Overview and Practicalities

Glossary

A

  • Access-Control Headers — HTTP headers (e.g., Access-Control-Allow-Origin) used to manage Cross-Origin Resource Sharing (CORS).
  • API (Application Programming Interface) — A defined interface that allows software components to communicate, typically using HTTP requests and responses.
  • API Endpoint — A specific URL through which an API resource can be accessed or manipulated.
  • Asynchronous / async / await — Programming techniques allowing operations (like network calls) to run without blocking execution.
  • Authentication — The process of verifying a user’s identity, usually through credentials such as passwords or tokens.
  • Authorization — Determining what actions or resources an authenticated user is allowed to access.

B

  • Backend — The server-side portion of a web application that handles data processing, logic, and database access.
  • Binding / Data Binding — The process of connecting UI components to data so updates automatically propagate.
  • Browser — The client software used to access and render web content (e.g., Chrome, Firefox, Safari).
  • Build / Build Process — The series of automated steps that transform source code into optimized assets ready for deployment.
  • Bundle / Bundling — Combining and optimizing source files into fewer, smaller files for efficient loading.

C

  • Cache / Caching — Temporarily storing data or responses to reduce load times and network requests.
  • CI/CD (Continuous Integration / Continuous Deployment) — Automated processes for building, testing, and releasing software.
  • Client — The software (often a web browser) that requests data or services from a server.
  • Client-Server Model — The foundational web architecture where clients send requests and servers respond with data or resources.
  • Client-Side Rendering (CSR) — Rendering pages in the user’s browser using JavaScript frameworks.
  • Component-Based Architecture — Building UIs using small, reusable, encapsulated pieces called components.
  • Container / Containerization — Packaging software and dependencies into isolated, portable environments (e.g., Docker).
  • Cookie — A small piece of data stored in the browser, sent with requests to maintain state or sessions.
  • CORS (Cross-Origin Resource Sharing) — A security feature that allows or restricts HTTP requests between different domains.
  • CRUD (Create, Read, Update, Delete) — The four fundamental operations for manipulating persistent data.
  • CSRF (Cross-Site Request Forgery) — A security vulnerability where an attacker tricks a user’s browser into making unintended requests on their behalf.
  • cURL — A command-line HTTP client used to send requests (GET, POST, PUT, etc.) to web servers and APIs for testing and automation.

D

  • Database — A structured system for storing and retrieving data, such as PostgreSQL.
  • Data Validation — Ensuring that input data meets required formats and constraints.
  • Deno — A modern, secure JavaScript and TypeScript runtime used for server-side applications.
  • Deployment — The process of publishing an application to a live environment.
  • Docker — A platform for building, packaging, and running applications in containers.
  • Docker Compose — A tool and file format (docker-compose.yml or compose.yaml) for defining and running multi-container applications.
  • DOM (Document Object Model) — The structured representation of HTML that can be dynamically modified with JavaScript.

E

  • End-to-End (E2E) Testing — Testing that simulates real user interactions across the full stack of the application.
  • Endpoint — A specific route in an API where a client can access resources or perform operations.
  • Environment Variables — Configuration values that differ across environments (development, staging, production).
  • Error Handling — Managing unexpected conditions or failures gracefully in applications.
  • Event Handling — Responding to user or system events such as clicks, inputs, or network responses.
  • Escaping / Sanitization — The process of removing or encoding potentially dangerous input to prevent security vulnerabilities like XSS or SQL injection.

F

  • Fetch API — A JavaScript interface for making HTTP requests.
  • Frontend — The client-side layer responsible for user interface and experience, running in the browser.
  • Full Stack — Refers to both frontend and backend parts of a web application.

G

  • Git — A distributed version control system for tracking code changes.
  • GitHub — A hosted Git platform for source code collaboration (issues, pull requests, discussions, actions).
  • GitHub Actions — GitHub’s CI/CD service for automating builds, tests, and deployments directly from repository workflows.
  • GraphQL — A query language and runtime for APIs that lets clients specify exactly what data they need.

H

  • Hono — A minimal web framework for Deno and other runtimes for building APIs and backend services.
  • HTML (HyperText Markup Language) — The standard language for structuring and presenting web content.
  • HTTP (HyperText Transfer Protocol) — The foundation of data communication on the web.
  • HTTP Headers — Metadata included in HTTP requests and responses that describe the content, authentication, caching, and more (e.g., Content-Type, Authorization, Cache-Control).
  • HTTP Status Codes — Standardized three-digit codes returned by a server to indicate the result of a request:
    • 1xx Informational: Request received, continuing process (100 Continue)
    • 2xx Success: Request successfully processed (200 OK, 201 Created)
    • 3xx Redirection: Further action required (301 Moved Permanently, 302 Found)
    • 4xx Client Error: Request contains an error (400 Bad Request, 401 Unauthorized, 404 Not Found)
    • 5xx Server Error: Server failed to fulfill a valid request (500 Internal Server Error, 503 Service Unavailable)
  • HTTPS (HTTP Secure) — HTTP combined with encryption via TLS/SSL for secure communication.

I

  • Injection Attack — A class of vulnerabilities where untrusted input is executed as part of a command or query, leading to unintended behavior.
  • Input Validation — The practice of verifying that user input meets expected patterns before processing, to prevent injection and other attacks.

J

  • JavaScript (JS) — The main programming language for client-side interactivity and dynamic content.
  • JSON (JavaScript Object Notation) — A lightweight text format used for exchanging structured data.
  • JWT (JSON Web Token) — A compact, URL-safe format for securely transmitting authentication data.

L

  • Lifecycle Methods — Framework-provided hooks that allow executing code at specific component stages (mount, update, destroy).
  • Local Storage — A browser-based key-value storage system for persisting data locally.

M

  • Middleware — Functions that process HTTP requests before they reach the final route handler.
  • Migration — A version-controlled change to a database schema.
  • Model-View-Controller (MVC) — A design pattern separating data (Model), presentation (View), and logic (Controller).
  • Module — A self-contained block of code that can be imported and reused across files.

N

  • Network Request — Communication from a client to a server, usually via HTTP.
  • NPM (Node Package Manager) — A tool for managing JavaScript packages and dependencies.

P

  • Package — A distributable collection of modules or libraries.
  • Playwright — A modern tool for automated browser testing.
  • PostgreSQL — An open-source relational database system.
  • Promise — A JavaScript object representing a future value, enabling asynchronous operations.

R

  • Reactive Programming — A paradigm in which the UI automatically updates in response to changes in data.
  • React — A popular component-based UI library. While the course uses Svelte, React is another popular library.
  • Rate Limiting — Controlling the number of requests a client can make in a time window to protect APIs and prevent abuse; typically enforced via middleware or gateways.
  • Request — An HTTP message sent from a client to a server, containing a method (e.g., GET, POST), headers, and optionally a body.
  • Request-Response Method — The back-and-forth communication pattern between client and server over HTTP.
  • Response — The server’s reply to a request, containing a status code, headers, and a body (often JSON or HTML).
  • REST (Representational State Transfer) — An architectural style for designing APIs using standard HTTP methods.
  • Routing — Defining and handling URL paths to connect requests with the correct logic or view.

S

  • Schema — The structure of a database, defining how data is organized.
  • Security — The practice of protecting web applications and data from unauthorized access, vulnerabilities, and attacks.
  • Server — A system that responds to client requests and provides data or services.
  • Server-Side Rendering (SSR) — Rendering web pages on the server before sending them to the client.
  • Session — Server-side data storage tracking user activity across multiple requests.
  • Skeleton (Skeleton UI) — A modern UI toolkit and design system for Svelte, built on Tailwind CSS, providing prebuilt components and responsive utilities.
  • Svelte — A modern frontend framework that compiles components into highly optimized JavaScript.
  • SvelteKit — The full-stack application framework for Svelte (routing, server endpoints, data loading, adapters for deployment).
  • SvelteKit Adapters — Plugins that package a SvelteKit app for a target runtime (e.g., adapter-auto, adapter-node, adapter-static).
  • Svelte Bindings — Two-way and one-way bindings (bind:value, element/property bindings) connecting component state to the DOM.
  • Svelte Transitions — Built-in animations (transition:fade, fly, slide, etc.) applied when elements enter/leave the DOM.
  • svelte:head — A Svelte/SvelteKit component tag for injecting elements into the document <head> (e.g., <title>, meta tags).
  • SPA (Single-Page Application) — A web app that dynamically updates content without full page reloads.
  • SQL (Structured Query Language) — The language for interacting with relational databases.
  • SQL Injection — A security vulnerability where unvalidated user input is embedded in SQL statements, allowing data theft or corruption.
  • State Management — Controlling and synchronizing data shared across components in a web app.
  • Style Sheet (CSS) — A file defining the presentation and layout of HTML content.

T

  • Tailwind CSS — A utility-first CSS framework that enables rapid and consistent design directly in markup.
  • Testing — The process of verifying that code behaves as expected.
  • Token — A small piece of data (often JWT) representing authentication or authorization credentials.
  • TLS (Transport Layer Security) — A cryptographic protocol providing privacy and data integrity for network communications.
  • TypeScript — A typed superset of JavaScript that adds static typing and tooling support.

U

  • UI (User Interface) — The visual layer of a web application.
  • Unit Test — Tests verifying the correctness of individual code units.
  • URL (Uniform Resource Locator) — The address identifying a web resource.
  • UX (User Experience) — The overall experience and satisfaction a user has when interacting with a web application.

V

  • Version Control — Managing and tracking changes to source code, typically using Git.
  • Virtual DOM — A lightweight in-memory representation of the DOM used by many frameworks to optimize updates.
  • Vite — A modern build tool for fast frontend development and hot reloading.

W

  • Walking Skeleton — A minimal end-to-end implementation of a system that exercises all major parts (frontend ↔ backend ↔ storage/deploy), used to validate architecture early.
  • Web Component — A reusable custom element built using standard browser APIs.
  • Web Platform APIs — Standard browser/runtime APIs (e.g., Fetch, Web Storage, Streams, Web Workers) available without third-party libraries.
  • WebSocket — A protocol enabling persistent, two-way communication between client and server.
  • Workflow — The sequence of automated or manual steps in a software development process.

X

  • XSS (Cross-Site Scripting) — A security vulnerability where attackers inject malicious scripts into web pages viewed by other users, enabling data theft or session hijacking.

Y

  • YAML — A human-readable configuration format used by tools like Docker Compose and CI workflows (indentation-sensitive, supports maps/lists/strings).

Z

  • Zod — A TypeScript-first schema declaration and validation library; defines runtime validators and infers static TS types from the same source.
Optional JavaScript Primer
Setting up a Walking Skeleton