Aarav Chandel
A second-year computer science student building backend systems and documenting the decisions that make them reliable, reviewable, and safe to retry.
What informs the writing
CryptoEx supplies concrete problems around withdrawal state, duplicate jobs, idempotency, transaction boundaries, and uncertain provider responses.
SentinelFi supplies problems around event contracts, replay-safe consumers, fraud decisions, audit history, and operator review.
Examples are educational project work. Articles do not claim production scale, customer traffic, or measured outcomes unless the measurement and environment are shown.
Published guides
20 guides across 3 topicsCORS misconceptions: why disabling it is not an API security plan
Understand what CORS actually controls, configure credentialed origins safely, debug preflights, and keep authentication and authorization as separate API boundaries.
Database restore tests: the backup step teams forget
Turn database backups into a tested recovery process with clear RPO and RTO targets, isolated restore drills, integrity checks, application tests, and evidence.
GitHub Actions OIDC explained: stop storing long-lived cloud secrets
Replace long-lived deployment keys with GitHub Actions OIDC, narrow cloud trust by repository and environment, and test denial before deleting old secrets.
Next.js Server Actions security checklist for real apps
Secure Next.js Server Actions with in-action authorization, strict validation, safe return values, abuse limits, idempotency, logging, and negative tests.
OWASP API Security Top 10 explained for Node.js backend developers
Apply the OWASP API Security risks to Node.js routes with object-level authorization, schema validation, rate limits, inventory, logging, and abuse tests.
Queue dead-letter pattern in Node.js: what to do with failed jobs
Design a Node.js dead-letter workflow with bounded retries, useful failure records, replay controls, idempotent workers, alerts, and safe operator recovery.
Rate limiting in Node.js with Redis: a practical guide
Build an atomic Redis rate limiter for Node.js, choose useful identities and limits, handle proxy IPs, and decide what happens when Redis is unavailable.
Webhook signature verification in Node.js: the part tutorials skip
Verify webhook signatures in Node.js without corrupting the raw body, avoid timing leaks, reject stale deliveries, and process valid events idempotently.
Content Security Policy explained for normal web developers
A practical CSP guide with report-only rollout, strict policies, nonces, hashes, third-party scripts, reporting, and production checks.
How to build a developer portfolio recruiters can understand in five minutes
A simple developer portfolio structure with examples for showing projects, decisions, results, code quality, and contact information clearly.
Designing a fraud detection event pipeline in Node.js
A practical Node.js fraud event pipeline with stable event contracts, idempotent consumers, rules, risk scores, review queues, audit logs, and replay safety.
How junior developers can stand out when everyone uses AI
How junior developers can prove judgment, debugging skill, communication, and ownership in an AI-assisted coding market.
HTTP QUERY method explained: the new method between GET and POST
A practical guide to the new HTTP QUERY method, why RFC 10008 added it, how it compares with GET and POST, and when backend developers should care.
Idempotency in Node.js workers: how to avoid charging a user twice
A backend pattern for making Node.js jobs safe to retry, with examples for payment jobs, idempotency keys, Redis claims, and stored state.
Is learning DSA actually necessary for backend roles?
A practical DSA guide for backend beginners, with examples for interviews, real backend systems, learning splits, and what level is enough.
How to structure a Node.js backend project without overengineering
A practical Node.js backend folder structure that keeps routes, services, repositories, jobs, and config understandable.
How to scope a backend portfolio project recruiters can evaluate
Choose a backend portfolio project with one serious workflow, visible engineering decisions, realistic failure cases, and proof recruiters can review quickly.
tsconfig.json explained: the TypeScript options that actually matter
A plain-English guide to the tsconfig options that affect real projects: target, module, moduleResolution, strict, lib, include, and noEmit.
How to fix npm install errors: ERESOLVE, ENOENT, and permission denied
Fix npm install errors by identifying ERESOLVE, ENOENT, EACCES, ETARGET, and network failures before changing lockfiles or dependency versions.
What strict: true actually checks in TypeScript
A simple explanation of what TypeScript strict mode catches, with examples for null checks, implicit any, this binding, class fields, and errors.