encryption
Loading Secrets at Runtime Without Leaking Them: config(), the Keystore, and run
Part 3 of 3 on @faizahmed/secret-keystore . Part 1 was the threat model; Part 2 was the CLI. This part is how your app reads secre…
#nodejs
25 posts RSS
encryption
Encrypt Your .env with One Command: The secret-keystore CLI
Part 2 of 3 on @faizahmed/secret-keystore . Part 1 covered the threat model; this part is pure hands-on. By the end you'll have an…
encryption
Your .env Is a Loaded Gun: A Saner Threat Model for Node.js Secrets
Part 1 of 3 in a deep-dive on @faizahmed/secret-keystore . New here? Start with the Complete Guide. For the original incident writ…
encryption
Encrypted .env for Node.js with AWS KMS: The Complete Guide
A year ago I would have told you a .env file was fine. Then we patched a CVSS 10.0 RCE in Next.js (CVE-2025-66478) and spent the n…
scaling-javascript-nodejs
Retries Are Not a Fix. They Are a Liability.
Before you read, run this test If you’re using background jobs, queues, or retries, answer this: If the same task runs twice, does…
scaling-javascript-nodejs
Your Background Jobs Are Not Failing. They Are Lying.
A few months ago, we had a system that was “working fine”. Jobs were getting processed. Workers were running. No errors in logs. B…
Stop Putting Secrets in process.env: Encrypt Env Vars with AWS KMS
This post starts with the production problem we hit in late 2025, the critical security vulnerability in React Server Components a…
Scaling the Boring Stuff: Sending 10 Million Notifications with a Simple Node.js Job Worker
At scale, notifications are not special. They are just one of the most common million job problems you will ever solve. Email, SMS…
scaling-javascript-nodejs
Your Node.js AWS SDK v3 App Will Crash in Production Without This maxSockets Fix
Everything was fine until it wasn’t. Our Node.js app, powered by AWS SDK v3, started freezing during peak traffic. Requests to S3…
scaling-javascript-nodejs
Secrets Sprawl in Node.js Projects: Detection, Prevention & Secure Deployment (2025)
If a credential can be found in your code base, CI logs, or Slack archive — it’s not just a secret; it’s a risk. By 2025, leaked c…
Zero-Downtime Deployments in Node.js: Real Strategies, Real Examples
“It’s 3 AM. The system’s live. You push an update and suddenly traffic falls off a cliff.” That’s the moment teams stop being hero…
vcw
Master Docker in Real Projects: Compose + CI/CD + Best Practices
With real-world Docker Compose setups, GitHub Actions CI pipelines, and practical command recipes. Everything you need to master D…
scaling-javascript-nodejs
API Observability: Logs, Traces, Metrics with OpenTelemetry
Observability isn't just about logs anymore. In 2025, understanding how your API behaves under load, in production, across service…
scaling-javascript-nodejs
How to Architect Multi-Tenant SaaS Backends in 2025 (PostgreSQL + Node.js)
In the world of SaaS, designing for scale starts with multi-tenancy done right. Why Multi-Tenant Architecture Matters SaaS is all…
scaling-javascript-nodejs
Packaging Node.js Libraries the Right Way: ESM, CommonJS, and Bundlers in 2025
Why Packaging Still Breaks in 2025? Despite being two decades into Node.js, publishing a library that works across CommonJS (CJS),…
scaling-javascript-nodejs
JWT vs PASETO vs Session-Based Auth
Are JWTs safe? Should you switch to PASETO? Is session-based auth outdated? In this guide, we’ll compare modern token systems in d…
How to Prevent Replay Attacks with JWTs: JWS vs JWE and Fingerprint Validation in Node.js
In this post, we’ll explore what replay attacks are, how JWS and JWE differ, and how to generate + validate session fingerprints u…
scaling-javascript-nodejs
Memory Leaks and Garbage Collection in Node.js: What Developers Get Wrong (And How to Fix It)
Introduction: Is Node.js Really Leaking Memory? Have you ever noticed your Node.js app using more and more memory over time — even…
scaling-javascript-nodejs
Stop Using JSON.parse on Huge Payloads: Streaming JSON in Node.js
Think JSON.parse() is harmless? Think again. When you're dealing with massive logs, analytics dumps, or API exports, that innocent…
scaling-javascript-nodejs
Offset vs Cursor vs Keyset Pagination: Best Practices for Scalable APIs
Before we dig deep into the details. Let’s break down on what problem this article really addresses, what solution works best and…
scaling-javascript-nodejs
Tame the Stream: Handling Backpressure in Node.js Like a Pro
Streaming Isn’t Always Smooth! Node.js Streams are a great way to handle large data without loading everything into memory. But wi…
scaling-javascript-nodejs
Killing Your App with .map()? Here’s the Modern Fix
When working with large datasets in JavaScript, many developers instinctively reach for .map() to transform arrays. It’s clean, el…
scaling-javascript-nodejs
Understanding Express Typescript
In ExpressJS , we always have to start from scratch for things like CSRF / JWT Token , Exception Handling , Clusters , Queues , Ca…
scaling-javascript-nodejs
NodeJS without NPM
This article lists things that we can achieve in NodeJS without using any NPM dependencies. You can find the repository on GitHub…
scaling-javascript-nodejs
What's NodeJS?
Node.js is an open-source and cross-platform JavaScript runtime environment. It is a popular tool for almost any kind of project!…