Glossary — J
Back to glossary index · Master INDEX
JavaScript
The programming language of the web. Originally created in 1995 in just 10 days to add interactivity to web pages, it now runs in every browser, on servers (via Node.js), and basically everywhere else too. JavaScript is dynamically typed, runs single-threaded with an event loop, and is the foundation of nearly every modern web framework. Despite the name, JavaScript has nothing to do with Java — the name was a marketing decision.
See also: JavaScript (textbook) 🟩, TypeScript 🟩, Node.js 🟥
JSON (JavaScript Object Notation)
A lightweight text format for representing structured data. Despite the name, it’s not tied to JavaScript — every programming language can read and write JSON. It looks like this:
{
"name": "George",
"age": 99,
"active": true,
"hobbies": ["coding", "learning"]
}JSON is the lingua franca of web APIs. When a frontend asks a backend for data, the backend almost always responds in JSON. JSON supports five primitive types (string, number, boolean, null, array, object) and nothing else — no dates, no functions, no comments.
JSX (JavaScript XML)
The syntax extension that lets you write HTML-like markup directly inside JavaScript code, used by React and Next.js. It’s compiled at build time into regular JavaScript function calls. Example:
const greeting = <h1 className="text-blue-500">Hello, {name}</h1>;Looks like HTML, but with three key differences: class becomes className (because class is a reserved word in JavaScript), all tags must be properly closed (<br /> not <br>), and you can embed JavaScript expressions inside { curly braces }.
JWT (JSON Web Token)
Status: 🟩 COMPLETE Tagline: A signed, encoded chunk of JSON used to prove who someone is — without the server having to remember anything.
A JWT (pronounced “jot”) is a self-contained piece of identity information that a client can carry around and present whenever it needs to prove who it is. Picture a concert wristband: once you’ve shown your ID at the gate and they snap the wristband on, you don’t need to show ID again — the wristband itself is proof, and a security guard can verify it without phoning the box office.
A JWT consists of three parts separated by dots: xxxxx.yyyyy.zzzzz
- Header — what algorithm was used to sign this thing (typically
HS256orRS256). - Payload — the actual claims (e.g.
{ "sub": "user_123", "email": "...", "exp": 1717200000 }). This is Base64-encoded, not encrypted — anyone can read it. Don’t put secrets in here. - Signature — a cryptographic signature of the first two parts, made with a secret key only the server knows. This is what proves the token is genuine.
When a user logs in, the server creates a JWT and sends it to the client. The client stores it (in localStorage, an HTTP-only cookie, or memory) and sends it back on every subsequent request — usually in an Authorization: Bearer <token> header. The server verifies the signature on each request without needing to look anything up in a database. That stateless property is what makes JWTs so popular.
Why they matter: JWTs scale beautifully. Traditional sessions require the server to remember every logged-in user (in a database or memory). JWTs flip that — the client carries the proof, and any server with the secret key can verify it independently. That makes them the default for APIs, microservices, and serverless functions.
Common gotchas:
- Payload is not encrypted, only encoded. Don’t put passwords or secrets in there.
- You can’t invalidate a JWT before it expires. That’s the trade-off for being stateless. Either keep expiry short (15 minutes is common) and use refresh tokens, or maintain a server-side blocklist (which gives back some of the statefulness you saved).
alg: noneattack. Some old JWT libraries accepted a header that said “this token is unsigned, trust me.” Always use a library that rejects this.- Storing JWTs in
localStorageexposes them to XSS. HTTP-only cookies are usually safer.
See also: JWT (textbook) 🟩, Sessions & cookies 🟩, Authentication vs authorization 🟩, OAuth 🟩, XSS 🟩
Sources:
- RFC 7519 — JSON Web Token — the official spec
- jwt.io — paste a JWT to decode and inspect it
- Auth0 — JWT introduction
Jest
A popular JavaScript testing framework, originally built by Facebook for testing React. It bundles a test runner, an assertion library, and mocking tools in one package, with sensible defaults so you can write tests without configuration. Increasingly being replaced in the React/Next.js ecosystem by Vitest, which has a similar API but is faster and integrates more naturally with modern tooling (Vite, ES modules).
See also: Unit tests 🟥, Testing & quality 🟥
Joins (SQL)
A SQL operation that combines rows from two or more tables based on a related column. The four main flavours:
- INNER JOIN — only rows that have matches in both tables.
- LEFT JOIN — all rows from the left table, plus matches from the right (with
NULLwhere there’s no match). - RIGHT JOIN — mirror image of LEFT JOIN.
- FULL OUTER JOIN — all rows from both tables, with
NULLwhere there’s no match on either side.
SELECT users.name, orders.total
FROM users
INNER JOIN orders ON orders.user_id = users.id;See also: Joins & relationships 🟩, SQL — the language 🟩
← I · K → · Glossary index