Node.js: The Complete Runtime

What is Node.js and how does it differ from browser JavaScript

V8 engine, libuv, runtime vs browser, global object, process object, single-threaded model

How the Node.js event loop works step by step

event loop phases, call stack, callback queue, microtask queue, setTimeout vs setImmediate, process.nextTick

Node.js module system: CommonJS vs ES Modules

require vs import, module.exports, named exports, default exports, .mjs vs .cjs, package.json type field, circular dependencies

npm and package.json: managing Node.js dependencies

npm init, package.json fields, dependencies vs devDependencies, package-lock.json, semantic versioning, npm scripts, npx

Node.js built-in globals and useful CLI flags

__dirname, __filename, global object, Buffer, console methods, --watch flag, --inspect flag, NODE_ENV, .env files

Callbacks in Node.js and the error-first convention

callback pattern, error-first callbacks, callback hell, Node.js core callback APIs, fs.readFile, asynchronous vs synchronous fs

Promises in Node.js: then, catch, and chaining

Promise constructor, resolve, reject, .then chaining, .catch, .finally, Promise.all, Promise.allSettled, util.promisify

async/await in Node.js: writing async code that looks synchronous

async functions, await keyword, try/catch with async, top-level await in ESM, sequential vs parallel await, error propagation

Node.js EventEmitter: building event-driven components

EventEmitter class, emit, on, once, removeListener, off, extending EventEmitter, memory leak warnings, custom events

Handling errors in async Node.js code the right way

try/catch in async functions, unhandledRejection, uncaughtException, error objects, operational vs programmer errors, process error events

Node.js fs module: reading, writing, and watching files

fs.readFile, fs.writeFile, fs.appendFile, fs.unlink, fs.mkdir, fs.readdir, fs.stat, fs.watch, fs.promises API, recursive directory creation

Node.js path module: handling file paths correctly cross-platform

path.join, path.resolve, path.dirname, path.basename, path.extname, path.parse, path.sep, Windows vs POSIX paths

Building an HTTP server with Node.js http module

http.createServer, IncomingMessage, ServerResponse, request URL parsing, method routing, setting headers, status codes, sending JSON responses

Node.js streams: reading and writing large data efficiently

Readable streams, Writable streams, Transform streams, pipe, pipeline, stream events, backpressure, fs.createReadStream, fs.createWriteStream

Node.js crypto module: hashing, encryption, and random values

crypto.createHash, SHA-256, MD5, crypto.randomBytes, crypto.randomUUID, crypto.createHmac, timing-safe comparison, password hashing with scrypt

Express.js setup and routing fundamentals

express installation, app.get/post/put/delete, route parameters, query strings, request body parsing, app.use, Router, modular routing

Express middleware: how it works and how to write your own

middleware signature, next(), error-handling middleware, application vs router middleware, morgan, cors, request timing middleware, middleware order

Input validation in Express APIs with Zod or Joi

validation middleware pattern, Zod schema, Joi schema, validating req.body, req.params, req.query, returning 400 errors, schema reuse

Structured error handling in Express APIs

custom AppError class, operational vs programmer errors, async error wrapper, error middleware, HTTP status codes, error response format, 404 handler

Serving files and handling multipart uploads in Express

express.static, res.sendFile, multer setup, single and multiple file uploads, file type validation, file size limits, storage engines, serving uploaded files

JWT authentication in Node.js: how it actually works

JWT structure, header/payload/signature, jsonwebtoken library, signing tokens, verifying tokens, token expiration, access vs refresh tokens, token storage

Building a JWT auth middleware for Express

Bearer token extraction, auth middleware, protect route, role-based access control, attaching user to req, optional auth, public vs protected routes

Password hashing and secure login in Node.js

bcrypt vs scrypt, bcrypt salt rounds, password storage, login flow, timing-safe comparison, brute force protection, rate limiting

Securing Express APIs: helmet, rate limiting, and CORS

helmet headers, express-rate-limit, CORS configuration, HTTPS enforcement, XSS protection, clickjacking prevention

Environment configuration and secrets management in Node.js

dotenv, process.env, config validation with Zod, .env.example, never committing secrets, NODE_ENV, 12-factor app

Connecting Node.js to PostgreSQL with pg or Prisma

pg library, connection pools, parameterized queries, SQL injection prevention, Prisma ORM setup, Prisma schema, migrations, Prisma Client

Unit testing Node.js with Jest

Jest setup, describe/it/expect, matchers, async tests, beforeEach/afterEach, mocking modules with jest.mock, mocking functions with jest.fn

Integration testing Express APIs with Supertest

supertest setup, testing routes without starting a server, status code assertions, body assertions, authentication in tests, beforeAll/afterAll, test isolation

Logging and monitoring Node.js applications in production

winston setup, log levels, structured JSON logging, morgan integration, correlation IDs, error logging, health check endpoints

Deploying Node.js to production: Docker and cloud platforms

Dockerfile for Node.js, .dockerignore, multi-stage builds, non-root user, docker-compose, environment variables in Docker, graceful shutdown, Render deployment