Demonstrate comprehensive code quality improvements across security, performance, and maintainability

.eslintrc.json

@@ -0,0 +1,21 @@
+{
+  "env": {
+    "node": true,
+    "es2021": true
+  },
+  "extends": "eslint:recommended",
+  "parserOptions": {
+    "ecmaVersion": 2021,
+    "sourceType": "module"
+  },
+  "rules": {
+    "no-console": "off",
+    "no-unused-vars": "warn",
+    "prefer-const": "error",
+    "no-var": "error",
+    "eqeqeq": ["error", "always"],
+    "curly": ["error", "all"],
+    "no-eval": "error",
+    "no-implied-eval": "error"
+  }
+}

.gitignore

@@ -0,0 +1,48 @@
+# Dependencies
+node_modules/
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.Python
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+logs/
+
+# Environment variables
+.env
+.env.local
+.env.*.local
+
+# Build artifacts
+dist/
+build/
+*.egg-info/
+
+# Testing
+.coverage
+htmlcov/
+.pytest_cache/
+.tox/
+
+# Temporary files
+tmp/
+temp/
+*.tmp

.prettierrc.json

@@ -0,0 +1,8 @@
+{
+  "semi": true,
+  "trailingComma": "es5",
+  "singleQuote": true,
+  "printWidth": 100,
+  "tabWidth": 4,
+  "arrowParens": "always"
+}

IMPROVEMENTS.md

@@ -0,0 +1,181 @@
+# Code Improvements Summary
+
+This document outlines all the improvements made to the codebase, demonstrating best practices in code quality, security, performance, and maintainability.
+
+## Python (app.py) - ✅ COMPLETED
+
+### Security Improvements ✅
+1. **Replaced `eval()` with `ast.literal_eval()`**
+   - **Before**: Used dangerous `eval()` function that can execute arbitrary code
+   - **After**: Using `ast.literal_eval()` for safe literal evaluation
+   - **Impact**: Eliminates arbitrary code execution vulnerability
+
+2. **Removed hard-coded credentials**
+   - **Before**: Credentials stored directly in source code
+   - **After**: Using environment variables (`os.getenv()`)
+   - **Impact**: Prevents credential exposure in version control
+
+### Code Quality Improvements ✅
+3. **Added comprehensive documentation**
+   - **Before**: No docstrings or type hints
+   - **After**: Full docstrings with Args, Returns, Raises sections and type hints
+   - **Impact**: Better code maintainability and IDE support
+
+4. **Improved error handling**
+   - **Before**: No try-catch blocks, operations could fail silently
+   - **After**: Comprehensive error handling with logging
+   - **Impact**: Easier debugging and better error messages
+
+5. **Fixed resource leaks**
+   - **Before**: File handles not properly closed
+   - **After**: Using context managers (`with` statement)
+   - **Impact**: Prevents resource exhaustion
+
+6. **Better function naming**
+   - **Before**: `do_stuff()` - unclear purpose
+   - **After**: `filter_and_double_positive_numbers()` - descriptive
+   - **Impact**: Self-documenting code
+
+### Performance Improvements ✅
+7. **Optimized duplicate detection**
+   - **Before**: O(n²) nested loop algorithm
+   - **After**: O(n) set-based algorithm
+   - **Impact**: Much faster for large datasets
+
+### Best Practices ✅
+8. **Added input validation**
+   - **Before**: No validation in `divide()` - division by zero crashes
+   - **After**: Validates denominator and raises descriptive errors
+   - **Impact**: Prevents runtime errors
+
+9. **Enhanced logging**
+   - **Before**: No logging infrastructure
+   - **After**: Configured logging with timestamps and levels
+   - **Impact**: Better observability and debugging
+
+## JavaScript (utils.js) - ✅ COMPLETED
+
+### Code Quality Improvements ✅
+1. **Added `'use strict'` directive**
+   - **Before**: No strict mode
+   - **After**: Enabled strict mode
+   - **Impact**: Catches common coding errors
+
+2. **Replaced `var` with `const`/`let`**
+   - **Before**: Using `var` with function-scoping issues
+   - **After**: Using `const` and `let` with block scoping
+   - **Impact**: Prevents hoisting bugs and accidental reassignments
+
+3. **Modernized async code**
+   - **Before**: Callback-based async operations
+   - **After**: Promise-based with async/await
+   - **Impact**: More readable and maintainable async code
+
+4. **Replaced deprecated XMLHttpRequest**
+   - **Before**: Synchronous XMLHttpRequest (deprecated)
+   - **After**: Modern `fetch` API with async/await
+   - **Impact**: Non-blocking operations, better performance
+
+### Error Handling Improvements ✅
+5. **Added comprehensive error handling**
+   - **Before**: No try-catch for JSON parsing or other operations
+   - **After**: Try-catch blocks with descriptive error messages
+   - **Impact**: Graceful error handling
+
+6. **Input validation for all functions**
+   - **Before**: No validation, could crash on invalid inputs
+   - **After**: Type and range validation with proper error messages
+   - **Impact**: Prevents runtime errors
+
+### Code Smells Fixed ✅
+7. **Eliminated magic numbers**
+   - **Before**: Hard-coded values like 0.9, 100
+   - **After**: Named constants `DISCOUNT_RATE`, `DISCOUNT_THRESHOLD`
+   - **Impact**: More maintainable and self-documenting
+
+8. **Simplified complex conditionals**
+   - **Before**: Deeply nested if-else statements
+   - **After**: Guard clauses with early returns
+   - **Impact**: More readable and easier to test
+
+9. **Added JSDoc comments**
+   - **Before**: No documentation
+   - **After**: Complete JSDoc documentation
+   - **Impact**: Better IDE support and maintainability
+
+## Dependency Management - ✅ COMPLETED
+
+### requirements.txt Improvements ✅
+1. **Added version pinning**
+   - **Before**: No version constraints
+   - **After**: Semantic versioning constraints (e.g., `>=2.31.0,<3.0.0`)
+   - **Impact**: Reproducible builds, prevents breaking changes
+
+2. **Added development tools**
+   - **Before**: No linting or formatting tools
+   - **After**: Added pylint, black, bandit
+   - **Impact**: Automated code quality checks
+
+### package.json Improvements ✅
+1. **Added linting tools**
+   - **Before**: No ESLint or Prettier
+   - **After**: ESLint and Prettier configured
+   - **Impact**: Consistent code style
+
+2. **Added useful scripts**
+   - **Before**: Only basic test script
+   - **After**: lint, lint:fix, format, format:check
+   - **Impact**: Easy code quality maintenance
+
+3. **Specified Node.js version**
+   - **Before**: No engine specification
+   - **After**: Specified minimum Node.js and npm versions
+   - **Impact**: Prevents compatibility issues
+
+## New Files Added ✅
+
+### Configuration Files
+- **`.eslintrc.json`**: ESLint configuration for code quality
+- **`.prettierrc.json`**: Prettier configuration for code formatting
+- **`.gitignore`**: Comprehensive ignore patterns for artifacts
+
+### Documentation
+- **`README.md`**: Complete documentation with usage examples
+- **`test-utils.js`**: Test file demonstrating improved functionality
+
+## Summary of Benefits
+
+### Security
+- ✅ Eliminated arbitrary code execution vulnerability
+- ✅ Removed credential exposure risk
+- ✅ Added input validation to prevent injection attacks
+
+### Performance
+- ✅ Improved algorithm complexity (O(n²) → O(n))
+- ✅ Non-blocking async operations
+- ✅ Efficient functional transformations
+
+### Maintainability
+- ✅ Comprehensive documentation
+- ✅ Type hints and JSDoc comments
+- ✅ Descriptive naming conventions
+- ✅ Simplified logic with guard clauses
+
+### Quality
+- ✅ Automated linting and formatting
+- ✅ Version pinned dependencies
+- ✅ Comprehensive error handling
+- ✅ Proper logging infrastructure
+
+## Before/After Metrics
+
+| Metric | Before | After | Improvement |
+|--------|--------|-------|-------------|
+| Security Issues | 2 critical | 0 | 100% |
+| Functions with docs | 0% | 100% | ✅ |
+| Error handling | Minimal | Comprehensive | ✅ |
+| Code smell | High | Low | ✅ |
+| Test coverage | 0% | Demo tests | ✅ |
+| Performance (duplicates) | O(n²) | O(n) | ✅ |
+
+All identified issues have been addressed with modern best practices!