Step 1 • Foundations
The Node.js Runtime Model beginner Understand Node.js from the inside — the V8 JavaScript engine (executes JS), libuv (provides the event loop, async I/O, timer management, thread pool for disk/crypto), and how they combine. Node.js is single-threaded for JS execution but uses non-blocking I/O via the event loop, making it excellent for I/O-heavy workloads (APIs, file servers) but poor for CPU-heavy tasks without workers.
6h Step 2 • Foundations
Version Management and Package Ecosystem beginner Manage Node.js versions with nvm or fnm (switch per project, use .nvmrc to pin versions), understand LTS vs current release lines, and navigate the npm ecosystem — npm vs yarn vs pnpm (pnpm's hard-linked node_modules are faster and use less disk space). Use npm/pnpm scripts, package.json fields (engines, exports, workspaces), and lock files to keep builds reproducible.
4h Step 3 • Foundations
Modules — ESM vs CommonJS beginner Understand Node.js module systems in depth — CommonJS (require/module.exports, synchronous, dynamic), ES Modules (import/export, static analysis, asynchronous, .mjs or "type": "module"), the differences that matter (CJS gets the module cache, ESM is sealed), the package.json exports field for dual packages, and how bundlers resolve modules differently than Node.js.
6h Step 4 • Foundations
Async Control Flow beginner Write correct async Node.js code — Promises (then/catch), async/await, error propagation in async functions, Promise.all for parallel work, Promise.allSettled when you need all results, AbortController for cancellation, and p-limit for bounded concurrency (prevent overwhelming APIs or databases by running too many requests at once). Understand unhandledRejection and why it crashes Node.js processes.
8h Step 5 • Standard Library
Core APIs — fs, path, os, crypto beginner Use Node's built-in APIs instead of reaching for packages — fs (readFile, writeFile, readdir, stat, watch, createReadStream), fs/promises for async versions, path (join, resolve, dirname, extname, basename, relative), os (platform, cpus, freemem, homedir, tmpdir), crypto (randomBytes, createHash, createHmac — never roll your own crypto), and url (URL class, URLSearchParams).
7h Step 6 • Standard Library
Environment Variables and Configuration beginner Configure Node.js applications correctly — process.env for environment variables, --env-file flag (Node.js 20+) for .env files without dotenv, Zod or env-schema for validated environment configuration that fails fast on startup, separating config from code (12-Factor App), and managing different values for development/staging/production without committing secrets.
4h Step 7 • Networking
HTTP Servers from Scratch beginner Understand what frameworks abstract away by building a minimal HTTP server with Node's http module — IncomingMessage (method, url, headers, body stream), ServerResponse (writeHead, write, end), JSON parsing from the body stream, routing by URL and method, and proper error handling. This mental model makes you a better Express/Fastify user.
8h Step 8 • Networking
Frameworks — Fastify and Express intermediate Build real APIs with frameworks — Express (vast ecosystem, middleware-based, synchronous error handling quirks) and Fastify (schema-first, async by design, JSON Schema validation, 2-3x faster than Express, strongly recommended for new projects). Understand middleware vs plugins, route lifecycle hooks, error handling, and how validation prevents malformed input from reaching business logic.
10h Step 9 • Networking
HTTP Clients and External APIs intermediate Make outbound HTTP requests from Node.js — undici (Node.js's official HTTP client, fast and modern), node-fetch (browser-compatible Fetch API), and axios (interceptors, auto JSON transform). Implement retry with exponential backoff and jitter, circuit breakers, timeouts (connect vs socket), and mock HTTP calls in tests with nock or MSW.
6h Step 10 • Data
Streams, Buffers, and Backpressure intermediate Process large data without loading it all into memory — Readable streams, Writable streams, Transform streams (parse/transform on the fly), pipeline() for safe pipe with error propagation, stream.compose() for combining transforms, BackPressure (what it is, why ignoring it causes memory leaks), and Buffer for binary data (encoding: utf8, base64, hex, latin1).
8h Step 11 • Data
Databases — PostgreSQL and Redis intermediate Connect Node.js to databases — pg (PostgreSQL driver: connection pools, parameterized queries, transactions), Drizzle ORM or Prisma for type-safe queries with TypeScript, avoiding the N+1 problem, redis (ioredis or @upstash/redis for caching, sessions, rate limiting, pub/sub), and how to run database migrations safely in production.
10h Step 12 • Security
Authentication and JWT intermediate Implement authentication in Node.js — password hashing with bcrypt (salt rounds, why not MD5/SHA-256), JWT (jsonwebtoken: sign/verify, short-lived access tokens + long-lived refresh tokens in HttpOnly cookies), session-based auth (express-session + Redis session store), middleware for route protection, and rate limiting login endpoints (express-rate-limit or fastify-rate-limit).
8h Step 13 • Security
Security Best Practices intermediate Defend Node.js APIs — parameterized queries (never string concatenation in SQL), Helmet.js for security headers (XSS Protection, noSniff, HSTS, referrer-policy), CORS configuration (cors package, allowlist origins), input validation with Zod/Joi, preventing prototype pollution (never spread untrusted objects), npm audit for dependency vulnerabilities, and the OWASP Node.js Security Cheat Sheet.
7h Step 14 • Quality
Testing Node.js Applications intermediate Test Node.js applications thoroughly — unit tests with Vitest (fast, native ESM) or the built-in node:test runner, HTTP integration tests with supertest (test handlers without binding to a port), test databases with testcontainers (spin up a real PostgreSQL in tests), mock HTTP calls with MSW, and measure coverage with c8. Structure tests so they run independently and clean up after themselves.
8h Step 15 • Performance
Worker Threads and Child Processes advanced Escape the single-threaded model for CPU-bound tasks — worker_threads (shared ArrayBuffer, MessageChannel, workerData — use for CPU-heavy tasks in the same process), child_process (spawn, exec, fork — for running separate scripts or system commands), and the cluster module (fork the main process to utilize multiple CPU cores for HTTP servers). Understand when each is appropriate.
7h Step 16 • Performance
Profiling and Performance Diagnostics advanced Measure and diagnose Node.js performance — CPU profiling with V8 Profiler and clinic.js (flame graphs to find hot functions), memory leak detection with --inspect and Chrome DevTools heap snapshots (identify detached DOM nodes, leaked closures, growing arrays), event loop latency measurement, and load testing with autocannon to find throughput limits.
8h Step 17 • Production
Structured Logging and Observability advanced Make production Node.js services diagnosable — structured JSON logging with Pino (fastest Node.js logger: child loggers with request IDs, serializers, redaction for sensitive fields), OpenTelemetry for distributed tracing (auto-instrumentation for Express/Fastify, custom spans), health check endpoints (/healthz and /readyz for Kubernetes), and metrics with prom-client.
7h Step 18 • Ship It
Containerization and Production Deployment advanced Deploy Node.js services correctly — write a production-ready multi-stage Dockerfile (build stage → slim runtime stage, non-root user, HEALTHCHECK), configure graceful shutdown (handle SIGTERM: drain in-flight requests, close DB connections, then exit), run with PM2 or as a single process in containers, and set up a GitHub Actions CI/CD pipeline that builds, tests, and deploys.
8h 