Managing Non-IT Risks

License Compliance


As a business that builds proprietary applications, no doubt you’ll already be using open source components. Or maybe you are using an application that 9 times out of 10 will contain open source components.

How do we know?

GitHub security researcher Maya Kaczorowski cites data that suggests between 85–97% of enterprise software codebases come from open source components. And the average project now has 203 dependences, according to GitHub’s 2020 State of the Octoverse survey.

The growth in the number of people using open source and the ways in which they can participate, means more and more ways for companies and people to get…


How to increase your Javascript security

Photo by Ibrahim Boran on Unsplash

Goodbye and Good Riddance

Last year was a wild ride, no question about that. Although most people who look back will probably think about pandemics and leadership crisis. However, a lot happened on the IT stage as well.

Within the JavaScript ecosphere a lot happened last year and the sheer speed of development is staggering. We’ve seen news regarding a couple of areas that I believe we all need to become a bit better at understanding. Better at understanding how it affects us from the perspective of the developer as well as from the perspective of the enterprise. …

Javascript security

Javascript pitfalls and how to avoid them

Build it better and safer, using these 10 best practices

In this post we’ll look at some best practises that my team and I believe in when building for the JavaScript ecosphere, whether you’re in a fast growing start-up or a larger organisation. We will look at how to best avoid our top-10 potential pitfalls so that you can build with confidence on the success of others!

Photo by Johannes Plenio on Unsplash

Vulnerabilities, Licenses, Dependencies…

Nowadays dependency management, as well as security and license compliance, are all issues that need to be a priority for any team or organization.

Practical DevOps

Should be easy, right? Well, it’s not. Here’s how I did it.

Where is my ECS Container? — Photo by Jens Johnsson on Unsplash

So we had an EC2 instance that outlived itself, keys were lost (read about how we recovered the contents here) and needed to replace it.

Instead of reinstalling a whole new EC2 server for it, I thought, hey, why not just make a small docker container and deploy it on Fargate, it should be simple enough, right?

Well, it turns out that there were actual two complications, one of which I will talk about here and the other is a topic for another post: Hint, it will involve Bytesafe using a locked down/ freezed registry.

The other challenge, at first…

Practical DevOps

Have you ever misplaced your private keys?

Photo by Samantha Lam on Unsplash


A quick and easy way to recover your data even though you have lost your private keys.

How did we get here?

Practical Photography

Add a punch to your photo with that lens flare effect


Three practical tips for getting that sunburst effect in to you landscape photography

1. Timing

When shooting landscapes, especially when shooting the “last/first rays
of the day” timing and equipment selection is critical. Below are 3 photos I shot above the clouds on the picturesque island of La Palma, for my coffee table book, each only 2 minutes apart:

Source: My own photos © Niclas Gustafsson

The sequence was, at the time, unintended, but now it makes a good illustration of one of the challenges when shooting these kind of photos. Finding the spot, waiting for the right moment.

💡 Thinking that…

Practical DevOps

Using AWS Cloudfront to reduce the cost of your other expensive SaaS services

Are you managing your traffic flows efficiently? (Photo by Talen de St. Croix on Unsplash)

It can be expensive to scale out, here’s how you can save a bit of money reducing your 3rd party transfer costs


Reducing SaaS transfer costs using AWS Cloudfront with a Origin Request Lambda function. With just a little code you can create a proxy that takes load of your 3rd party services. If there’s a large enough gap between the transfer pricing of the two services, this might save you some money.

Some background…

Ok, well you might not be saving thousands of dollars unless you are running a lot of traffic. We did however manage to save a couple of hundred dollars per month and we have a modest amount of traffic. We’re using a service that we really enjoy for image…

Practical Machine Learning

How to use your SQL Database with XGBoost to solve Multiclass classification problems with AWS Sagemaker

Source: Illustration 117031967 © Ylivdesign —


In this article I share some learnings from a recent ML multiclass classification setup I recently deployed for a client. I hope that this real-life example born from cross-breeding the two schools of: good enough™ and time-to-market™️ will bring an extra dimension compared to all theoretical posts out there analysing data sets of irises and digits with no time or budget contraints😁.

What does Factorio and CI/CD pipelines have in common?

Using Github actions to build and publish npm packages

Manual and, let’s face it, often quite tedious tasks can easily be automated with modern tools such as Github Actions. When combined with a private registry we can facilitate collaboration and increase quality by keeping better track of our code supply pipeline.

Full disclosure: I’m one of the founders behind the product Bytesafe ( that offers free, secure and highly available private NPM registries.

Below I’ll describe, step by step, an easy workflow to setup, used for building and publishing Javascript npm packages. We will use a private registry which can be used as sandbox before releasing code into the…

Long gone are the times when web sites were built from the ground up (anyone remember CGI-BIN?) It’s no secret that the fast-paced, interactive web of today is built on modular technology, websites often use hundreds if not thousands of Javascript packages. What happens when someone or something breaks?

Full disclosure: I’m one of the founders behind the product Bytesafe ( that offers free, secure and highly available private npm registries.

Photo by Shaojie on Unsplash

Today, most developers out there only touch a fraction of the code required to run the web sites they build. This is of course a wonderful thing: to be…

Niclas Gustafsson

Entrepreneur by heart. IT by profession. Photography by passion. Founder of

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store