← Back to Week 10
Conclusions
March 11, 2026 • Week 10
Topics Covered
Quiz Retake
- Closed book, closed note — 20 minutes, 1 point per question
- Covered the most frequently missed questions from Quizzes 1–4
Final Project Requirements
- Well-structured HTML in React (semantic elements, accessibility)
- React Components with appropriate props and state
- Two and a half interactive features — significant functionality
- Routing and navigation — multiple pages with URL parameters
- External React Library — renders a component (e.g., react-bootstrap used meaningfully)
- Firebase data persistence — async work, effect hooks, real-time updates
- Visual style, accessibility, responsiveness
- Correct code style — follow the course textbook conventions
Tool Dependency
- Much of the web is built on shared, reusable libraries — each dependency is a potential point of failure
- XKCD #2347 ("Nebraska"): a single unmaintained project hidden in a dependency chain can underpin critical infrastructure
- Protestware: malicious code added to an npm package (node-ipc) wiped files in Russia and Belarus — illustrates how supply-chain attacks work
- A critical server vulnerability (Dec 2025) spread through a transitive dependency — admins had little warning
Are They the Right Tools?
- The State of JS survey reflects the views of a vocal subset of developers — not necessarily the majority of web users
- Heavy client-side frameworks like React can harm performance for users in low-bandwidth or low-power environments
- A criticism: developer experience tooling is often optimized for the people building it, not the people using it
- The web platform (HTML, CSS, browser APIs) keeps improving — frameworks solve problems that the platform may eventually absorb
Future of Frameworks?
- LLM-assisted development shifts how code is written — agents can generate large amounts of working code without following framework conventions
- AI-generated code tends to be "vanilla" — flat, repetitive, without abstraction — because agents optimize for correctness over maintainability
- Open question: do architectural patterns (components, shared state, routing) remain important when an agent re-implements everything from scratch each time?
- Amazon now requires senior engineers to sign off on AI-assisted infrastructure changes after outages — human oversight remains critical
Key Concepts
- Dependency Risk: Every npm package you install has its own dependencies — the total attack surface is larger than what you write yourself
- Supply Chain Attack: Malicious code injected into a widely-used package to affect downstream consumers
- Protestware: Software intentionally sabotaged by its author as a form of protest
- Framework Trade-offs: Frameworks add capability and structure but also weight, complexity, and risk — the right tool depends on the use case
- State of JS Survey: Annual survey of JavaScript developer preferences — 2025 results