JavaScript enthusiast and maintainer of many open source projects.

Learn 2 rate limiting strategies you should avoid and 2 strategies you should be using and how to implement them in Node and JavaScript.

Rate limiting is an effective and relatively easy way to mitigate security risks. It will not be the only thing you do secure your applications, and it might not even be the most important thing you do to secure your applications, but it should ALWAYS be in your toolbox.

Let’s take a case where an attacker tries to guess a user’s password. If you set a limit on the number of times a password can be attempted per day, it will cripple the hacker’s attack and keep your users safe.

If you don’t rate limit, attackers can use your CPU…

This was originally posted on

SQLite is a great database for embedded use cases. e.g. if you are using node.js in IOT, or an Electron app.

To get started, install @databases/sqlite using either yarn or npm:

yarn install @databases/sqlite


npm install @databases/sqlite

Then you can import it (if you are using TypeScript/Babel/some other environment that supports ESModules) or require it (if you are using plain JavaScript), and call connect to create the database file if it does not exist, and open it if it already exists.

Here is an example of using SQLite as a basic key value…

Originally posted on

One of the first things you’ll need to do when starting most node projects is to chose a database and database library. You’ll normally want to choose your database before you choose the library, but in the case of @databases, we support a few different databases, so you do have some leeway.


In recent years, NoSQL databases have grown, and then somewhat declined in popularity. They often seem much easier to get started with than SQL databases because you don’t need to learn any new language, and you don’t need to define your schema up-front. They…

This week I released pug 3.0.0. This release brings a few really exciting new features, as well as a couple of small breaking changes. I also took this opportunity to update the supported versions of node.js to match the official LTS versions. The breaking changes are minimal, and should not impact most users. The highlights include:

  • The new each … of … syntax lets you iterate over Maps and Sets as well as Arrays, and is more efficient than the each … in … syntax. …

Image for post
Image for post
Photo by Jamie Street on Unsplash


The company I work for has many different systems that are all linked together by APIs. Each system stores and processes different information about the business’s operations. Having these systems separated works really well for our development teams, as it makes it really simple for people to work on them and deploy them independently.

Our users don’t have to think about all these separate systems. We have a number of apps, but they are split by the use case of the user, not by the backend service they talk to. …

Last Saturday, I made the decision to try and catch up on some of the many contributions to my open source projects. One of the first pull requests I decided to merge was one that adds a TypeScript declaration file to is-promise.

After merging it, I decided it would also be a good time to update the module to support ES Module style imports. Specifically I wanted to be able to import isPromise from 'is-promise'; without needing to have synthetic default imports enabled. After this, I ran the tests, which passed, and published a new version.

I had been intending…

Image for post
Image for post

One of the biggest things that determines whether an app “feels” native is how fast it is. A lot of making an app feel fast is about optimising key hot code paths and having the right animations, but for most apps there will be at least some parts of the app that involve reading and writing data.

Whilst it is becoming rarer for a user to be fully offline, it’s still really common for mobile users in particular to have poor network connectivity. …

Image for post
Image for post
Photo by Hendrik Cornelissen on Unsplash

Sometimes you need a way to look at every row in a database table, and perform some operation on it.

SQL databases are, on the whole, great at handling massive amounts of data. I don’t think it’s an exaggeration to say that most of the companies I’ve seen who use Hadoop, would be better off just adding an index or some RAM to their Postgres/MySQL server. You can do amazing filtering and aggregation within SQL. Sometimes these powerful operations don’t support the thing you need, sometimes you’ll want to process every single row in node.js

Async Iterables

Imagine the following scenario:

  • We…

Image for post
Image for post
Photo by Abigail Lynn on Unsplash

I recently had a challenge for one of my side projects. I needed to transfer a docker container that I’d built on one machine, to another machine that I could access via SSH. I didn’t want to push my container to a public docker registry, or go through the trouble of setting up my own private registry.

Using Built-in Tools

It didn’t take long to find an answer on stack overflow (

docker save <image> | bzip2 | \
ssh user@host 'bunzip2 | docker load'

Lets break this down:

  1. docker save <image> takes all the image data and serializes it, along with its…

Image for post
Image for post
Photo by Photos By Beks on Unsplash

When building servers that provide JSON data, either using REST or GraphQL, we often want to query some time, along with its “children”. If we’re not careful we can end up with a large number of inefficient queries. Fortunately, Postgres has some functions that allow returning complex data structures directly as “JSON”. This works great with node.js because they just become native JavaScript objects.

The Problem

Consider the database schema:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store