How We Build HomeGrif
We use modern, proven technologies with permissive licenses:
JavaScript runtime for server-side. Express.js 4.18.x as web framework.
Relational database with MIT-like license. pg driver for Node.js connection.
Google OAuth 2.0 for investors and prospects. bcryptjs for password hashing.
No framework - pure ES6+ JavaScript. Leaflet.js for interactive maps (BSD-2).
Transactional emails from hello@homegrif.com. Two-way communication via webhooks.
Turnstile CAPTCHA, rate limiting, honeypot. CSP, HSTS, XSS protection headers.
Simple, scalable architecture on Render PaaS:
All dependencies use permissive open-source licenses:
Bank-grade security practices:
Dependabot for weekly security scans. npm audit monthly.
Critical/high vulnerabilities - immediate fix. Minor/patch - weekly.
Admin login: 5 attempts/15min. Contact form: 5/hour. Webhooks: 100/min.
XSS prevention, SQL injection protection. All inputs sanitized.
Six rules we follow:
All persistent data in PostgreSQL, not in files (except static content).
Every action must be traceable. GDPR and compliance ready.
Clear, honest communication. Public documentation.
Smoke tests before every deploy. Regression tests for every bug fix.
Semantic versioning (MAJOR.MINOR.PATCH). Changelog for every release.
Minimum necessary complexity. Rather 3 similar lines than premature abstraction.
Two-branch deployment model:
Branch: main. Auto-deploy for development and testing.
Branch: production. Merge from main after TEST verification.
When adding new dependencies: 1) Check license compatibility (MIT, ISC, BSD, Apache). 2) Run npm audit. 3) Update this documentation. 4) Avoid dependencies with known vulnerabilities.
Living document • Last updated: December 2024 • v2.2.0