Development300+ TermsReference GuideUpdated April 2026

Web Development Glossary 2026: 300+ Terms Explained

300+ web development terms for 2026 covering React, Next.js, cache components, edge runtime, server actions, accessibility, and performance.

Digital Applied Team

April 9, 2026

25 min read

300+

Terms defined

Key Takeaways

300+ web development terms defined across 10 domains: covering HTML/CSS/JavaScript fundamentals, React and Next.js, TypeScript, APIs, runtimes, performance, styling, accessibility, build tooling, and security.

Framework terminology has shifted toward server-first models: React Server Components, Server Actions, Partial Prerendering, and Cache Components reframe how engineers talk about rendering, data, and interactivity in 2026.

Edge and serverless primitives are now first-class vocabulary: Fluid Compute, edge runtime, regional functions, streaming responses, and route segment config are table-stakes concepts rather than advanced deployment trivia.

Performance language has been rewritten around INP and Core Web Vitals: INP has replaced FID, and Largest Contentful Paint, Cumulative Layout Shift, and Time to First Byte remain the baseline a production team must speak fluently.

Accessibility is a standing engineering requirement, not a late pass: WCAG 2.2, ARIA patterns, semantic HTML, focus management, and keyboard-first interaction have entered the day-to-day vocabulary of any senior web team.

Modern web development spans an enormous vocabulary. Between evolving browser APIs, shifting framework paradigms, deployment primitives, and accessibility standards, the terms a senior engineer uses in a single standup can overwhelm anyone new to the field. This glossary catalogs 300+ of the most important web development terms in use during 2026, grouped by concern so you can scan by topic rather than alphabet.

Every definition is short enough to skim but specific enough to be useful when reviewing pull requests, writing RFCs, or briefing a stakeholder. Where a term has evolved meaningfully in the last two years — React Server Components, Partial Prerendering, Fluid Compute, INP replacing FID — we call out the current interpretation rather than the historical one.

How to use this glossary

Use the table of contents to jump to the domain you care about. Each term is standalone — no need to read linearly. For deeper context on any topic, we link to full reference guides in the 2026 website statistics report and our web development service overview.

1. HTML, CSS, and JavaScript fundamentals

The three languages every browser natively understands. Even with the most advanced framework stack, everything you ship ultimately resolves to HTML, CSS, and JavaScript delivered over HTTP.

HTML — HyperText Markup Language. The structural layer of the web that describes document content and hierarchy via tags.

CSS — Cascading Style Sheets. A declarative language for describing visual presentation of HTML documents across media and devices.

JavaScript — A dynamic, prototype-based programming language standardized as ECMAScript, executed by browser engines and server runtimes.

DOM — Document Object Model. A tree-shaped in-memory representation of HTML that JavaScript can query and mutate at runtime.

CSSOM — CSS Object Model. The browser's structured representation of every style rule applied to the document, used during the render pipeline.

Event loop — The runtime mechanism that processes queued tasks and microtasks to give JavaScript its single-threaded, asynchronous behavior.

Closure — A function bundled with the lexical scope it was declared in, allowing it to access outer variables after the outer function has returned.

Hoisting — The JavaScript behavior of lifting variable and function declarations to the top of their scope during compilation.

Prototypal inheritance — JavaScript's object-linking model where each object references a prototype from which it inherits properties and methods.

Semantic HTML — The practice of choosing tags like article, nav, and header based on meaning, improving accessibility and SEO.

Media queries — CSS at-rules that apply styles conditionally based on viewport, device characteristics, or user preferences like reduced motion.

CSS variables — Custom properties prefixed with two dashes that make values reusable and dynamically updatable via JavaScript.

Specificity — The weight CSS assigns to a selector, determining which rule wins when multiple rules target the same element.

Box model — The CSS layout convention defining how content, padding, border, and margin contribute to an element's rendered size.

Flexbox — A one-dimensional CSS layout model for distributing space along a single axis and aligning items in a container.

CSS Grid — A two-dimensional CSS layout system for defining rows and columns, ideal for page-level structure.

Container queries — CSS rules that adapt styles based on a parent container's size rather than the viewport, enabling truly modular components.

Cascade layers — Named groups of CSS rules introduced via the at-layer rule that establish a predictable specificity order.

Pseudo-class — A CSS keyword like hover or focus-visible added to a selector to style an element in a specific state.

Pseudo-element — A selector like before or after that styles a specific part of an element without adding new markup.

Promise — A JavaScript object representing the eventual completion or failure of an asynchronous operation.

Async / await — Syntactic sugar over Promises that lets you write asynchronous code in a linear, synchronous-looking style.

Event delegation — Attaching a single event listener to a parent that handles events from many descendant elements via bubbling.

Fetch API — The standard browser API for issuing HTTP requests, returning Promises and supporting streaming responses.

Web Storage — Browser APIs localStorage and sessionStorage for persisting small key-value data on the client.

IndexedDB — A client-side transactional database for storing large amounts of structured data including files and blobs.

Service worker — A background script the browser runs separately from the page, enabling offline caching, push notifications, and intercepting network requests.

Web Components — A set of browser standards — custom elements, shadow DOM, and HTML templates — for building reusable encapsulated elements.

Shadow DOM — A scoped subtree of DOM attached to an element that isolates styles and markup from the surrounding document.

WeakMap — A JavaScript collection whose keys are object references held weakly, allowing garbage collection when no other references exist.

Iterator protocol — The JavaScript convention by which objects define a next() method to be consumed by for-of loops and spread syntax.

2. React and Next.js

React remains the dominant component model in 2026, and Next.js is the most widely deployed React meta-framework. The concepts below cover both client-side React and the current server-first Next.js App Router paradigm.

JSX — A syntax extension that lets you write HTML-like markup inside JavaScript, compiled to React element calls.

Component — A reusable function or class that returns a React element tree, optionally accepting props as input.

Props — The immutable input object passed to a component from its parent, defining the component's configuration.

State — Internal data managed by a component that triggers re-renders when updated via setState or the useState setter.

Hook — A function whose name starts with use that lets function components hook into React features like state and effects.

useState — The primary React hook for declaring component-local reactive state inside a function component.

useEffect — A hook for running side effects — subscriptions, DOM manipulation, data fetching on the client — after render.

useMemo — A hook that caches a computed value across renders, skipping expensive recalculation when dependencies are unchanged.

useCallback — A hook that returns a memoized function reference, useful when passing callbacks into memoized children.

Context — A React mechanism for passing values down the tree without threading props through every intermediate component.

Suspense — A React feature that declaratively displays a fallback while a child waits for asynchronous data or code to load.

Error boundary — A class component that catches rendering errors below it in the tree and renders a fallback UI instead of unmounting.

Server Component — A React component that runs only on the server, sending a serialized result to the client without shipping its JavaScript bundle.

Client Component — A React component marked with "use client" that runs in the browser, giving it access to state, effects, and event handlers.

Server Action — A function marked with "use server" callable from the client that executes on the server, often used for form submissions and mutations.

App Router — Next.js's file-system-based routing system built on React Server Components, using folders under app to define routes.

Layout — A Next.js App Router file that wraps a route segment and its children, persisting across navigation inside that segment.

Route Handler — A Next.js file at route.ts that exports HTTP verb functions (GET, POST, etc.) to respond to requests at a given path.

Cache Components — A Next.js model where components are cached unless marked dynamic, replacing the older request-scoped fetch cache.

Partial Prerendering — A Next.js rendering mode that serves a static shell immediately and streams in dynamic content within the same response.

ISR — Incremental Static Regeneration. A rendering strategy that rebuilds static pages in the background on a time or tag-based schedule.

Streaming SSR — Server-side rendering that sends HTML to the client in chunks as each Suspense boundary resolves, improving time to first byte.

Hydration — The process where React attaches event handlers and state to server-rendered HTML so it becomes interactive.

Reconciliation — React's algorithm for diffing the previous and next virtual DOM trees to determine the minimum set of DOM operations.

Fiber — The internal React reconciler architecture that allows rendering work to be split into interruptible units for concurrent rendering.

Concurrent rendering — React's ability to prepare multiple UI versions at once and abandon work that is no longer needed, powering transitions and Suspense.

useTransition — A hook that marks state updates as non-urgent, letting React keep the UI responsive while the transition renders in the background.

Route group — A Next.js folder wrapped in parentheses that organizes routes without affecting the URL path.

Middleware — Code that runs before a request is completed, used for redirects, rewrites, and header manipulation in Next.js.

Metadata API — The Next.js App Router API for declaring page titles, descriptions, Open Graph tags, and canonical URLs from layout or page files.

next/image — The Next.js Image component that handles lazy loading, responsive sizes, and automatic format conversion.

3. TypeScript

TypeScript is the default language for new frontend and Node projects in 2026. Its type system has grown expressive enough to encode meaningful invariants at the boundaries of applications.

TypeScript — A typed superset of JavaScript developed by Microsoft that compiles to plain JavaScript with erased types.

Type — A named alias for any TypeScript type expression, including unions, intersections, and mapped types.

Interface — A TypeScript construct for describing object shapes that supports declaration merging and extension via extends.

Generic — A type parameter that lets a function, class, or type work with multiple concrete types while preserving type information.

Union type — A type formed with the pipe operator that accepts any one of several constituent types, like string or number.

Intersection type — A type formed with the ampersand operator that requires all constituent types to be present simultaneously.

Discriminated union — A union whose members share a common literal property, allowing TypeScript to narrow to a specific member via that discriminator.

Conditional type — A type of the form T extends U ? X : Y used to express branching logic at the type level.

Mapped type — A type that iterates over the keys of another type and transforms them, forming the basis for utilities like Partial and Readonly.

Utility types — TypeScript's built-in generic types like Pick, Omit, Partial, Required, Record, and ReturnType that transform other types.

never — The bottom type representing values that never occur, used for exhaustiveness checks and functions that throw or loop forever.

unknown — A type-safe counterpart to any that requires narrowing before you can use the value.

any — The escape-hatch type that opts a value out of type checking, generally discouraged in production codebases.

Type narrowing — The process of refining a broader type to a more specific one through control flow analysis or user-defined predicates.

Type guard — A function whose return type uses the is keyword to assert that a parameter is a specific type when the function returns true.

satisfies operator — A TypeScript operator that validates a value matches a type without widening it, preserving the value's literal shape for inference.

as const — A const assertion that makes a value's type as literal and readonly as possible.

Enum — A TypeScript construct for a named set of constants, commonly replaced in modern code by union-of-string-literals.

Template literal type — A string type built with template syntax that can enforce patterns like `${string}@${string}.${string}`.

infer — A keyword used inside a conditional type to capture a type from a position in another type, enabling type extraction.

tsconfig.json — The TypeScript compiler configuration file that controls target, module, strictness, and path mapping.

strict mode — A TypeScript compiler option that enables the full suite of strict type-checking flags, considered table stakes for new projects.

Declaration file — A file ending in .d.ts that provides type information for JavaScript code without shipping implementation.

Ambient module — A module declared in a declaration file that describes types for an existing JavaScript module at runtime.

Zod — A popular TypeScript-first schema validation library whose schemas produce both a runtime validator and a static type.

Branded type — A nominal-typing technique using a tagged intersection to distinguish otherwise-identical primitives like UserId versus OrderId.

Declaration merging — The TypeScript behavior of combining multiple declarations of the same name into a single definition.

Structural typing — TypeScript's compatibility model where types match if their shapes match, regardless of declared names or inheritance.

Excess property check — A TypeScript rule that flags unexpected properties on object literals assigned to typed variables, catching typos.

DefinitelyTyped — The community repository of type declarations published as the types scope on npm.

4. APIs and data fetching

How clients and servers exchange data shapes both developer experience and user-perceived performance. The protocols below cover the full range from request-response REST to streaming real-time primitives.

HTTP — The application protocol of the web, used for nearly all request-response communication between clients and servers.

HTTP/2 — A major revision of HTTP introducing binary framing, multiplexing, and server push over a single TCP connection.

HTTP/3 — The latest HTTP version running over QUIC, eliminating head-of-line blocking and improving mobile performance.

REST — An architectural style using HTTP verbs against resource URLs, with responses typically serialized as JSON.

GraphQL — A query language and runtime that lets clients request exactly the fields they need from a typed schema.

tRPC — A TypeScript-first RPC library that infers end-to-end types from procedures without code generation.

gRPC — A high-performance RPC framework using Protocol Buffers over HTTP/2, common in service-to-service communication.

Webhook — An outgoing HTTP callback a server makes to a URL you register, used for event-driven integrations between systems.

SSE — Server-Sent Events. A unidirectional streaming protocol where a server pushes text events to the client over HTTP.

WebSocket — A full-duplex protocol upgraded from an HTTP handshake, enabling real-time bidirectional messaging.

WebTransport — A newer API for low-latency bidirectional communication over HTTP/3, designed as a modern alternative to WebSockets.

JSON — JavaScript Object Notation. The default data interchange format on the web, serialized as UTF-8 text.

Protocol Buffers — A compact binary serialization format from Google with a schema-first workflow, used by gRPC.

OpenAPI — A specification for describing REST APIs, enabling automated client generation, mocking, and documentation.

Idempotent — A property of a request whose effect is the same whether it is applied once or multiple times, important for safe retries.

Rate limit — A cap on how many requests a client can make within a window, protecting servers from overload and abuse.

ETag — A response header carrying a version identifier for a resource, enabling conditional requests that avoid retransmitting unchanged data.

Pagination — The pattern of returning large collections in pages, using offset, page-number, or cursor-based strategies.

Cursor pagination — A pagination style where the client passes an opaque cursor from the previous response, resilient to inserts and deletes.

TanStack Query — A popular data-fetching and caching library for React that handles request deduplication, background refetching, and optimistic updates.

SWR — A React hooks library from Vercel for data fetching with stale-while-revalidate semantics.

Mutation — A client-initiated operation that changes server state, as opposed to a read-only query.

Optimistic UI — A pattern where the client updates the UI assuming the mutation will succeed, rolling back if the server rejects it.

Polling — Repeatedly calling an endpoint on a schedule to detect state changes, simpler but less efficient than push-based approaches.

Long polling — A polling variant where the server holds the request open until data is available or a timeout expires.

CDN — Content Delivery Network. A global network of edge servers that caches responses close to users, reducing latency.

CORS — Cross-Origin Resource Sharing. A browser mechanism letting servers declare which origins may read a response.

Preflight request — An OPTIONS request the browser sends before certain cross-origin calls to check server CORS policy.

Streaming response — An HTTP response whose body is delivered in chunks, letting the client begin processing before the full payload arrives.

Webhook signing — The practice of signing webhook payloads with a shared secret so the receiver can verify authenticity and integrity.

5. Runtime and deployment

Where your code actually executes — which JavaScript runtime, which region, which isolation model — has a first-order effect on both cost and latency.

Node.js — A JavaScript runtime built on V8 with an event-driven I/O model, still the default backend runtime for most teams.

Bun — A JavaScript runtime built on JavaScriptCore with a native toolchain including a bundler, package manager, and test runner.

Deno — A secure JavaScript and TypeScript runtime built on V8 with first-class web standard APIs and explicit permissions.

V8 — Google's open-source JavaScript engine that powers Chrome, Node.js, Deno, and many embedded runtimes.

Vercel Functions — Vercel's serverless function platform that runs Node or Web Standard handlers, now backed by Fluid Compute.

Fluid Compute — Vercel's compute model where a single function instance can handle many concurrent invocations, reducing cost and cold starts compared to classic isolated serverless.

Edge runtime — A lightweight JavaScript runtime based on Web Standards that runs close to users, typically with faster cold starts and tighter API limits than Node.

Cold start — The latency incurred when a serverless platform must spin up a new function instance before handling a request.

Warm start — The fast path where a function instance is reused across requests, avoiding initialization overhead.

Region — A geographic location where cloud compute runs, chosen to minimize latency to users or to keep code near a database.

Multi-region — A deployment topology where application code or data is replicated across multiple regions for redundancy or locality.

Serverless — A deployment model where the platform manages capacity and you pay per invocation or per unit of work rather than per provisioned instance.

Always-on — A deployment model where a long-running server process remains ready to handle requests, trading higher idle cost for predictable warm performance.

Container — A packaged runtime environment — typically a Docker image — that bundles application code with its OS dependencies.

Kubernetes — A container orchestration system for scheduling, scaling, and managing containerized workloads across a cluster.

Docker — The most widely used container runtime and image format for packaging and shipping applications.

Edge network — A globally distributed set of points of presence that terminates TLS and can cache or execute code near end users.

Origin server — The authoritative backend that generates fresh responses when the CDN or edge does not have a cached copy.

Static hosting — Serving prebuilt HTML, CSS, and JavaScript from storage or a CDN without any server-side computation per request.

SSG — Static Site Generation. Rendering pages at build time so every request is served as static content.

SSR — Server-Side Rendering. Generating HTML on the server for each request, enabling dynamic personalization.

CSR — Client-Side Rendering. Shipping a minimal HTML shell and rendering the page in the browser using JavaScript.

Environment variables — Runtime configuration exposed to a process through the environment, typically used for secrets and per-environment settings.

12-factor app — A set of twelve methodology principles for building SaaS applications that are portable, disposable, and easy to operate at scale.

Observability — The practice of instrumenting systems with metrics, logs, and traces so their internal state can be inferred from external outputs.

OpenTelemetry — The CNCF open standard for generating, collecting, and exporting telemetry data across languages and platforms.

Blue-green deployment — A release strategy that maintains two production environments and switches traffic between them for near-zero-downtime cutovers.

Canary release — Rolling out a new version to a small percentage of traffic first, monitoring signals before full rollout.

Feature flag — A runtime switch that enables or disables functionality without redeploying, supporting experimentation and gradual rollout.

Preview deployment — An ephemeral deploy created per branch or pull request so reviewers can interact with changes before merging.

6. Performance and Core Web Vitals

Google's Core Web Vitals are now a widely adopted shared vocabulary for user-perceived performance. Hitting the good thresholds correlates tightly with conversion rates.

Core Web Vitals — Google's three user-centric performance metrics — LCP, INP, and CLS — used as ranking signals and UX benchmarks.

LCP — Largest Contentful Paint. The time from navigation to when the largest visible element finishes rendering.

INP — Interaction to Next Paint. The latency between a user interaction and the next visual update, replacing FID in 2024.

CLS — Cumulative Layout Shift. A score quantifying unexpected visual jumps during a page's lifetime.

TTFB — Time To First Byte. The time from request start to when the first byte of the response arrives.

FCP — First Contentful Paint. The time from navigation to when the browser renders the first DOM content.

TBT — Total Blocking Time. The sum of long-task duration beyond 50 ms between FCP and TTI, a lab proxy for INP.

TTI — Time To Interactive. The time until the main thread is consistently idle and can respond to user input.

Long task — A task on the browser main thread that exceeds 50 milliseconds, blocking user input during that time.

Preload — A link hint instructing the browser to fetch a high-priority resource immediately, commonly used for critical fonts.

Prefetch — A link hint for low-priority speculative fetches of resources likely needed on future navigations.

Preconnect — A link hint that opens early TCP and TLS connections to origins you expect to fetch from.

Lazy loading — Deferring resource loading — especially images and iframes — until they are about to enter the viewport.

Code splitting — Breaking a JavaScript bundle into smaller chunks loaded on demand, reducing initial download and parse cost.

Critical CSS — The minimum CSS required to render above-the-fold content, inlined into the HTML to avoid a render-blocking stylesheet fetch.

Render-blocking resource — A resource the browser must download and parse before it can render, typically synchronous scripts and unoptimized stylesheets.

Main thread — The browser thread that executes JavaScript, lays out the DOM, and handles user input; long tasks here hurt INP.

Web Worker — A background thread that executes JavaScript off the main thread, communicating via structured-clone messages.

Image format — The encoding used for images on the web; modern formats like AVIF and WebP yield smaller files than legacy JPEG and PNG.

Responsive image — An image served at a size appropriate for the viewport using srcset and sizes attributes.

CrUX — Chrome User Experience Report. Google's public dataset of real-world Core Web Vitals measurements from Chrome users.

Lab data — Performance measurements collected in a controlled environment using tools like Lighthouse, useful for reproducibility.

Field data — Performance measurements collected from real users in production, typically via RUM providers or CrUX.

RUM — Real User Monitoring. The practice of capturing performance data from actual visitor sessions rather than synthetic tests.

Lighthouse — An open-source auditing tool from Google that scores a page on performance, accessibility, SEO, and best practices.

Bundle size — The total compressed size of JavaScript, CSS, or other assets downloaded by the browser for a given route.

Speculation Rules — A browser API that lets pages declare which links should be prefetched or prerendered for near-instant navigation.

Font display — A CSS descriptor controlling how text is rendered while a web font loads, with swap being the most common choice.

Variable font — A single font file encoding multiple weights and styles, reducing total font payload on pages using several variants.

Main-thread scheduling — The practice of yielding back to the browser frequently via scheduler.yield or setTimeout to keep the page responsive.

7. CSS frameworks and styling

Styling has consolidated toward utility-first CSS and unstyled component primitives, giving teams design consistency without the lock-in of older UI kits.

Tailwind CSS — A utility-first CSS framework that generates styles from class names in your markup, optimizing output via just-in-time compilation.

Utility-first — A styling approach that composes designs from many small single-purpose classes rather than custom semantic stylesheets.

Tailwind v4 — The current major version of Tailwind, built on Lightning CSS with CSS-first configuration and native cascade layers.

CSS-in-JS — A family of libraries — Emotion, styled-components, and others — that let you author styles in JavaScript colocated with components.

CSS Modules — A convention where each component imports a .module.css file whose class names are locally scoped by build-time hashing.

PostCSS — A tool for transforming CSS with JavaScript plugins, commonly used for autoprefixing, nesting, and modern syntax downleveling.

Lightning CSS — A fast CSS parser, transformer, and minifier written in Rust, used internally by Tailwind v4 and other modern toolchains.

Autoprefixer — A PostCSS plugin that automatically adds vendor prefixes to CSS properties based on a browserslist target.

Sass — A CSS preprocessor adding variables, nesting, mixins, and functions, historically common but now often replaced by native CSS features.

Component library — A packaged set of reusable UI components, spanning the spectrum from opinionated to fully unstyled.

shadcn/ui — A copy-in component system built on Radix primitives and Tailwind that gives teams full ownership of component source code.

Radix UI — A set of unstyled, accessible React primitives for dialogs, dropdowns, popovers, and other interactive patterns.

Headless UI — A library of unstyled, accessible component primitives from the Tailwind Labs team.

Design tokens — Named design values — colors, spacing, typography — shared between design tools and code, typically implemented as CSS variables.

Design system — The combination of tokens, components, and documentation that encodes a product's visual and interaction standards.

Dark mode — An interface color scheme using dark backgrounds, toggled via a user preference or prefers-color-scheme media query.

Responsive design — A design approach that adapts layouts to device viewport size using fluid grids, flexible media, and media queries.

Mobile-first — Writing base styles for mobile viewports and layering on larger-viewport styles via min-width media queries.

Fluid typography — Type sizing that scales smoothly with viewport width using clamp() rather than stepping at fixed breakpoints.

clsx — A tiny utility for conditionally joining class name strings, a common building block in React components.

tailwind-merge — A utility that resolves conflicting Tailwind class names deterministically so later classes override earlier ones.

CVA — Class Variance Authority. A utility for defining typed variant-based class name functions on top of Tailwind.

Storybook — A workshop environment for developing and documenting UI components in isolation, with visual and interaction testing.

Figma — The dominant browser-based design tool in 2026, widely used for UI design, prototyping, and collaboration with engineers.

Dev Mode — Figma's mode for developers that exposes inspect tooling, code snippets, and token mappings for implementation.

Viewport units — CSS length units like vh, vw, dvh, and svh that reference the viewport, with dvh handling mobile browser chrome correctly.

Logical properties — CSS properties expressed in writing-mode terms — block, inline, start, end — that adapt automatically to RTL languages.

color-mix — A modern CSS function that blends two colors in a chosen color space, enabling dynamic theming without preprocessing.

Open Props — A popular collection of CSS custom properties for colors, sizes, and animations designed to be imported as tokens.

Animation library — A package — like Motion or GSAP — that provides declarative primitives and timing curves for interactive animation.

8. Accessibility and WCAG

Accessibility is both a legal requirement in most markets and a marker of engineering quality. The terms below are the vocabulary of WCAG 2.2 and the ARIA specification.

a11y — A numeronym for accessibility, frequently used in issue trackers, package names, and documentation.

WCAG — Web Content Accessibility Guidelines. The W3C specification defining success criteria for making web content accessible.

WCAG 2.2 — The current published version of WCAG, adding nine success criteria around focus appearance, dragging, and target size.

Conformance level — The WCAG tier an implementation meets — A, AA, or AAA — with AA being the most common legal baseline.

ARIA — Accessible Rich Internet Applications. A W3C spec that lets developers add semantics to markup for assistive tech.

ARIA role — A value like button, dialog, or listbox that tells assistive tech how to interpret an element when native semantics are insufficient.

ARIA label — An attribute that provides an accessible name for an element when no visible text is available, like an icon button.

Landmark — A structural region of a page — header, nav, main, footer — that screen reader users can jump between quickly.

Skip link — A link placed at the top of a page that lets keyboard users bypass repeated navigation to reach main content.

Screen reader — Assistive software that renders text and UI as synthesized speech or Braille, such as JAWS, NVDA, and VoiceOver.

Keyboard navigation — Operating an interface using only the keyboard, which every interactive element must support.

Focus management — Programmatically directing keyboard focus during navigation changes, modal open/close, and form errors.

Focus ring — The visible outline shown on a focused interactive element, required by WCAG 2.2 focus-appearance success criteria.

Focus trap — A pattern that constrains keyboard focus inside a modal dialog until it is dismissed.

Contrast ratio — The luminance ratio between text and its background, with WCAG requiring 4.5:1 for body text at AA conformance.

Alt text — A concise text description of an image provided via the alt attribute, read aloud by screen readers.

Decorative image — An image providing no information beyond its visual, marked with an empty alt attribute so screen readers skip it.

aria-live — An attribute making a region announce its updates to assistive tech, crucial for dynamic status messages.

aria-describedby — An attribute linking an element to one or more IDs whose content provides an accessible description.

Prefers-reduced-motion — A media query letting users who are sensitive to motion request reduced animation, which sites should respect.

Axe-core — An open-source accessibility testing engine from Deque, embedded in many linters, CI tools, and browser extensions.

Lighthouse accessibility audit — The accessibility category of Lighthouse, which runs a subset of axe rules and outputs a score.

Semantic element — An HTML element whose tag name carries meaning for assistive tech, like button, label, and nav.

Accessible name — The string assistive tech announces for an element, derived from labels, contents, and ARIA attributes in a defined order.

Accessibility tree — A parallel tree the browser builds from the DOM that assistive tech actually consumes.

Target size — The clickable area of an interactive control; WCAG 2.2 requires at least 24x24 CSS pixels for most targets.

VPAT — Voluntary Product Accessibility Template. A document declaring how a product conforms to accessibility standards, often required in enterprise procurement.

Section 508 — A US federal accessibility law requiring electronic content to be accessible, aligned with WCAG 2.0 AA.

EAA — European Accessibility Act. EU legislation that took effect in 2025, expanding accessibility requirements across many consumer products and services.

Keyboard shortcut — A key combination that triggers an action; WCAG requires single-character shortcuts to be remappable or disableable.

9. Build tooling

Build pipelines compile, bundle, and optimize source code into the assets browsers actually execute. In 2026 the ecosystem is consolidating around Rust and Go-based tools for speed.

Bundler — A tool that walks an import graph and emits deployable artifacts, resolving dependencies and transforming source files.

Webpack — The historically dominant JavaScript bundler, with a rich loader and plugin ecosystem and notoriously slow cold starts.

Vite — A frontend build tool combining native ESM during development with Rollup-based production bundling for fast feedback loops.

Rollup — A JavaScript module bundler focused on producing clean ESM output, widely used for publishing libraries.

esbuild — A Go-based JavaScript bundler and minifier prized for its raw speed, often used as the transform layer in other toolchains.

SWC — A Rust-based JavaScript and TypeScript compiler, used as the default transformer in Next.js and other frameworks.

Babel — A pluggable JavaScript compiler used for downleveling modern syntax and running codemods; increasingly replaced by SWC and esbuild.

Turbopack — The Rust-based successor to Webpack from Vercel, used as the default bundler for Next.js in 2026.

HMR — Hot Module Replacement. A dev-server feature that swaps updated modules into a running page without a full reload.

Source map — A file mapping compiled output back to original source lines, allowing debuggers and error reporters to point to real authored code.

Tree shaking — The bundler optimization that removes unused exports from the final bundle by statically analyzing import graphs.

Minification — The process of reducing a file's size by removing whitespace and renaming identifiers while preserving behavior.

Compression — The transport-layer step — typically gzip or Brotli — that shrinks assets in transit between server and browser.

Brotli — A modern compression algorithm that typically beats gzip by 15-25% for text-based assets.

ESM — ECMAScript Modules. The standard JavaScript module system with static import and export statements.

CommonJS — The legacy Node.js module system using require and module.exports, now gradually being replaced by ESM.

pnpm — A fast, disk-efficient package manager that stores a content-addressable store and uses symlinks in node_modules.

npm — The default package manager bundled with Node.js and the registry that hosts nearly every JavaScript package.

Yarn — An alternate JavaScript package manager with modern workspaces, plug-n-play, and zero-install features.

Lockfile — A file pinning exact versions of every transitive dependency so installs are reproducible across machines and time.

Monorepo — A repository containing multiple related packages or apps, typically managed with workspaces and a task runner.

Turborepo — A high-performance task runner for JavaScript and TypeScript monorepos with remote caching.

Linter — A tool that analyzes source code for programmatic and stylistic issues without executing it.

Biome — A Rust-based toolchain combining linting and formatting, positioned as a modern alternative to ESLint and Prettier.

ESLint — The long-standing JavaScript and TypeScript linter, extended by the community with thousands of rule plugins.

Prettier — An opinionated code formatter that rewrites source files to a consistent style, reducing formatting disagreements.

Polyfill — Code that implements a newer web API in environments that do not natively support it.

Browserslist — A shared configuration format declaring which browsers a project supports, consumed by PostCSS, Babel, and others.

Dynamic import — The import() expression that loads a module lazily at runtime, enabling code splitting at natural boundaries.

Bundle analyzer — A tool that visualizes the contents of a bundle so you can find oversized dependencies worth replacing or deferring.

10. Security and DevOps

Security and operational practices are inseparable from modern web development. The terms below span application-level vulnerabilities, deployment pipelines, and identity protocols.

HTTPS — HTTP over TLS. The encrypted, authenticated transport required for all production web traffic in 2026.

TLS — Transport Layer Security. The cryptographic protocol that encrypts traffic between clients and servers on the web.

HSTS — HTTP Strict Transport Security. A response header instructing browsers to only visit the origin over HTTPS.

CSP — Content Security Policy. A response header declaring which script, style, and other resource origins the browser may load.

XSS — Cross-Site Scripting. An attack where an attacker injects script into a trusted page to run in a victim's browser.

CSRF — Cross-Site Request Forgery. An attack that tricks a logged-in user's browser into issuing unwanted requests to a target site.

SQL injection — An attack that manipulates a query by injecting malicious SQL through unsanitized user input.

Parameterized query — A database query that passes user input as parameters rather than string-concatenated SQL, preventing SQL injection.

SSRF — Server-Side Request Forgery. An attack where a server is tricked into fetching attacker-controlled internal URLs.

OWASP Top 10 — A regularly updated list from OWASP of the ten most critical web application security risks.

Rate limiting — A defense that caps request volume per client to prevent abuse, brute-force attacks, and resource exhaustion.

OAuth 2.0 — An authorization framework letting users grant third-party apps scoped access to their data without sharing credentials.

OpenID Connect — An identity layer on top of OAuth 2.0 that adds ID tokens and a standardized way to verify user identity.

JWT — JSON Web Token. A signed, compact token format commonly used to carry claims between services in stateless sessions.

Session cookie — A cookie holding a server-referenced session identifier, typically marked HttpOnly and Secure.

SameSite cookie — A cookie attribute controlling whether the browser sends the cookie on cross-site requests, mitigating CSRF.

Passkey — A passwordless credential based on WebAuthn that lives in device authenticators and is phishing-resistant.

WebAuthn — A browser API and W3C spec for public-key credential authentication, the technical foundation of passkeys.

MFA — Multi-Factor Authentication. Requiring two or more factors such as password, hardware key, or biometric to log in.

RBAC — Role-Based Access Control. An authorization model where permissions are attached to named roles assigned to users.

RLS — Row-Level Security. A database feature enforcing per-row access policies at the engine level, central to Supabase and Postgres.

Secrets management — The practice of storing and rotating API keys, tokens, and credentials in a vault rather than source code.

.env file — A local file storing environment variables during development, gitignored to keep secrets out of source control.

CI/CD — Continuous Integration and Continuous Deployment. Automated pipelines that test and release code on every change.

GitHub Actions — GitHub's native CI/CD platform where workflows are defined in YAML and triggered by repository events.

Git flow — A branching model with main, develop, feature, and release branches; now often simplified to trunk-based development.

Trunk-based development — A branching strategy where all developers integrate frequently into a single main branch with short-lived feature branches.

Pull request — A proposal to merge a branch into another, paired with a review and automated checks before it lands.

Code review — The practice of having peers inspect and approve changes before merging, improving quality and knowledge sharing.

SAST — Static Application Security Testing. Scanning source code for vulnerability patterns as part of CI.

Dependency scanning — Tooling like Dependabot or Renovate that detects vulnerable or outdated third-party packages and proposes upgrades.

Supply-chain attack — A compromise of a dependency, build tool, or CI system that injects malicious code into downstream consumers.

A note on terminology drift

Web development vocabulary changes quickly. Terms like edge runtime and serverless meant meaningfully different things even two years ago. When you see a definition on Stack Overflow or in training data that contradicts this glossary, trust the more recent source and the official platform documentation.