DEV Community

Cover image for Awesome List of the Best Developer Tools

Awesome List of the Best Developer Tools

Suraj Vishwakarma on June 12, 2023

Introduction In this rapidly evolving tech world, we see lots of dev tools getting launched every day. Most of them aren’t great that ca...
Read full post
Collapse
 
manchicken profile image
Mike Stemle

It should be noted that some of these tools have known privacy problems, and Postman—for example—is able to access any secrets or credentials stored on their servers by your use of their cloud services. They're pretty transparent about this fact in their privacy policy.

It is generally a good idea to never put sensitive information into a third party system or service unless you have an NDA and contract in place with that third party.

In order to keep yourself and your organization safe:

  • Always read the TOS, EULA, and Privacy Policy
  • If you have a legal team, it is probably a good idea to have them review the terms, too
  • Do not share information with third parties who you don't have an agreement with, unless you're comfortable with that information being published everywhere on the internet (including with competitors or adversarial entities)
  • Make sure you know for sure whether the tools you're using phone home or send your information out.

No amount of convenience is worth a data breach.

Collapse
 
camilosantana profile image
Camilo Santana • Edited

Postman is able to access any secrets or credentials stored on their servers by your use of their cloud services

You mean this policy?

Postman personnel do not access private workspace
content except for:

security purposes
to assist the workspace owner with a support matter
to maintain the integrity of the Service
to comply with our legal obligations
if we have reason to believe the contents are in violation of the law, or
with your consent.
Enter fullscreen mode Exit fullscreen mode

Note the "with your consent" and the legal obligation.

You enter into a business agreement with these kinds of services. You're partners. It may be best to avoid assuming an antagonistic relationship by default.

Collapse
 
manchicken profile image
Mike Stemle • Edited

I do object to your assumption that I’m suggesting antagonism, my concern here is only for privacy and security.

I’m referring to this section under “Workspace contents”:

If your workspace is private, you control the access to your Content. If you include personal information or Sensitive Personal Information, that information may only be accessible to Postman in accordance with this Privacy Policy. Postman personnel do not access private workspace content except for:

  • security purposes to assist the workspace owner with a support matter
  • to maintain the integrity of the Service to comply with our legal obligations
  • if we have reason to believe the contents are in violation of the law, or
  • with your consent.

However, while we do not generally search for content in your workspaces, we may scan our servers and content to detect certain tokens or security signatures, known active malware, known vulnerabilities in dependencies, or other content known to violate the Postman EULA.

This means that Postman personnel have the ability to see inside everything you do, so if they have an internal bad actor, or they are breached, everything in your account may be compromised.

Collapse
 
beeburrt profile image
B. Burt

Thank you for the info. I use Insomnia over Postman but now I wonder...

Does Insomnia have same/similar privacy issue as Postman?

Collapse
 
surajondev profile image
Suraj Vishwakarma

Which developer tools do you use most?

Collapse
 
maurerkrisztian profile image
Krisztián Maurer

I'm currently doing a lot of migration work in TypeScript, and I find this tool app.quicktype.io/?l=ts very helpful. It helps me create the old interface from a JSON object easily.

Collapse
 
surajondev profile image
Suraj Vishwakarma

Looks good. Thanks for mentioning it.

Collapse
 
baldrick44 profile image
Christophe

An online formatter which supports many formats : format-express.dev

Collapse
 
hnazmul profile image
H.Nazmul Hassan

I do only use postmane here.
But now I have known few tools. thank you.

Collapse
 
getblockapi profile image
GetBlockio • Edited

I think we should also add a tool that provides access to blockchain data and infrastructure. It often allows developers, enterprises, and users to retrieve blocks, transactions, and other data from various blockchain networks through APIs.
GetBlock.io -just saying

Collapse
 
sdotson profile image
Stuart Dotson

I have one additional tool, relevant for software engineers working in a team in an agile environment: beyonddone.com.

BeyondDone aggregates todos and accomplishments across Github, Jira, and Confluence.

Collapse
 
Sloan, the sloth mascot
Comment deleted
Collapse
 
documatic_ai profile image
Documatic

Hey there @rujorgensen! drop us an email at info@documatic.com. We'll be happy to give you access without a company email :)

Collapse
 
nickbarrow profile image
nickbarrow

right? how can I possibly test before bringing this to the team if I can't use my personal repos?

Collapse
 
documatic_ai profile image
Documatic

Hey there @nickbarrow! drop us an email at info@documatic.com. We'll be happy to give you access without a company email :)

Collapse
 
itsfarhankhan28 profile image
FARHAN KHAN

Thanks a lot for sharing

Collapse
 
raxraj profile image
Ashutosh Kumar

I'm in for Documatic, cause in my team we keep writing codes and logic that are at some other part of our codebase, written months ago.

Collapse
 
debojyotichatterjee9 profile image
Debojyoti Chatterjee

Documatic does not allow email domains like gmail.com, either you use some random disposable mail or company email

Collapse
 
surajondev profile image
Suraj Vishwakarma

dev.to/documatic_ai/comment/27b82