39 articles found
I shipped JWT auth with tokens that never expired, stored in localStorage, to production. This is the post-mortem. Covers JWT structure, why your token strategy probably has holes, access and refresh tokens done right, password hashing with bcrypt, and the storage debate that never ends.
I spent a solid week tightening security on an Express app and wrote down everything that tripped me up — rate limiting, security headers, CORS, input sanitization, and cookie hardening. This is that list, dressed up as a blog post.
A frustration-driven tutorial on handling file uploads in Express.js with Multer. What went wrong, why it went wrong, and the actual config that fixed it -- covering storage engines, file filtering, size limits, image resizing with Sharp, and uploading to S3.
I used to hate Promises. Callbacks felt intuitive and Promises felt like ceremony. Then I actually learned how they work -- the constructor, chaining, combinators, the microtask queue -- and I stopped fighting them. Here's everything I figured out the hard way.
I bombed a whiteboard interview because I couldn't explain __proto__ vs .prototype. Went home and actually figured it out. Here's the prototype chain, Object.create, constructor functions, and why ES6 classes are just syntax over the same old mechanism.
Design patterns get a bad rap, but a handful of them genuinely earn their keep in JavaScript. This opinionated walkthrough covers seven patterns — module, observer, singleton, factory, strategy, decorator, and facade — with honest takes on which ones I actually reach for in real code and which ones mostly live in textbooks.