Guides

How JSON Web Tokens work: structure, signing algorithms, authentication flow, security best practices, and common pitfalls.

A complete reference for regular expression syntax: character classes, anchors, quantifiers, groups, lookaheads, flags, and common patterns.

Why SHA-256 is wrong for passwords and bcrypt is wrong for data. How each algorithm works, when to use each, and what Argon2 is.

Side-by-side comparison of JSON and YAML: syntax differences, when to use each, common pitfalls, and how they convert to each other.

Every HTTP status code class explained: what 2xx, 3xx, 4xx, and 5xx mean, which codes to use in your API, and the ones you will see most often.

What Cross-Origin Resource Sharing is, why browsers enforce it, how preflight requests work, and how to configure the right response headers.

Size limits, persistence, security characteristics, and the right storage choice for auth tokens, user preferences, and app state.

How Cache-Control, ETag, Last-Modified, and Vary headers work, how browsers and CDNs interpret them, and the caching mistakes that hurt performance.

What Base64 encoding is, how the algorithm works, when to use it and when not to, the URL-safe variant, and the mistake of treating it as encryption.

What percent-encoding is, which characters must be encoded, the difference between encodeURI and encodeURIComponent, and how query strings work.

What Unicode is, how UTF-8 encodes it, why string lengths surprise you, what emoji do to your byte counts, and how to handle it correctly in code.

How OAuth 2.0 authorization flows work, when to use authorization code vs client credentials, what OpenID Connect adds, and where JWTs fit in.

How SQL injection and cross-site scripting attacks work, with real examples and the defenses that actually stop them: parameterized queries, CSP, and output encoding.

How REST, GraphQL, and gRPC differ in data fetching, typing, tooling, and performance, with clear guidance on when to reach for each.

What MAJOR.MINOR.PATCH means, what the ^ and ~ range operators in package.json do, how pre-release versions work, and when to bump which number.

How UUIDs and ULIDs work, why random UUIDs fragment database indexes, when ULID time-sorting matters, and how to choose between them.