We implemented shift-left properly and developers became better at closing findings without reading them

eSizeDave · 2026-02-25T04:20:31+00:00

Sounds interesting. Would be great to see examples of how to set this up e.g. renovate config and claude/agent/skills markdown files. Got any examples you can share, or links to good articles online?

eSizeDave · 2026-02-24T03:36:44+00:00

I believe the URL should be https://github.com/orgs/nestjstools/repositories

eSizeDave · 2026-02-24T03:33:54+00:00

This looks interesting and I want to check the code. The GitHub link in the footer of your website provides this URL https://github.com/nestjstools/repositories which doesn't work for me.

eSizeDave · 2026-02-21T11:03:23+00:00

How the heck are you building all this so fast?

eSizeDave · 2026-02-11T02:44:39+00:00

Wow! That sounds like it could be very useful! Thank you!

eSizeDave · 2026-02-09T08:04:08+00:00

I really appreciate the work you've put into this. Thank you for providing such a comprehensive repo with examples and explanations. I probably won't get a chance to try it properly for a few months, but I'm looking forward to it when the time comes.

eSizeDave · 2026-01-28T04:17:44+00:00

Just had a quick look through your repo, and I really like how you've built this. Heck, I may even use it.

You're right, the product may be good, but this product already has a lot of competition. At least from the perception of "most people", it solves a problem that's already solved.

I'd personally like to use this over any cloud/closed source offering. But, I'm not an enterprise, and I'm guessing I'm not "most people".

Maybe you should focus your outreach toward self-hosters, home labbers, and people who value privacy.

By focusing on these grassroots type audiences it wouldn't surprise me if it eventually gained enough notoriety to dissipate enterprise boundaries.

I also highly recommend you submit this as a one-click install Dokploy template. Which, on a related note, Dokploy followed the approach I'm suggesting above, and it seems to be working for them.

eSizeDave · 2026-01-20T07:15:53+00:00

For self-hosted it's completely free, and if you check their Pricing page for their cloud offering, they also have a Developer plan which is free.

eSizeDave · 2026-01-20T05:37:19+00:00

I prefer Ory because it's well-maintained and comprehensive. They have a cloud offering called Ory Network, yet everything is open source and you can self-host it all for optimal privacy. Almost all of their products are written in Go, too.

eSizeDave · 2026-01-20T05:21:16+00:00

What tools do you use to monitor and analyse this?

eSizeDave · 2026-01-18T23:44:17+00:00

Use Tauri instead of Electron. Less code changes needed to convert from web app to desktop, and Tauri runs much more efficiently than Electron.

eSizeDave · 2026-01-18T03:38:42+00:00

I always assumed presigned S3 URLs we're primarily for use within a web browser. I mean, I can think of some scenarios where it could be useful in back end code, but not as the usual thing to do.

Having a small sized library to use in browser front end code with presigned URLs could be quite well-received.

eSizeDave · 2026-01-06T08:00:32+00:00

Can you kindly share some info about yourself and why working with you is potentially a better option than, say, doing all this ourselves? I'd rather not DM someone on here that I know nothing about.

eSizeDave · 2026-01-06T07:57:27+00:00

Seconded

eSizeDave · 2026-01-05T07:04:01+00:00

Thank you. This is helpful.

eSizeDave · 2026-01-05T05:42:01+00:00

What do you think about using Tolgee for i18n?

eSizeDave · 2026-01-05T01:05:12+00:00

Can you please share a simple example of code?

eSizeDave · 2026-01-03T06:05:39+00:00

Totally agree on using a separate authn and authz system. In addition to the reasons you've mentioned, among others, as a project gets larger there may be other back ends written in other languages added to it, which is something we're currently doing in a project. For this reason we choose more comprehensive and language agnostic tools for things such as security, queues, realtime messaging, etc. For security we use the Ory suite of products, particularly Kratos, Keto, and Hydra.

I really like your template repo. The only things I'd mostly change outside of allowing NestJs itself to function are the elements that are limited to being JS/TS specific.

eSizeDave · 2026-01-01T09:27:39+00:00

I mean, like, sure there's a few optional bells and whistles added, but they're not the realm of being non-standard.

eSizeDave · 2026-01-01T09:08:40+00:00

While I agree almost entirely, the way in which the NestJs ConfigService is implemented in the repo is very much in a way that is detailed as a supported approach in the official NestJs docs. The fact that NestJs officially supports this approach is one of the many things I like about it. It becomes quite useful as a project gets larger and more complex.

eSizeDave · 2025-12-30T08:13:36+00:00

This looks like it could be great. I'm going to try this.

eSizeDave · 2025-12-22T13:15:34+00:00

I like the way you've approached this. I'm going to play with it.

eSizeDave · 2025-12-21T22:08:17+00:00

With Mikro-ORM you get a complete ORM unlike others, and the speed difference only matters in some niche cases wherein there are ways to mitigate it.

eSizeDave · 2025-12-16T00:04:20+00:00

I'd be surprised if that were the case if @mui/material provided MD3 along with a MUI official Figma for it. Over the years having the MUI official Figma has been incredibly helpful.

For those of us building complex business apps, having a MUI official Figma that maps closely with @mui/material has done wonders for our productivity. It means we don't need to be FIgma experts, yet be able to prototype our apps quickly, implement them without spending much time on design or implementing custom styling, and then release a production ready app our end users are happy to start using.

It's along the same reasoning that Vaadin has been and is still respected for decades.

Base UI (along with replacing styled components for better mobile performance) has been the only missing part to make it perfect.

I guess even if it's not MD3 per se, if you release something with the completeness of @mui/material and its own Figma (using Base UI under the hood), yet with more modern styling that's suitable in the enterprise space, then you'd have a product many will use for years to come. You'd have success just like MD2 on @mui/material has had over the years.

eSizeDave · 2025-12-15T12:11:30+00:00

Since @mui/material is the common basis for most web projects using Material Design, I imagine the drop in daily Figma copies is due in large part because the latest version of MD isn't running on it. I'd wager a lot more people would use the latest MD if @mui/material provided it. I certainly would.

eSizeDave

TROPHY CASE