Start here

Choose the problem you want to understand. Each path puts the guides in an order that builds context instead of sending you through a random archive.

Path 1

Build reliable backend workflows

Follow one operation from application structure through retries, failed jobs, recovery, and fraud-event processing.

  1. How to structure a Node.js backend project without overengineering

    A practical Node.js backend folder structure that keeps routes, services, repositories, jobs, and config understandable.

    5 min read
  2. Idempotency in Node.js workers: how to avoid charging a user twice

    A backend pattern for making Node.js jobs safe to retry, with examples for payment jobs, idempotency keys, Redis claims, and stored state.

    5 min read
  3. Queue dead-letter pattern in Node.js: what to do with failed jobs

    Design a Node.js dead-letter workflow with bounded retries, useful failure records, replay controls, idempotent workers, alerts, and safe operator recovery.

    4 min read
  4. Database restore tests: the backup step teams forget

    Turn database backups into a tested recovery process with clear RPO and RTO targets, isolated restore drills, integrity checks, application tests, and evidence.

    5 min read
  5. Designing a fraud detection event pipeline in Node.js

    A practical Node.js fraud event pipeline with stable event contracts, idempotent consumers, rules, risk scores, review queues, audit logs, and replay safety.

    6 min read
Path 2

Secure an API at its boundaries

Start with authorization, then add abuse limits, authentic integrations, browser policy, deployment identity, and negative tests.

  1. OWASP API Security Top 10 explained for Node.js backend developers

    Apply the OWASP API Security risks to Node.js routes with object-level authorization, schema validation, rate limits, inventory, logging, and abuse tests.

    5 min read
  2. Rate limiting in Node.js with Redis: a practical guide

    Build an atomic Redis rate limiter for Node.js, choose useful identities and limits, handle proxy IPs, and decide what happens when Redis is unavailable.

    4 min read
  3. Webhook signature verification in Node.js: the part tutorials skip

    Verify webhook signatures in Node.js without corrupting the raw body, avoid timing leaks, reject stale deliveries, and process valid events idempotently.

    4 min read
  4. CORS misconceptions: why disabling it is not an API security plan

    Understand what CORS actually controls, configure credentialed origins safely, debug preflights, and keep authentication and authorization as separate API boundaries.

    4 min read
  5. Content Security Policy explained for normal web developers

    A practical CSP guide with report-only rollout, strict policies, nonces, hashes, third-party scripts, reporting, and production checks.

    7 min read
  6. Next.js Server Actions security checklist for real apps

    Secure Next.js Server Actions with in-action authorization, strict validation, safe return values, abuse limits, idempotency, logging, and negative tests.

    4 min read
  7. GitHub Actions OIDC explained: stop storing long-lived cloud secrets

    Replace long-lived deployment keys with GitHub Actions OIDC, narrow cloud trust by repository and environment, and test denial before deleting old secrets.

    4 min read
Path 3

Understand TypeScript and its runtime boundary

Learn what the compiler controls, what strict mode catches, and how Node and npm can still disagree with the editor.

  1. tsconfig.json explained: the TypeScript options that actually matter

    A plain-English guide to the tsconfig options that affect real projects: target, module, moduleResolution, strict, lib, include, and noEmit.

    5 min read
  2. What strict: true actually checks in TypeScript

    A simple explanation of what TypeScript strict mode catches, with examples for null checks, implicit any, this binding, class fields, and errors.

    4 min read
  3. How to fix npm install errors: ERESOLVE, ENOENT, and permission denied

    Fix npm install errors by identifying ERESOLVE, ENOENT, EACCES, ETARGET, and network failures before changing lockfiles or dependency versions.

    4 min read
  4. HTTP QUERY method explained: the new method between GET and POST

    A practical guide to the new HTTP QUERY method, why RFC 10008 added it, how it compares with GET and POST, and when backend developers should care.

    8 min read
Path 4

Turn backend work into portfolio proof

Choose a serious workflow, document decisions and failures, and make the result understandable to an engineering reviewer.

  1. How to build a developer portfolio recruiters can understand in five minutes

    A simple developer portfolio structure with examples for showing projects, decisions, results, code quality, and contact information clearly.

    3 min read
  2. How to scope a backend portfolio project recruiters can evaluate

    Choose a backend portfolio project with one serious workflow, visible engineering decisions, realistic failure cases, and proof recruiters can review quickly.

    4 min read
  3. How junior developers can stand out when everyone uses AI

    How junior developers can prove judgment, debugging skill, communication, and ownership in an AI-assisted coding market.

    5 min read
  4. Is learning DSA actually necessary for backend roles?

    A practical DSA guide for backend beginners, with examples for interviews, real backend systems, learning splits, and what level is enough.

    5 min read