A hands-on reference repository for advanced Node.js and Express.js — covering security, file handling, email, rate limiting, CSRF protection, MySQL, and more. Each folder is a standalone module with working code and theory notes.
This isn't a beginner "hello world" repo. It picks up where most Node.js tutorials stop — the real-world concerns that show up when you're building production backends: protecting routes, hashing passwords correctly, handling cookies and sessions, preventing abuse, and understanding how Node.js actually works under the hood.
- Backend developers who know basic Express.js and want to level up
- Developers building production Node.js APIs and need practical security and performance patterns
- Students preparing for backend engineering interviews
- Anyone who wants runnable, real-world code alongside theory notes
| Folder | Topic | What's Covered |
|---|---|---|
nodeJsworking |
Node.js Internals | Event loop, call stack, libuv, non-blocking I/O architecture |
eventNode |
Event Emitter | Node.js EventEmitter — custom events, listeners, real-world patterns |
filesystem |
File System | fs module — read, write, append, delete, streams |
path |
Path Module | path.join, path.resolve, __dirname, cross-platform file paths |
URL |
URL Module | Parsing and constructing URLs with Node's built-in URL API |
routing |
Express Routing | Route params, query strings, modular routers, route grouping |
request |
Request Object | Full cheat sheet for Express req — body, params, query, headers, cookies |
response |
Response Object | Full cheat sheet for Express res — send, json, status, redirect, download |
cookie |
Cookies & Sessions | Setting, reading, and securing cookies; session management in Express |
csrf |
CSRF Protection | CSRF attack explained + protection setup with csurf in Express |
ratelimiting |
Rate Limiting | Abuse prevention with express-rate-limit and helmet |
bcryptVsArgon2 |
Password Hashing | bcrypt vs Argon2 — implementation, verification, and when to use which |
fileUpload |
File Uploads | Handling multipart/form-data uploads with Multer |
sendEmail |
Email with Nodemailer | Sending transactional emails via SMTP using Nodemailer |
mySql |
MySQL Integration | Connecting to MySQL, CRUD operations, parameterized queries |
todoCLI |
CLI App | Building a terminal Todo app with Node.js — add, view, exit |
challenge1 |
Event Emitter Challenge | Track user actions and log summaries using a custom EventEmitter |
Each folder contains:
- Working JavaScript source files — runnable as-is
instructions.txt— theory, explanations, and notes
# 1. Clone the repo
git clone https://github.com/Wcoder547/Nodejs-ExpressJs-Advance.git
cd Nodejs-ExpressJs-Advance
# 2. Navigate to any module
cd ratelimiting
# 3. Install dependencies (if a package.json exists in the folder)
npm install
# 4. Run the example
node index.jsSome folders (like routing, cookie, csrf) spin up an Express server — open http://localhost:3000 once running. Read the instructions.txt in each folder first for context.
nodeJsworking → eventNode → filesystem → path → URL
→ routing → request → response → cookie → csrf
→ ratelimiting → bcryptVsArgon2 → fileUpload → sendEmail → mySql
- Node.js v18+ installed (nodejs.org)
- Basic JavaScript and some prior Express.js exposure
- For the
mySqlmodule: MySQL running locally or a remote instance
A comprehensive Node.js reference PDF is included at the root of the repo:
📄 node-notes.pdf — covers Node.js architecture, core modules, and backend patterns in depth.
This repo was built to cover the parts of Node.js and Express that matter in production but rarely show up in beginner tutorials — CSRF protection, the difference between bcrypt and Argon2, how rate limiting actually works, what EventEmitter is useful for, and how Node's non-blocking I/O model works under the hood.
Each module is the result of working through the concept, building a minimal but real example, and writing it up so it's useful as a reference later.
Built by Waseem Akram — Full-Stack Developer and DevOps Engineer based in Pakistan, working across the MERN stack, Generative AI integrations, and cloud automation.
If this helped you, consider giving it a ⭐