may have to wait until enough data points have been collected before you stop getting false positives. Here are some of the great features of Scout-

• Memory leak detection
• Automatic Dependencies Population
• Languages: Ruby on Rails
• Github integration
• Slow database query analysis

4. Stackify Retrace-

Read More

Internet Of Behaviors(IoB)- All You Need To Know About

Personalization has become a key in 2021 for service effectiveness of your business. The more effective your service will be, the more users will consider it, and eventually adapt their behaviors. Internet of behavior is transforming the service quality and changing the value chain of your product or service too. It also become important to gain insights into the emerging trend of Internet of Behavior. According to the Gartner, till 2023, 41% of people will have tracked their behavior through the Internet of Behavior. Hence you should know the details of Internet of Behaviors and how it can help you effectively.

What Is Internet Of Behaviors(IoB)?

Internet Of Behaviors(IoB)

IoB(Internet Of Behavior) is a term related to behavioral science. Simply, it uses the result of data analysis to create UX design, get a new approach to search experience optimization, or change the way of product marketing. Internet of Things(IoT) is a term related to IoB, as technically, all the data gathered from IoT and other sources are used to influence consumer behavior. As you already know, Internet Of Things is a network of physical devices that helps to collect and share different variety of data. For instance, your phone can track real-life geo position. With IoT technology, you connect your phone with a laptop, voice assistance, or smart house and get huge information about your interests and how you use products. 

Organizations can use this data to measure effectiveness of campaigns, personalize content, measure the patient’s activity and so on. 

Importance Of IoB-

Data is important for businesses and according to the Gartner IoB is one of the top technological trends in 2021. IoB provides more opportunities to collect data and analyze it. It can ensure that businesses continue their growth to the next level. But the main purpose of IoB is to collect, analyze, respond and understand all kinds of behaviors to improve user experience. Besides that, behavioral data is also assisting businesses to make more informed decisions and improve their service quality and value chain in best way. Businesses can get detailed understanding of their customers to keep them satisfied.  

Shortly, IoB is here to boost sales industry development.

How Does IoB Work?

The concept of IoB is to use data for change behavior. It’s implementation varies according to the industry type. For instance, A solution for logistic market known as telematic. Cprime Studios has expertise in building telematics solutions for commercial vehicle tracking. Telematics can analyze real-time data on vehicle’s speed, location, fuel consumption, driving behavior etc to improve the logistics.

It  is vital to mention that IoB has ethical implications depending on goals to use it. Hence, privacy laws have strong impact on adoption and scale of of IoB. 

Working-

Devices those are connected to the internet or synchronized provide huge data.But it is not new for us. When we open social media, it gets information on what we are doing on the site. IoB is focused on particular data. For instance, it analyzes the opened pages, how much time you are scrolling it, what pages you visit and what operations you are performing? 

Importance Of IoB For Innovation-

Read More

How To Effectively Monetize Your Mobile App?

We all are addicted to mobile and it has become a go-to resource for anything and everything. According to the report, an average user spends 3 hours and 40 minutes on their mobile per day, which means one fourth of walking time. Mobile app creators have several goals to attract customers, provide services, to yield entertainment- whatever it may be-with mobile application monetization, it is feasible to make an application something more than a tool. It will be an extra source of income. Let’s see what is mobile app monetization and how to effectively monetize your mobile app.

What Is Mobile App Monetization?

Mobile App Monetization

Mobile app monetization is a process of implementing strategies to generate revenue from app, in short, converting users into revenue. Here are some strategies to execute this. These strategies are very category-dependent. Let’s see the 3 important things that can help you choose the right model for your app-

Identify app category- Defile app purpose and the problem it is trying to solve. Once you get an idea about it, you will see that these monetization strategies are better for your needs. For instance, subscription models are better for the apps having heavy content, whereas in-app ads will be better for shopping applications.

Competitive research- Competitor research is an important key in mobile app development. You can know competitors in your niche and see what monetization strategies are implementing. Check if the audience is satisfied and know the better strategy that can work.

Know target users-  While building an app, you want to do in-depth user depth. Monetization strategy should be relevant to target audience. Select a model that will provide values to users and not hamper their user experience of interacting with mobile app.

7 Best Strategies For App Monetization-

1. Paid/Premium Downloads-

Premium apps are the apps that users need to pay a fee for downloading. It is a straightforward monetization strategy with everything explicitly visible to user before app download. Benefit of premium apps is that users will be more loyal and engage better with the app because they have paid for it. The UI will be ad-free and hence less cluttered.

But there are some drawbacks also. Most of it needs to be paid before used. As there are lots of free apps available in the market, your app must provide exceptional value to convince users to pay for it.

2. In App Purchase-

Most of the mobile apps don’t charge any fee but it doesn’t mean that users never have the opportunity to spend money within the app. App purchases are the solution. In-app purchases help you to make more money and allow users to interact directly with your product. It is called “freemium” apps where users pay no initial cost but pay for gated features, but businesses can make use of it. 

Businesses can choose to provide users with the opportunity to purchase your product directly from the app and have them shipped. If you are an entrepreneur and having a business that offers services, users can opt for in-app billing. 

Drawback of in-app purchases is that programmers walk a fine line between giving lots of options for free and offering too few features. Hence think twice when you choose this monetization method.

3. In App Advertising-

According to the reports, advertising is the commonly used monetization strategy of  mobile apps. Such mobile apps are free to download and use, but they come with the cost of intermittent advertisements. The advertisements might clutter up the application space or hamper user experience; but, it is a commonly accepted trade-off by people. Since they are getting to enjoy the free content, many people put up with ads.

Some apps provide free applications with ads and allow update to an ad-free version with extra payment. Keep in mind that, it is important to show relevant advertisements to app users otherwise they will get  frustrated with inappropriate ads. Developers can use data analytics to show relevant ads to users and analyse user behavior.

Here are the five types of native ads typically used in apps. 

Full screen ads- These ads are generally placed at natural pause points, such as when moving between menus. As these aren’t actually hampering the experience of app, they’re most likely to generate clicks without causing frustration. 

Banner ads- App banner ads are generally found on top or bottom of screen and can be somewhat ineffective as they are more distracting than other forms. It can irritate users, hence think twice before agreeing to add into your business’s app.

Capture form- Depending on the user opt-ins, it offers incentives to users who enter their email address. You’ll mostly find capture forms in mobile games.

Advanced overlay- These use transition points such as interstitial ads but are interactive rather than being simple clickable images. These are kind of mixture of capture form and full screen ads.

Notification ads- Notification ads pop up in the mobile device’s status bar and make users aware of the ad’s presence. 

4. Sponsorship-

Major drawback of advertisements is that it is difficult to ensure the relevancy of ads to your users. Sponsorship is one step ahead of regular advertisements. You can partner with some advertisers and show only particular ads. Hence, it will improve the user experience of the app and eliminate user frustration when it comes to advertisements.

Sponsorship can work like rewarding users when they complete actions in an app. It is advantageous for app programmers and sponsors as they both can increase their audience reach. 

5. SMS Marketing-

With the in-app prompts similar to the ones used for collecting email addresses, you can send notices for app updates, reminders, contests and promotions straight to users’ text message inboxes. 

This is one of the most effective ways to strengthen your brand as it drives users back to your app. These days lots of app entrepreneurs use the same strategy to drive users back to users. If you’re also looking to improve customer engagement, try SMS marketing. 

6. Multiple Payment Option For Subscription Services-

Read More

 

Software Outsourcing Trends To Follow In 2022

Outsourcing is a hot trend in software development, however its adoption needs organizations to rethink about their business processes and introduce technological innovations to remain agile. To keep you on track with the IT outsourcing market, we’ve collected some trends for 2022. Let’s see which are those.

Software Outsourcing Trends To Follow In 2022

1. Digital Enablers–

Since the pandemic, it has been noticed that we’re moving in the direction of digitization very rapidly. All this started as a forced work-from-home, new strategy of hiring, communicating and collaborating without borders. At the same time, remote work standards contribute to the development of new ways of solving business challenges. 

What are digital enablers and why do they matter for businesses in 2022?

In general, Digital enablers are tools and technologies that help to achieve process standardization and automation. Some of its examples are- Agile working processes, enterprise resource planning(ERP) system, Project management software, Team communication channels and platforms. 

These digital enablers contributes to enterprises hugely switching to cloud based solutions and robotic process automation (RPA). Gartner describes “distributed enterprise” as one of the strategic technology trends for 2022. 

As per Gartner, involving geographically dispersed employees will help organizations to achieve revenue growth 25% faster than competitors by 2023. Means so as to remain competitive and deliver seamless work experience, organizations in sectors from retail to education will require to reconfigure delivery models to embrace distributed services. 

Development team augmentation is a way to ramp up a software development with tech experts regardless of their location. Hiring an external team, you delegate the responsibility for hiring and HR matters to a third-party service provider who offers full-time staff. Simply, all necessary processes such as recruiting, onboarding, training and managing dedicated experts lie on outstaffing vendor’s shoulders, while as a product executive you can focus on business goals.

2. Rise Of Cloud Computing-

Cloud native platforms is another trend that will serve as a foundation for more than 95% of new digital initiatives by 2025. CNP has an architecture aimed at leveraging the automated cloud services by adding just some cloud attributes to your existing legacy system. When you use CPNs, it improves the delivery time and decreases costs. Being a part of global cloud adoption trends, CPNs serve as a way to optimize your infrastructure, improve operations and accelerate digital transformation. This trend reflected in numbers: According to the statista reports, the worldwide public cloud computing market keeps growing and is expected to reach $482 billion in 2022. In 2019, by comparison, the market size amounted to $243 billion. 

How to take advantage of cloud computing?

Some of the important benefits are- 

• Reduced costs for maintenance and support
• Advanced data recovery mechanisms in case of data loss or corruption
• Stable and continuous releases with minimal downtime and no production interruptions

List depends on the method you choose for adopting and computing services.

Cloud software re-architecting- It is popular among businesses that undergo expansions and transformations. Redesigning of existing architecture is important to improve a system’s performance, scalability and security. 

Cloud migration- It includes evaluating the software architecture and developing an action plan to implement cloud solution so as to achieve cost savings, reliability, security and other benefits that cloud computing can provide.

Cloud native development- It can minimize efforts for infrastructure management by automating networks, servers and operating systems. This way developed apps can be scaled from scratched and have the ability to be released fast.

3. Robotic Process Automation-

Robotic process automation refers to the use of software or web app to automate complex business operations and routine actions. RPA solutions are mostly used for customer support, inventory management, payroll processing and other use cases. RPA implementation is popular after 2015, and its increase is strongly connected with the machine learning development. The pandemic outbreak accelerated global RPA adoption and has contributed to its being mentioned among software development outsourcing trends.

Read more

What’s New In Flutter 2.8?

Flutter gained a huge popularity among the developer community as it supports web, mobile and desktop development in a single SDK. It offers a high-performance, high productivity framework. With a single codebase, programmers can target multiple platforms for app development. Google announced a new version of Flutter with improvements and new features. Flutter 2.8 is closer to stable desktop support with improvements and new features. Let’s see the new improvements and features of Flutter 2.8.

New Features And Improvements In Flutter 2.8?

1. Improvements And New Features-

Main focus of Flutter 2.8 is mobile performance. Latest updated eases the app connection to back-end services like Google cloud and Firebase. Latest release included major upgrades to the web plugins and camera. Also it includes the version Dart 2.15 that made some major improvements to concurrency. In this release, Google also focused on improving developer productivity. Lots of features like hot reload are useful for programmers. In this release, there is a sign-in widget that uses Firebase to handle authentication. With this widget, you don’t need to worry about two-factor authentication or reset password user flows. Because of such features, there is a possibility of changing how programmers build apps.

2. Firebase And FlutterFire-

There are some updates associated with this release for FlutterFire users. Let’s see what features it adds that intend to simplify application development with Flutter and Firebase. 

• New support in DartPad for several Firebase services
• Up-to-date libraries to easily  build for authentication and live Firestore queries.
• All FlutterFire plugins are graduating from beta to stable
• New Firestore Object/Document Mapping for Flutter, available in Alpha

One more significant update includes the ascension of all FlutterFire plugins from beta to stable. Major plugins that move to stable and ready for production use for iOS, Android, and web are Dynamic Links, Analytics, Performance Monitoring, Realtime database, In-App messaging, Remote Config etc.

On the cord of Firebase, you will see new support in DartPad for Firebase services, live Firestore query UI, new libraries for authentication and new alpha version of Firebase Object/Document Mapping for Flutter.

3. Game Development Using Flame-

Lots of programmers think that Flutter is only for app development. But many developers are working towards game development using Flutter. Programmers from different communities are taking advantage of the hardware-accelerated graphics support provided by Flutter. 

Flutter announced the release of Flame 1.0 – a 2D game engine. Flame provides everything you need to create your game quickly, and also it includes a component system, animated images, collision detection, world camera and  so on.

Programmers can extend Flame with other packages by integrating with other libraries. For instance, you can merge Flame with packages like Rive, Forge2D, Fire Atlas and so on. Combining Flame with other systems will provide a service for 2D game development. If you are going to build game, you should check Flame.

4. DevTools-

Flutter 2.8 release adds an “Enhance Tracing” feature to address debugging issues. This will help programmers to solve UI stemming. When enabled any tracing features, it will include new events for widgets built, render objects laid out and render objects painted as appropriate. The new release of DevTools includes support to profile your application’s performance. This profile includes CPU samples from DartVM initialization to render the first flutter frame. After pressing the “App Start Profile” button to load the app start profile, you can see that the “AppStartUp” user tag is selected for profile. One can select this user tag filter from the list of available user tags to upload app’s launch profile if available. If you select this, the profile data will be displayed at the time of launching app.

5. GA For Flutter Ads-

Next one is general availability of Google Mobile SDK for Flutter. This new release supports five ad formats and it will integrate support for both AdMob and Ad Manager. Also, it includes a beta version of new mediation feature that helps to optimize the ad performance. 

6. Improvements In Web Platform Views-

This latest release improved the performance of platform views for Flutter web. Platform views allows programmers to host UI components and Flutter web implements this with HtmlElementView widget. With this widget you can host HTML elements in your Flutter web app. Users are using platform views by default if they use web versions of google_maps_flutter plugin or video_player plugin. 

In the last version, a new canvas gets created when you add the platform view. Whenever you add the platform view, another canvas will be added each time. Those extra canvases are expensive to create because every canvas is the size of an entire window. This release reuses canvases created for previous platform views. Hence, rather than suffering the cost 60x per second, you suffer the cost only once in the entire lifetime of the app. Meaning that your web app can contain various HtmlElementView instances without impacting performance. 

7. Removing The DevChannel-

Flutter’s “channel’s decide how rapidly the Flutter framework and engine change on your development machine. Stable version represents the smallest churn and the master presents the largest churn. Because of resource constraints, programmers have recently stopped updating the development channel. Less than 3% of Flutter programmers use development channels. Hence programmers decided to start the process of officially discontinuing the development channel. This is because Flutter engineers spend a lot of time and effort to maintain it. 

Dropping the channel enables the Flutter team to spend time and energy on other things. Programmers can decide which channel they would like to use Flutter channel command:

• Beta channel os option to stable channels. This is for users who want rapid cadence. Now it is released monthly and is stable before the release. This is a “fast” channel”
• Stable channels represent the highest quality builds. Approximately, they are published quarterly and treated as fixes for critical issues in the meantime. 
• Master channel is an active development channel. It is for contributors or advanced users who are comfortable with unstable builds. 

Read more

How To Effectively Detect And Mitigate Trojan Source Attacks In Javascript?

Javascript allows website developers to run any code they want when a user visits their website. Naturally, website developers can be either good or bad. Also, cybercriminals continuously manipulate the code on a number of websites to perform malicious functions. But javascript is not an insecure programming language. Code issues or improper implementations can create backdoors that attackers can exploit. And here issues take birth. When you browse a website, a series of Javascript(.js) files are downloaded on your PC automatically. Attackers redirect users to compromised websites. These can be either created by them or they can be legitimate websites they’ve hacked into. It has been analysed that 82% of malicious sites are hacked legitimate sites.

Also, traditional code editors and code review practices miss detecting bidirectional characters present in the source code. This allows actors to inject malicious code that looks benign. And this issue was made public on 1st November, 2021. If you are also facing the same trojan attack issues, then this blog is for you. Here you’ll get the complete guide on how to detect and mitigate Trojan source attacks in javascript.

What Is A Trojan Source Attack?

Trojan source is a new type of source code and supply chain attack that causes the source code viewed by humans to be different from the actual software generated by the compiler- means the behaviour of software won’t match what the source code appears to say. 

Trojan source is a development style of attack that makes the source code read on the screen by human significantly different from the binary code generated by a compiler through use of Unicode control characters.

Let’s see the snippet from VS code of a Trojan Source attack as is employed in javascript source code:

// running internal logic for privileged users:
var accessLevel = "user";
if (accessLevel != "user‮ ⁦// Check if admin⁩ ⁦") {
    console.log("You are an admin.");
}

What about this-

2    var accessLevel = “user”;
3    if (accessLevel != "user‮ ⁦// Check if admin⁩ ⁦") {
4    console.log("You are an admin.");
5    }

Did you catch the issue with above source code? If not, try to examine the code snippet.

Here, this is a case of Stretched String type of attack. Code in line 3 makes it looks like the conditional expression checks whether the accessLevel variable is equal to the value of user.

Have you seen the comment at the end of line about logic checks, and it may look harmless but the truth is  quite different. The use of unicode bidirectional characters on line 3 hides actual string value of accessLevel variable check. Here the real line 3 as the compiler would run it:

If (accessLevel != "user // Check if admin") {

There are several types of abusing bidirectional control characters to inject malicious code into source: Stretched String, Commenting-Out, Invisible Functions and Homoglyph Function. Though the use of bidirectional control characters is a novel approach, this kind of attack is not actually new and has been cited in prior mailing lists and discussion boards. 

How To Detect Trojan Source Attacks In Source Code?

Code editing and code review processes may be on platforms or tools that don’t support highlighting of these dangerous bidirectional unicode characters. Means you may already have those bidirectional characters in your codebase. How do you find out if you have source code with bidirectional unicode characters?

To help with that, anti trojan source scans a directory, or reads input from standard input STDIN) and scants it for any such unicode characters that may be present in the text. 

You can use npx to scan files as-

npx anti-trojan-source --files='src/**/*.js'

Or if you’d like to use it as a library in Javascript project:

import { hasTrojanSource } from 'anti-trojan-source'
const isDangerous = hasTrojanSource({
  sourceText: 'if (accessLevel != "user‮ ⁦// Check if admin⁩ ⁦") {'
})

Preventing Trojan Source Attacks In JavaScript With ESLint-

Better than only finding existing issues is to proactively safeguard codebase to make sure that no Trojan Source attacks make their way to source code at all. Generally Javascript community rely on ESLint and its various plugins to enable control code quality and code style standards. 

Hence, with the use of eslint-plugin-anti-trojan-source, now you can include ESLint plugin to ensure that none of programmers or continuous integration and build systems are wrongly merging code that is potentially malicious because of bidirectional unicode characters.

Let’s see an example of ESLint configuration for Javascript project:

"eslintConfig": {
    "plugins": [
        "anti-trojan-source"
    ],
    "rules": {
        "anti-trojan-source/no-bidi": "error"
    }
}

Example output for a vulnerable code that slipped into codebase:

$ npm run lint
 
​​/Users/lirantal/projects/repos/@gigsboat/cli/index.js
  1:1  error  Detected potential trojan source attack with unicode bidi introduced in this comment: '‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only '  anti-trojan-source/no-bidi
  1:1  error  Detected potential trojan source attack with unicode bidi introduced in this comment: ' end admin only ‮ { ⁦'                    anti-trojan-source/no-bidi
 
/Users/lirantal/projects/repos/@gigsboat/cli/lib/helper.js
  2:1  error  Detected potential trojan source attack with unicode bidi introduced in this code: '"user‮ ⁦// Check if admin

How Is The Ecosystem Mitigating Trojan Source Attacks?

IDEs like VS Code have released versions to highlight these unicode characters so that developers would take note of them and act with proper context at the time of code reviewing and code editing. Similarly, GitHub published warnings so that code bases will highlight the use of these potentially dangerous trojan on Githubs if they use bidirectional characters:

But keep in mind that, not all types of trojan malware attacks are being highlighted by Github. For instance, consider the following case that dubs invisible functions-

1 #!/usr/bin/env node
2 
3 function isAdmin() {
4       return false;
5 }
6
7 function isAdmin() {
8      return true;
9 }
10
11 if (isAdmin()) {
12   console.log(“You are an admin\n”);
13 } else {
14  console.log(“You are NOT an admin.\n”);
15 }

As you see in the above javascript code, there’re not any warnings from GitHub when reviewing this code. What’s happening there?

The function declaration on line number 7 is written with the use of zero-width space unicode control character identified as U200B, that makes it look visually as if this is the case of legitimate function isAdmin function.

You can verify this if we print out the code using tool such as bat, that is a clone of UNIX cat tool, with better syntax highlighting and Git integration:

1 #!/usr/bin/env node
2
3 function isAdmin() {
4    return false;
5 }
6
7 function is<U+200B>Admin() {
8    return return;
9 }
10
11 if (is<U<U+200B>Admin() {
12    console.log(“You are an admin\n”);
13 } else {
14   console.log(“You are NOT an admin.\n”);
15 }

Should Compilers And Runtimes Mitigate Trojan Source Attacks?

Now what about language runtimes and compilers? Lots of languages, including Node.js, have decided against updating their compiler from denying unicode characters. Effectively transitioning the risk to code editors and humans, those need to be more careful when reading code and performing code review processes.

Some language runtimes such as Zig have considered to employ a compiler error when detecting the use of unicode bidirectional characters in source code, and allow to bypass the errors with comment.