Glossary — O
Back to glossary index · Master INDEX
OAuth
A protocol for letting users grant a third-party app limited access to their account on another service, without sharing their password. “Sign in with Google” works via OAuth. The current standard is OAuth 2.0. Complicated enough that most apps use a managed auth provider (Supabase Auth, Auth0, Clerk) rather than implementing it directly.
See also: OAuth & social login
Object (JavaScript)
A collection of key-value pairs. The most fundamental data structure in JavaScript.
const user = {
name: "George",
age: 99,
greet() {
return `Hi, I'm ${this.name}`;
}
};Different from objects in classical OOP languages (Java, C++) — JavaScript objects are more like dictionaries that can have functions as values.
See also: JavaScript, JSON
Open source
Software whose source code is freely available, often with a license letting anyone use, modify, and redistribute it. React, Next.js, Node.js, Linux, Postgres, Tailwind — all open source. The opposite is proprietary or “closed source.” Most modern web development stands on a tall stack of open source.
See also: GitHub
ORM (Object-Relational Mapper)
A library that lets you read and write database rows as if they were JavaScript objects, instead of writing raw SQL. Examples: Prisma, Drizzle, TypeORM. Pros: type safety, easier refactoring. Cons: another layer to learn, performance footguns, lock-in.
OWASP (Open Worldwide Application Security Project)
A nonprofit that publishes the OWASP Top 10 — a regularly-updated list of the most common web application vulnerabilities (injection, broken auth, XSS, etc.). The closest thing the industry has to a “things every developer must protect against” baseline.
See also: OWASP top 10
← N · Glossary index · P →