sharp-edges

# Sharp Edges Detection Sharp edges are APIs, configurations, and patterns that are easy to use incorrectly. They work in the happy path but break in subtle, dangerous ways. ## Three Adversary Types When evaluating sharp edges, consider three types of users: ### 1. The Naive Developer - Uses the API without reading docs carefully - Copies examples from Stack Overflow - Assumes defaults are safe - **Question**: "Will this API hurt someone who doesn't know its quirks?" ### 2. The Malicious User - Intentionally sends unexpected input - Exploits race conditions and edge cases - Chains small issues into big exploits - **Question**: "Can someone deliberately trigger the bad behavior?" ### 3. The Future Maintainer - Modifies code without full context - Refactors without understanding invariants - Doesn't know why something was done a certain way - **Question**: "Will a reasonable change to this code introduce a bug?" ## Sharp Edge Categories ### 1. Surprising Default Behavior APIs whose defaults do something unexpected: ```typescript // SHARP: parseInt without radix parseInt("08") // 0 in old engines (octal), 8 in modern parseInt("08", 10) // Always 8 // SHARP: Array.sort() without comparator [10, 2, 1].sort() // [1, 10, 2] -- sorts as strings! [10, 2, 1].sort((a, b) => a - b) // [1, 2, 10] // SHARP: JSON.parse reviver runs bottom-up JSON.parse('{"a": {"b": 1}}', (key, val) => { // 'b' fires before 'a' -- counterintuitive }) // SHARP: fetch() doesn't reject on H...