Aarav Chandel

A second-year computer science student building backend systems and documenting the decisions that make them reliable, reviewable, and safe to retry.

What informs the writing

CryptoEx supplies concrete problems around withdrawal state, duplicate jobs, idempotency, transaction boundaries, and uncertain provider responses.

SentinelFi supplies problems around event contracts, replay-safe consumers, fraud decisions, audit history, and operator review.

Examples are educational project work. Articles do not claim production scale, customer traffic, or measured outcomes unless the measurement and environment are shown.

Published guides

20 guides across 3 topics

CORS misconceptions: why disabling it is not an API security plan

Understand what CORS actually controls, configure credentialed origins safely, debug preflights, and keep authentication and authorization as separate API boundaries.

Backend Architecture

Database restore tests: the backup step teams forget

Turn database backups into a tested recovery process with clear RPO and RTO targets, isolated restore drills, integrity checks, application tests, and evidence.

Backend Architecture

GitHub Actions OIDC explained: stop storing long-lived cloud secrets

Replace long-lived deployment keys with GitHub Actions OIDC, narrow cloud trust by repository and environment, and test denial before deleting old secrets.

Backend Architecture

Next.js Server Actions security checklist for real apps

Secure Next.js Server Actions with in-action authorization, strict validation, safe return values, abuse limits, idempotency, logging, and negative tests.

Backend Architecture

OWASP API Security Top 10 explained for Node.js backend developers

Apply the OWASP API Security risks to Node.js routes with object-level authorization, schema validation, rate limits, inventory, logging, and abuse tests.

Backend Architecture

Queue dead-letter pattern in Node.js: what to do with failed jobs

Design a Node.js dead-letter workflow with bounded retries, useful failure records, replay controls, idempotent workers, alerts, and safe operator recovery.

Backend Architecture

Rate limiting in Node.js with Redis: a practical guide

Build an atomic Redis rate limiter for Node.js, choose useful identities and limits, handle proxy IPs, and decide what happens when Redis is unavailable.

Backend Architecture

Webhook signature verification in Node.js: the part tutorials skip

Verify webhook signatures in Node.js without corrupting the raw body, avoid timing leaks, reject stale deliveries, and process valid events idempotently.

Backend Architecture

Content Security Policy explained for normal web developers

A practical CSP guide with report-only rollout, strict policies, nonces, hashes, third-party scripts, reporting, and production checks.

Backend Architecture

How to build a developer portfolio recruiters can understand in five minutes

A simple developer portfolio structure with examples for showing projects, decisions, results, code quality, and contact information clearly.

Engineering Careers

Designing a fraud detection event pipeline in Node.js

A practical Node.js fraud event pipeline with stable event contracts, idempotent consumers, rules, risk scores, review queues, audit logs, and replay safety.

Backend Architecture

How junior developers can stand out when everyone uses AI

How junior developers can prove judgment, debugging skill, communication, and ownership in an AI-assisted coding market.

Engineering Careers

HTTP QUERY method explained: the new method between GET and POST

A practical guide to the new HTTP QUERY method, why RFC 10008 added it, how it compares with GET and POST, and when backend developers should care.

Backend Architecture

Idempotency in Node.js workers: how to avoid charging a user twice

A backend pattern for making Node.js jobs safe to retry, with examples for payment jobs, idempotency keys, Redis claims, and stored state.

Node.js & TypeScript

Is learning DSA actually necessary for backend roles?

A practical DSA guide for backend beginners, with examples for interviews, real backend systems, learning splits, and what level is enough.

Engineering Careers

How to structure a Node.js backend project without overengineering

A practical Node.js backend folder structure that keeps routes, services, repositories, jobs, and config understandable.

Node.js & TypeScript

How to scope a backend portfolio project recruiters can evaluate

Choose a backend portfolio project with one serious workflow, visible engineering decisions, realistic failure cases, and proof recruiters can review quickly.

Engineering Careers

tsconfig.json explained: the TypeScript options that actually matter

A plain-English guide to the tsconfig options that affect real projects: target, module, moduleResolution, strict, lib, include, and noEmit.

Node.js & TypeScript

How to fix npm install errors: ERESOLVE, ENOENT, and permission denied

Fix npm install errors by identifying ERESOLVE, ENOENT, EACCES, ETARGET, and network failures before changing lockfiles or dependency versions.

Node.js & TypeScript

What strict: true actually checks in TypeScript

A simple explanation of what TypeScript strict mode catches, with examples for null checks, implicit any, this binding, class fields, and errors.

Node.js & TypeScript