A Beginner’s Guide to Node.js (Latest Version)

1. Introduction to Node.js (Latest Version)

Welcome to the exciting world of Node.js! This document is designed to be your comprehensive guide, taking you from a complete novice to a confident Node.js developer. We’ll explore the fundamentals, dive into practical applications, and equip you with the knowledge to build powerful server-side applications.

What is Node.js (Latest Version)?

Node.js is an open-source, cross-platform JavaScript runtime environment built on Chrome’s incredibly fast V8 JavaScript engine. Traditionally, JavaScript was confined to running in web browsers (client-side). Node.js breaks this barrier, allowing you to execute JavaScript code outside of the browser, primarily for server-side development.

Think of it as enabling JavaScript to interact directly with your computer’s operating system, read and write files, connect to databases, and handle HTTP requests – essentially, everything a traditional backend language like Python or Java can do.

As of August 2025, the latest stable release is Node.js v24.6.0. This version brings a host of new features and improvements, making it even more powerful and efficient.

Why learn Node.js (Latest Version)?

Learning Node.js in 2025 is a strategic move for several compelling reasons:

• JavaScript Everywhere (Full-Stack Development): If you already know JavaScript for frontend development, Node.js allows you to use the same language for your backend. This significantly reduces the learning curve and enables you to become a true full-stack developer, proficient in both client-side and server-side logic.
• High Performance and Scalability: Node.js utilizes a non-blocking, event-driven architecture. This means it can handle a massive number of concurrent connections efficiently, making it ideal for real-time applications (like chat apps, online gaming, and live dashboards) and microservices that require high throughput.
• Vast Ecosystem (npm): The Node Package Manager (npm) is the world’s largest software registry, boasting over 2 million packages. Whatever functionality you need, chances are there’s already a well-maintained package for it, accelerating your development process.
• Industry Relevance and Demand: Node.js continues to be one of the most in-demand technologies for backend development. Major companies like Netflix, LinkedIn, and Uber leverage Node.js for their core services. Mastering Node.js significantly boosts your career prospects.
• New Features in Node.js 24/25:
  • Native WebSocket Streams: No more relying on third-party libraries for basic WebSocket handling, leading to less dependency bloat and better performance.
  • Native Fetch API Support: Just like in browsers, you can now make HTTP requests directly with the native Fetch API, resulting in cleaner and standardized code.
  • Error.isError: A static method to reliably check if a value is an instance of an Error, regardless of its JavaScript realm, simplifying error handling.
  • Explicit Resource Management (using, using await): New syntax for standardized lifecycle management of resources like file handles or network connections, reducing resource leaks and improving code cleanliness.
  • Atomics.pause: A hint to the CPU that the current thread is waiting, optimizing power usage and performance in spinlocks.
  • Expanded WebAssembly Support (64-bit memory): Significant increase in WebAssembly memory size limit, beneficial for memory-intensive applications.
  • Stable Permission Model: A mechanism to restrict access to specific resources during execution, enhancing application security.
  • URLPattern as Global: The URLPattern API is now globally exposed for powerful URL pattern-matching, simplifying routing and URL parsing.
  • npm 11.0.0: The latest npm version with improvements like a type prompt for npm init and support for newer Node.js versions.

A Brief History

Node.js was created by Ryan Dahl in 2009. His motivation was to enable easily buildable, scalable network programs, specifically web servers, with JavaScript. It started as a niche technology but quickly gained traction due to its innovative non-blocking I/O model and the rise of JavaScript as a ubiquitous language. Over the years, it has matured into a robust and widely adopted platform for various applications.

Setting up your development environment

Before you can start writing Node.js applications, you need to set up your development environment. This is a straightforward process.

Prerequisites:

• Command Line Interface (CLI): You’ll be using your terminal or command prompt extensively.
• Text Editor or IDE: A code editor like Visual Studio Code (VS Code), Sublime Text, or Atom is essential for writing and managing your code. VS Code is highly recommended due to its excellent Node.js integration and extensive extensions.

Step-by-step instructions:

1. Download Node.js: Go to the official Node.js website: https://nodejs.org/ You’ll see two recommended versions:

   • LTS (Long Term Support): This is the most stable and recommended version for most users and production environments. It receives long-term support and bug fixes.
   • Current: This version includes the latest features but might have more frequent changes. For learning, the LTS version is generally preferred for its stability. Download the installer appropriate for your operating system (Windows, macOS, Linux).

2. Install Node.js:

   • Windows: Run the downloaded .msi installer. Follow the prompts, accepting the default settings. Ensure “Node.js runtime” and “npm package manager” are selected for installation.
   • macOS: Run the downloaded .pkg installer. Follow the prompts, accepting the default settings.
   • Linux: It’s recommended to use a version manager like nvm (Node Version Manager) for Linux to easily switch between Node.js versions. However, for a quick start, you can follow the official Node.js installation instructions for your specific distribution (e.g., sudo apt install nodejs and sudo apt install npm for Debian/Ubuntu).

3. Verify Installation: Open your terminal or command prompt and run the following commands:

   node -v
   npm -v
   

   You should see the installed versions of Node.js and npm (Node Package Manager). For example:

   v24.6.0
   11.0.0
   

   If you see version numbers, congratulations! Node.js and npm are successfully installed.

4. Create your first Node.js file: Create a new directory for your first project:

   mkdir my-first-node-app
   cd my-first-node-app
   

   Inside my-first-node-app, create a file named app.js and add the following code:

   // app.js
   console.log("Hello from Node.js!");
   

5. Run your first Node.js application: In your terminal, while in the my-first-node-app directory, run:

   node app.js
   

   You should see the output:

   Hello from Node.js!
   

You’ve successfully set up your environment and run your first Node.js application!

2. Core Concepts and Fundamentals

Node.js, at its heart, revolves around a few key concepts that differentiate it from traditional server-side technologies. Understanding these is crucial for writing efficient and robust Node.js applications.

2.1 The V8 JavaScript Engine and Event Loop

Detailed Explanation:

Node.js leverages Google Chrome’s V8 JavaScript engine to execute JavaScript code. V8 is written in C++ and is incredibly fast, compiling JavaScript directly into native machine code. This is why Node.js applications can be highly performant.

The Event Loop is the cornerstone of Node.js’s non-blocking I/O model. Unlike traditional server architectures where each incoming request might spawn a new thread (which can consume significant memory and CPU), Node.js operates on a single-threaded event loop. When an operation that takes time (like reading a file, making a database query, or a network request) is encountered, Node.js doesn’t wait for it to complete. Instead, it offloads the operation to the system kernel (which handles I/O operations in the background) and continues processing other tasks. Once the asynchronous operation is complete, the result is placed back into the event queue, and the event loop picks it up when it’s free. This allows Node.js to handle a high volume of concurrent connections with a single thread, making it very efficient for I/O-bound operations.

Code Examples:

Blocking (Synchronous) vs. Non-blocking (Asynchronous) I/O:

Let’s illustrate the difference with a file system operation.

Blocking Example (fs.readFileSync):

// blocking-example.js
const fs = require('fs');

console.log("Start reading file...");

try {
  const data = fs.readFileSync('example.txt', 'utf8');
  console.log("File content (blocking):", data);
} catch (err) {
  console.error("Error reading file:", err);
}

console.log("End of script (blocking).");

To run this, create a file named example.txt with some content, e.g., “This is some content.”

When blocking-example.js runs, fs.readFileSync will halt the execution of the script until the file is completely read. The “End of script (blocking).” message will only appear after the file content is logged.

Non-blocking Example (fs.readFile):

// non-blocking-example.js
const fs = require('fs');

console.log("Start reading file...");

fs.readFile('example.txt', 'utf8', (err, data) => {
  if (err) {
    console.error("Error reading file:", err);
    return;
  }
  console.log("File content (non-blocking):", data);
});

console.log("End of script (non-blocking). This appears before file content.");

When non-blocking-example.js runs, fs.readFile immediately returns, allowing the “End of script (non-blocking).” message to be logged before the file content. The callback function is executed once the file reading is complete. This demonstrates how Node.js continues processing other tasks while waiting for I/O operations.

Exercises/Mini-Challenges:

1. Challenge 1.1: Modify the non-blocking-example.js to also read a second file named another.txt asynchronously. Observe the order of the console.log messages.
   • Hint: You’ll call fs.readFile twice.

2.2 Modules (CommonJS and ES Modules)

Detailed Explanation:

Node.js applications are built using modules. Modules allow you to break your code into reusable, organized, and encapsulated units. This promotes maintainability, prevents global namespace pollution, and makes collaboration easier.

Historically, Node.js used the CommonJS module system (e.g., require() and module.exports). More recently, Node.js has also adopted ECMAScript (ES) Modules (e.g., import and export), which are the standard module system for JavaScript in browsers and are gaining widespread adoption in Node.js.

• CommonJS:

  • Used with require() to import modules and module.exports (or exports) to export values.
  • Synchronous loading.
  • Default for .js files in older Node.js projects, or if "type": "commonjs" is specified in package.json.

• ES Modules:

  • Used with import to import modules and export to export values.
  • Asynchronous loading.
  • Default for .mjs files or if "type": "module" is specified in package.json.

Code Examples:

CommonJS Module Example:

calculator.js

// calculator.js (CommonJS Module)
function add(a, b) {
  return a + b;
}

function subtract(a, b) {
  return a - b;
}

// Exporting functions
module.exports = {
  add,
  subtract
};

app.js (using CommonJS)

// app.js
const calculator = require('./calculator'); // Import the module

console.log("2 + 3 =", calculator.add(2, 3));
console.log("5 - 1 =", calculator.subtract(5, 1));

ES Module Example:

mathUtils.mjs (or mathUtils.js if "type": "module" in package.json)

// mathUtils.mjs (ES Module)
export function multiply(a, b) {
  return a * b;
}

export function divide(a, b) {
  if (b === 0) {
    throw new Error("Cannot divide by zero");
  }
  return a / b;
}

main.mjs (or main.js if "type": "module" in package.json)

// main.mjs
import { multiply, divide } from './mathUtils.mjs'; // Import specific functions

console.log("4 * 6 =", multiply(4, 6));
try {
  console.log("10 / 2 =", divide(10, 2));
  console.log("10 / 0 =", divide(10, 0)); // This will throw an error
} catch (error) {
  console.error("Error:", error.message);
}

To run ES Modules, you might need to create a package.json file in your project directory (run npm init -y) and add "type": "module" to it, or use the .mjs file extension.

Exercises/Mini-Challenges:

1. Challenge 2.1: Create a CommonJS module named stringUtils.js that exports a function capitalize(str) that takes a string and returns it with the first letter capitalized. Then, in main.js, import and use this function.
2. Challenge 2.2: Convert your stringUtils.js module and its usage in main.js to use ES Modules. Remember to adjust file extensions or package.json.

2.3 Node Package Manager (npm)

Detailed Explanation:

npm (Node Package Manager) is the default package manager for Node.js. It’s a command-line utility for interacting with the npm registry, an online database of public and private packages (reusable code libraries). npm allows you to:

• Install packages: Add third-party libraries to your project.
• Manage dependencies: Keep track of the libraries your project relies on in package.json.
• Run scripts: Automate common development tasks defined in package.json.
• Publish your own packages: Share your code with the community.

package.json is a manifest file that holds metadata about your project (name, version, description, etc.) and lists its dependencies (dependencies and devDependencies).

Code Examples:

Initializing a project and installing a package:

1. Initialize a new Node.js project: Open your terminal in an empty project directory and run:

   npm init -y
   

   This command creates a package.json file with default values. The -y flag answers “yes” to all prompts.

   A package.json file will look something like this:

   // package.json
   {
     "name": "my-npm-project",
     "version": "1.0.0",
     "description": "",
     "main": "index.js",
     "scripts": {
       "test": "echo \"Error: no test specified\" && exit 1"
     },
     "keywords": [],
     "author": "",
     "license": "ISC"
   }
   

2. Install a package (e.g., lodash): lodash is a popular utility library. To install it as a project dependency:

   npm install lodash
   

   You’ll notice two things:

   • A node_modules folder is created, containing the installed lodash package and its own dependencies.
   • lodash is added to the dependencies section in your package.json file.
   • A package-lock.json file is created (or updated). This file locks down the exact version of every dependency, ensuring consistent installations across different environments.

   Your package.json might now look like this:

   // package.json (after installing lodash)
   {
     "name": "my-npm-project",
     "version": "1.0.0",
     "description": "",
     "main": "index.js",
     "scripts": {
       "test": "echo \"Error: no test specified\" && exit 1"
     },
     "keywords": [],
     "author": "",
     "license": "ISC",
     "dependencies": {
       "lodash": "^4.17.21" // The installed package and its version
     }
   }
   

3. Using the installed package: index.js

   // index.js
   const _ = require('lodash'); // Import lodash (CommonJS style)
   
   const numbers = [1, 2, 3, 4, 5];
   const sum = _.sum(numbers); // Using a lodash function
   console.log("Sum using lodash:", sum);
   
   const shuffled = _.shuffle(numbers); // Another lodash function
   console.log("Shuffled numbers:", shuffled);
   

   Run: node index.js

Exercises/Mini-Challenges:

1. Challenge 3.1: Install the axios package (a popular HTTP client for making API requests). Add a script to your package.json called "start": "node index.js" that runs your index.js file. Then, try running npm start.
2. Challenge 3.2: Research how to install a package as a devDependency (development dependency) using npm. Why would you want to install a package as a devDependency instead of a regular dependency? Give an example of a tool you might install as a devDependency.

2.4 Asynchronous JavaScript (Callbacks, Promises, Async/Await)

Detailed Explanation:

Asynchronous programming is fundamental to Node.js’s efficiency. It allows your program to start a long-running operation and continue executing other code without waiting for that operation to finish. The result (or error) is handled later through a callback, promise, or async/await.

• Callbacks: The oldest way to handle asynchronous operations. A function is passed as an argument to another function and is executed once the asynchronous task is complete. Can lead to “callback hell” (deeply nested callbacks) in complex scenarios.
• Promises: An improvement over callbacks, providing a cleaner way to handle asynchronous operations. A Promise represents the eventual completion (or failure) of an asynchronous operation and its resulting value. They can be chained using .then() for success and .catch() for errors.
• Async/Await: Introduced in ECMAScript 2017, async/await is syntactic sugar built on top of Promises, making asynchronous code look and behave more like synchronous code, which greatly improves readability and maintainability.

Code Examples:

Callbacks:

// callbacks-example.js
function fetchData(callback) {
  setTimeout(() => {
    const data = "Data fetched successfully!";
    const error = null; // No error in this case
    callback(error, data);
  }, 2000); // Simulate 2-second delay
}

console.log("Starting data fetch...");
fetchData((error, result) => {
  if (error) {
    console.error("Error:", error);
  } else {
    console.log("Result:", result);
  }
  console.log("Data fetch process completed.");
});
console.log("This message appears immediately, before data is fetched.");

Promises:

// promises-example.js
function fetchDataPromise() {
  return new Promise((resolve, reject) => {
    setTimeout(() => {
      const success = true; // Simulate success/failure
      if (success) {
        resolve("Data fetched successfully (Promise)!");
      } else {
        reject("Failed to fetch data (Promise)!");
      }
    }, 1500);
  });
}

console.log("Starting promise-based data fetch...");
fetchDataPromise()
  .then((data) => {
    console.log("Result:", data);
  })
  .catch((error) => {
    console.error("Error:", error);
  })
  .finally(() => {
    console.log("Promise operation completed.");
  });
console.log("This message also appears immediately.");

Async/Await:

// async-await-example.js
function fetchDataAsync() {
  return new Promise((resolve, reject) => {
    setTimeout(() => {
      const success = true; // Simulate success/failure
      if (success) {
        resolve("Data fetched successfully (Async/Await)!");
      } else {
        reject("Failed to fetch data (Async/Await)!");
      }
    }, 1000);
  });
}

async function processData() {
  console.log("Starting async/await data fetch...");
  try {
    const data = await fetchDataAsync(); // Wait for the promise to resolve
    console.log("Result:", data);
  } catch (error) {
    console.error("Error:", error);
  } finally {
    console.log("Async/Await operation completed.");
  }
}

processData();
console.log("This message appears before the async function finishes its work.");

Exercises/Mini-Challenges:

1. Challenge 4.1: Write a small Node.js script that simulates fetching user data from two different “APIs” (using setTimeout to simulate delays).
   • Fetch userIds from the first API (delay: 1.5 seconds, return [101, 102]).
   • Then, for each userId, fetch userDetails from a second API (delay: 1 second per user, return {"id": 101, "name": "Alice"}, {"id": 102, "name": "Bob"}).
   • Use async/await to ensure the user details are fetched sequentially for each ID.
   • Log all user details when done.
   • Hint: You’ll need Promise.all or a for...of loop with await for the sequential user detail fetching.

3. Intermediate Topics

Now that you have a solid grasp of Node.js fundamentals, let’s explore some intermediate topics that are essential for building real-world applications.

3.1 HTTP Module and Building a Simple Web Server

Detailed Explanation:

The built-in http module in Node.js allows you to create HTTP servers and clients without external libraries. While frameworks like Express.js simplify this process greatly, understanding the raw http module is crucial for comprehending how web servers function at a lower level.

An HTTP server listens for incoming client requests, processes them, and sends back responses. Key components are http.createServer() to create the server, and server.listen() to start it on a specific port. Request and response objects (req and res) are passed to the request listener function, allowing you to access request details (URL, headers, method) and construct responses (status code, headers, body).

Code Examples:

Simple HTTP Server:

// simple-server.js
const http = require('http');

const hostname = '127.0.0.1'; // localhost
const port = 3000;

// Create an HTTP server
const server = http.createServer((req, res) => {
  // Set the response HTTP header with HTTP status and Content-Type
  res.statusCode = 200;
  res.setHeader('Content-Type', 'text/plain');

  // Send the response body "Hello World"
  res.end('Hello World from Node.js Server!\n');
});

// The server listens on port 3000
server.listen(port, hostname, () => {
  console.log(`Server running at http://${hostname}:${port}/`);
});

To run: node simple-server.js. Then open your web browser and navigate to http://localhost:3000. You should see “Hello World from Node.js Server!”.

Handling Different Routes and Methods:

// basic-router.js
const http = require('http');
const url = require('url'); // Built-in module for URL parsing

const hostname = '127.0.0.1';
const port = 3000;

const server = http.createServer((req, res) => {
  const parsedUrl = url.parse(req.url, true); // true to parse query string
  const path = parsedUrl.pathname;
  const method = req.method; // GET, POST, PUT, DELETE, etc.

  res.setHeader('Content-Type', 'application/json'); // Respond with JSON

  if (path === '/' && method === 'GET') {
    res.statusCode = 200;
    res.end(JSON.stringify({ message: 'Welcome to the API!' }));
  } else if (path === '/users' && method === 'GET') {
    const users = [
      { id: 1, name: 'Alice' },
      { id: 2, name: 'Bob' }
    ];
    res.statusCode = 200;
    res.end(JSON.stringify(users));
  } else if (path === '/users' && method === 'POST') {
    let body = '';
    req.on('data', chunk => {
      body += chunk.toString(); // Collect the request body
    });
    req.on('end', () => {
      try {
        const newUser = JSON.parse(body);
        console.log('Received new user:', newUser);
        // In a real app, save to database
        res.statusCode = 201; // Created
        res.end(JSON.stringify({ message: 'User created successfully', user: newUser }));
      } catch (error) {
        res.statusCode = 400; // Bad Request
        res.end(JSON.stringify({ error: 'Invalid JSON body' }));
      }
    });
  } else {
    res.statusCode = 404; // Not Found
    res.end(JSON.stringify({ error: 'Endpoint not found' }));
  }
});

server.listen(port, hostname, () => {
  console.log(`Server running at http://${hostname}:${port}/`);
});

To test this server, you can use a tool like Postman, Insomnia, curl, or even your browser for GET requests.

• GET http://localhost:3000/
• GET http://localhost:3000/users
• POST http://localhost:3000/users with JSON body: {"name": "Charlie", "email": "charlie@example.com"}

Exercises/Mini-Challenges:

1. Challenge 5.1: Extend basic-router.js to handle a GET request to /products that returns an array of sample product objects.
2. Challenge 5.2: Add a PUT request handler for /users/:id that simulates updating a user. For simplicity, just log the received ID and body, and respond with a success message. (Hint: you’ll need to parse the path to extract the ID).

3.2 Introduction to Express.js (A Popular Web Framework)

Detailed Explanation:

While the native http module is powerful, it can become tedious for complex applications. This is where web frameworks come in. Express.js is the de facto standard web framework for Node.js. It provides a robust set of features for web and mobile applications, including:

• Routing: Easily define different URL endpoints and HTTP methods.
• Middleware: Functions that have access to the request and response objects, and the next middleware function in the application’s request-response cycle. Used for logging, authentication, parsing request bodies, etc.
• Templating: Integration with various templating engines for dynamic content.
• Error Handling: Robust mechanisms for managing errors.

Using Express.js significantly speeds up development and helps organize your codebase.

Code Examples:

Basic Express.js Application:

1. Initialize your project and install Express:

   mkdir express-app
   cd express-app
   npm init -y
   npm install express
   

2. app.js:

   // app.js
   const express = require('express');
   const app = express();
   const port = 3000;
   
   // Define a route for the root URL
   app.get('/', (req, res) => {
     res.send('Hello from Express.js!');
   });
   
   // Define a route with a parameter
   app.get('/greet/:name', (req, res) => {
     const name = req.params.name;
     res.send(`Hello, ${name}! Welcome to Express.`);
   });
   
   // Start the server
   app.listen(port, () => {
     console.log(`Express app listening at http://localhost:${port}`);
   });
   

   Run: node app.js. Test in browser: http://localhost:3000/ and http://localhost:3000/greet/Alice.

Using Middleware and JSON Body Parsing:

// middleware-example.js
const express = require('express');
const app = express();
const port = 3000;

// Middleware to parse JSON bodies
app.use(express.json());

// Custom logging middleware
app.use((req, res, next) => {
  console.log(`${new Date().toISOString()} - ${req.method} request to ${req.url}`);
  next(); // Pass control to the next middleware or route handler
});

let items = [{ id: 1, name: 'Item A' }];

// GET all items
app.get('/api/items', (req, res) => {
  res.json(items);
});

// POST a new item
app.post('/api/items', (req, res) => {
  const newItem = { id: items.length + 1, name: req.body.name };
  if (newItem.name) {
    items.push(newItem);
    res.status(201).json(newItem);
  } else {
    res.status(400).json({ error: 'Item name is required.' });
  }
});

// Basic error handling middleware
app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something broke!');
});

app.listen(port, () => {
  console.log(`Express server with middleware at http://localhost:${port}`);
});

Test with a POST request to http://localhost:3000/api/items with JSON body: {"name": "New Item"}.

Exercises/Mini-Challenges:

1. Challenge 6.1: Add another middleware to middleware-example.js that checks for an Authorization header. If the header is not present or invalid (for this exercise, any non-empty string is “valid”), send a 401 Unauthorized response. Otherwise, call next().
2. Challenge 6.2: Create a new Express route /api/items/:id that handles a GET request to retrieve a single item by its ID. Respond with 404 Not Found if the item doesn’t exist.

3.3 File System (fs Module)

Detailed Explanation:

The Node.js built-in fs (File System) module provides methods for interacting with the file system. You can read files, write files, create and delete directories, and much more. The fs module provides both synchronous and asynchronous versions of its methods. Asynchronous methods (preferred) use callbacks or Promises (with fs.promises) to avoid blocking the event loop.

Code Examples:

Reading and Writing Files (Asynchronously with Callbacks):

// file-operations.js
const fs = require('fs');

const fileName = 'my_file.txt';
const content = 'Hello, Node.js file system!';

// Writing to a file
fs.writeFile(fileName, content, (err) => {
  if (err) {
    console.error('Error writing file:', err);
    return;
  }
  console.log(`'${fileName}' written successfully.`);

  // Reading from a file after writing
  fs.readFile(fileName, 'utf8', (err, data) => {
    if (err) {
      console.error('Error reading file:', err);
      return;
    }
    console.log(`Content of '${fileName}':`, data);

    // Deleting the file
    fs.unlink(fileName, (err) => {
      if (err) {
        console.error('Error deleting file:', err);
        return;
      }
      console.log(`'${fileName}' deleted successfully.`);
    });
  });
});

console.log('Initiated file operations. Asynchronous!');

Reading and Writing Files (Asynchronously with fs.promises and async/await):

// file-promises.js
const fs = require('fs').promises; // Use the promise-based API

const fileName = 'another_file.txt';
const content = 'This is content written with async/await.';

async function performFileOperations() {
  try {
    console.log('Starting file operations with async/await...');

    // Write file
    await fs.writeFile(fileName, content);
    console.log(`'${fileName}' written successfully.`);

    // Read file
    const data = await fs.readFile(fileName, 'utf8');
    console.log(`Content of '${fileName}':`, data);

    // Append to file
    await fs.appendFile(fileName, '\nAppended new line!');
    console.log(`Appended to '${fileName}'.`);
    const updatedData = await fs.readFile(fileName, 'utf8');
    console.log(`Updated content of '${fileName}':`, updatedData);


    // Get file stats
    const stats = await fs.stat(fileName);
    console.log(`File size: ${stats.size} bytes`);
    console.log(`Is file?: ${stats.isFile()}`);
    console.log(`Is directory?: ${stats.isDirectory()}`);


    // Delete file
    await fs.unlink(fileName);
    console.log(`'${fileName}' deleted successfully.`);

  } catch (error) {
    console.error('An error occurred during file operations:', error);
  } finally {
    console.log('File operations completed.');
  }
}

performFileOperations();

Exercises/Mini-Challenges:

1. Challenge 7.1: Write a script that creates a directory named my_data, then writes a file data.json inside it with a JSON string representation of an array of objects (e.g., [{ id: 1, value: 'test' }]). After writing, read the data.json file, parse its content back into a JavaScript object, and log it to the console. Finally, delete both the file and the directory. Use async/await.
   • Hint: Look up fs.mkdir and fs.rmdir (or fs.rm with recursive: true in newer Node.js versions).

3.4 Event Emitters

Detailed Explanation:

Node.js is built around an event-driven architecture. The events module (and specifically the EventEmitter class) is fundamental to this. Many Node.js core modules (like http, fs, and stream) inherit from EventEmitter.

An EventEmitter object can:

• Emit named events: Trigger an event with a specific name.
• Register listeners: Functions that are executed when a particular event is emitted.

This pattern is extremely useful for building custom asynchronous components and for communicating between different parts of your application in a decoupled way.

Code Examples:

Basic Event Emitter:

// event-emitter-example.js
const EventEmitter = require('events');

// Create a new instance of EventEmitter
class MyEmitter extends EventEmitter {}
const myEmitter = new MyEmitter();

// Register a listener for the 'greet' event
myEmitter.on('greet', (name) => {
  console.log(`Hello, ${name}!`);
});

// Register another listener for the 'greet' event
myEmitter.on('greet', () => {
  console.log('Another greeting was received!');
});

// Register a one-time listener for the 'alert' event
myEmitter.once('alert', (message) => {
  console.log(`ALERT: ${message}`);
});

// Emit the 'greet' event
console.log('Emitting greet event...');
myEmitter.emit('greet', 'Alice'); // Both 'greet' listeners will fire
myEmitter.emit('greet', 'Bob'); // Both 'greet' listeners fire again

// Emit the 'alert' event
console.log('Emitting alert event (first time)...');
myEmitter.emit('alert', 'System is online!'); // The 'alert' listener fires

console.log('Emitting alert event (second time)...');
myEmitter.emit('alert', 'Another alert!'); // The 'alert' listener will NOT fire this time (because it's .once)

// Handling errors with 'error' event
myEmitter.on('error', (err) => {
  console.error('Whoops! There was an error:', err.message);
});

// Emitting an 'error' event without a listener will crash the application
// To demonstrate:
// myEmitter.emit('error', new Error('Something went wrong!')); // This would crash without the .on('error') listener

Exercises/Mini-Challenges:

1. Challenge 8.1: Create a custom Logger class that extends EventEmitter. It should emit a log event whenever a message is logged. Implement a method logMessage(message) that emits the log event with the message and the current timestamp. Then, create an instance of Logger and set up a listener to print the formatted log message.

4. Advanced Topics and Best Practices

As you become more comfortable with Node.js, you’ll encounter more complex scenarios and the need for robust, maintainable, and scalable applications. This section covers advanced topics and crucial best practices.

4.1 Error Handling Best Practices

Detailed Explanation:

Proper error handling is paramount in production-grade Node.js applications. Uncaught exceptions can crash your server, leading to downtime and data loss. Node.js’s asynchronous nature makes error handling a bit different from synchronous languages.

Key Principles:

• Handle errors where they occur: Don’t let errors propagate unnecessarily.
• Prefer async/await with try...catch: This is the cleanest way to handle errors in asynchronous code.
• Use global error handling middleware in Express: Catch errors that escape your route handlers.
• Avoid process.on('uncaughtException') for recovery: This is a last resort for logging and graceful shutdown, not for resuming normal operation. Node.js documentation advises against it for recovering from errors.
• Use process.on('unhandledRejection') for unhandled promise rejections: Important for catching errors from promises that are not catched.
• Log errors effectively: Use dedicated logging libraries (like Winston or Pino) and structured logging.
• Differentiate between operational errors and programmer errors:
  • Operational Errors: Predictable runtime errors (e.g., network timeout, invalid user input, file not found). These can often be handled gracefully.
  • Programmer Errors: Bugs in your code (e.g., undefined variable access, trying to call a non-function). These indicate a flaw in your logic and usually require a restart after fixing.

Code Examples:

try...catch with async/await:

// error-handling.js
async function simulateAsyncOperation(shouldFail = false) {
  return new Promise((resolve, reject) => {
    setTimeout(() => {
      if (shouldFail) {
        reject(new Error('Something went wrong during async operation!'));
      } else {
        resolve('Async operation successful.');
      }
    }, 500);
  });
}

async function handleOperations() {
  // Successful operation
  try {
    const result1 = await simulateAsyncOperation(false);
    console.log('Operation 1 result:', result1);
  } catch (error) {
    console.error('Operation 1 failed:', error.message);
  }

  // Failing operation
  try {
    const result2 = await simulateAsyncOperation(true);
    console.log('Operation 2 result:', result2); // This line won't be reached
  } catch (error) {
    console.error('Operation 2 failed:', error.message);
  }
}

handleOperations();

// Express.js Global Error Handler (in app.js/server.js)
const express = require('express');
const app = express();
const port = 3001;

// A route that might throw an error (e.g., async DB call without internal catch)
app.get('/risky', async (req, res, next) => {
  try {
    // Simulate an async operation that fails
    await simulateAsyncOperation(true);
    res.send('This should not be sent.');
  } catch (error) {
    // Pass error to the next middleware (global error handler)
    next(error);
  }
});

app.get('/sync-error', (req, res, next) => {
    // Simulate a synchronous error
    throw new Error("This is a synchronous error!");
});


// Global error handling middleware (MUST be the last middleware added)
app.use((err, req, res, next) => {
  console.error('Global Error Handler caught:', err.stack); // Log full stack trace
  res.status(500).json({
    status: 'error',
    message: 'Something went wrong on the server.',
    details: err.message
  });
});

app.listen(port, () => {
  console.log(`Express server for error handling at http://localhost:${port}`);
});

// Process-level unhandled rejection handler
// For promises that are rejected but no .catch() is called
process.on('unhandledRejection', (reason, promise) => {
  console.error('Unhandled Rejection at:', promise, 'reason:', reason);
  // Log the error, send notification, then gracefully exit
  // process.exit(1); // Usually, you'd exit in production
});

// Process-level uncaught exception handler
// For synchronous errors that are not caught by try...catch
process.on('uncaughtException', (err, origin) => {
  console.error('Uncaught Exception caught:', err.stack, 'Origin:', origin);
  // Log the error, send notification, then gracefully exit
  // process.exit(1); // Important for maintaining application health
});

// Example of an unhandled rejection (no .catch)
Promise.reject(new Error('This promise was not handled!'));

// Example of an uncaught synchronous exception
// setTimeout(() => {
//   throw new Error('This is an uncaught sync exception after a delay!');
// }, 1000);

Exercises/Mini-Challenges:

1. Challenge 9.1: Modify the /risky route in the Express example to sometimes succeed and sometimes fail based on a random number (e.g., Math.random() > 0.5). Observe how the global error handler catches the failure.
2. Challenge 9.2: Remove the try...catch block from the /risky route in the Express example. What happens when simulateAsyncOperation(true) is awaited? How does the global error handler still manage to catch it (think about next(error))?

4.2 Asynchronous Control Flow (Advanced Promises & Async Iterators)

Detailed Explanation:

Beyond basic async/await, Node.js offers powerful constructs for managing complex asynchronous flows:

• Promise.all(): Used to execute multiple promises in parallel and wait for all of them to resolve. If any of the promises reject, Promise.all() immediately rejects with the reason of the first promise that rejected.
• Promise.race(): Used to execute multiple promises in parallel and wait for any of them to resolve or reject. It resolves/rejects as soon as the first promise in the iterable resolves or rejects.
• Promise.allSettled() (Node.js 12+): Executes multiple promises in parallel and waits for all of them to settle (either resolve or reject). It returns an array of objects, each describing the outcome of a promise ({ status: 'fulfilled', value: ... } or { status: 'rejected', reason: ... }). This is useful when you want to know the outcome of all promises, even if some fail.
• Promise.any() (Node.js 12+): Returns a single promise that fulfills as soon as any of the input promises fulfills. If all of the input promises reject, then the returned promise rejects with an AggregateError.
• Async Iterators and for await...of loops: These allow you to iterate over asynchronous data sources (like streams or databases) using a synchronous-looking loop structure. This makes processing large datasets or continuous streams of data much cleaner.

Code Examples:

Promise.all, Promise.race, Promise.allSettled:

// promise-variants.js
function createPromise(name, duration, shouldFail = false) {
  return new Promise((resolve, reject) => {
    setTimeout(() => {
      if (shouldFail) {
        console.log(`❌ Promise ${name} rejected after ${duration}ms`);
        reject(`${name} failed`);
      } else {
        console.log(`✅ Promise ${name} resolved after ${duration}ms`);
        resolve(`${name} data`);
      }
    }, duration);
  });
}

async function runPromiseExamples() {
  console.log('--- Promise.all ---');
  try {
    const results = await Promise.all([
      createPromise('A', 1000),
      createPromise('B', 500),
      createPromise('C', 1200)
    ]);
    console.log('All promises resolved:', results);
  } catch (error) {
    console.error('Promise.all caught error:', error);
  }

  console.log('\n--- Promise.all (with a failing promise) ---');
  try {
    const results = await Promise.all([
      createPromise('D', 1000),
      createPromise('E', 500, true), // This one will fail
      createPromise('F', 1200)
    ]);
    console.log('All promises resolved (should not happen):', results);
  } catch (error) {
    console.error('Promise.all caught error (expected):', error); // D and F might still log resolution before this
  }

  console.log('\n--- Promise.race ---');
  try {
    const fastest = await Promise.race([
      createPromise('G', 2000),
      createPromise('H', 800), // This one should win
      createPromise('I', 1500, true)
    ]);
    console.log('Fastest promise result:', fastest);
  } catch (error) {
    console.error('Promise.race caught error:', error);
  }

  console.log('\n--- Promise.allSettled ---');
  const allSettledResults = await Promise.allSettled([
    createPromise('J', 1000),
    createPromise('K', 500, true), // This one will fail
    createPromise('L', 1200)
  ]);
  console.log('AllSettled results:', allSettledResults);
}

runPromiseExamples();

Async Iterators (for await...of):

This example simulates an asynchronous data source (e.g., a database cursor or a network stream) that yields data in chunks.

// async-iterator-example.js
async function* asyncDataGenerator() {
  let count = 0;
  while (count < 5) {
    await new Promise(resolve => setTimeout(resolve, 300)); // Simulate async fetch
    const data = `Data chunk ${count++}`;
    console.log(`Yielding: ${data}`);
    yield data;
  }
}

async function processAsyncData() {
  console.log('Starting asynchronous data processing...');
  for await (const chunk of asyncDataGenerator()) {
    console.log(`Processing received: ${chunk}`);
  }
  console.log('Finished asynchronous data processing.');
}

processAsyncData();

Exercises/Mini-Challenges:

1. Challenge 10.1: Imagine you need to send a notification via email and SMS. Create two async functions, sendEmail(message) and sendSMS(message), that return promises and simulate a delay (e.g., 1 second for email, 0.5 seconds for SMS). Use Promise.allSettled to send both notifications concurrently and log the status of each (whether it succeeded or failed).
2. Challenge 10.2: Create an async generator that yields numbers from 1 to 10 with a random delay between 50ms and 500ms for each number. Use a for await...of loop to consume these numbers and print their squares.

4.3 Process Management and Child Processes

Detailed Explanation:

Node.js allows you to spawn child processes, enabling you to run external commands or execute other Node.js scripts as separate processes. This is powerful for:

• Performing CPU-bound tasks: Node.js is single-threaded for its event loop, so CPU-intensive tasks can block it. Spawning a child process allows these tasks to run on a separate CPU core without blocking the main Node.js thread.
• Executing shell commands: Running system commands (e.g., ls, git, ffmpeg).
• Integrating with other languages/tools: Running scripts written in Python, Ruby, etc.

The child_process module provides several functions:

• spawn(): The most fundamental function. Spawns a new process with a given command and arguments. Returns a ChildProcess object that emits data events for stdout/stderr and close for exit. Ideal for streaming data.
• exec(): Spawns a shell and runs a command within that shell, buffering the command’s stdout and stderr. Ideal for simple commands where you expect a relatively small output.
• execFile(): Similar to exec(), but directly executes the command without spawning a shell. More efficient and secure if you don’t need shell features.
• fork(): A special case of spawn() that creates a new Node.js process and establishes a communication channel between the parent and child (using process.send() and process.on('message')). Ideal for spawning Node.js worker processes.

Code Examples:

Using child_process.exec:

// exec-example.js
const { exec } = require('child_process');

// Run a simple command
exec('ls -lh', (error, stdout, stderr) => {
  if (error) {
    console.error(`exec error: ${error}`);
    return;
  }
  if (stderr) {
    console.error(`stderr: ${stderr}`);
    return;
  }
  console.log(`stdout:\n${stdout}`);
});

// Run a command that intentionally fails
exec('this-command-does-not-exist', (error, stdout, stderr) => {
  if (error) {
    console.error(`\nFailed command error: ${error.message}`);
    return;
  }
  console.log(`stdout: ${stdout}`);
});

Using child_process.spawn (for streaming output):

// spawn-example.js
const { spawn } = require('child_process');

const ls = spawn('ls', ['-lh', '/']); // ls -lh /

ls.stdout.on('data', (data) => {
  console.log(`stdout: ${data}`);
});

ls.stderr.on('data', (data) => {
  console.error(`stderr: ${data}`);
});

ls.on('close', (code) => {
  if (code === 0) {
    console.log(`child process exited with code ${code}`);
  } else {
    console.error(`child process exited with code ${code} (error)`);
  }
});

ls.on('error', (err) => {
  console.error('Failed to start child process.', err);
});

Using child_process.fork for inter-process communication:

parent.js

// parent.js
const { fork } = require('child_process');

const child = fork('child.js'); // Fork a new Node.js process

child.on('message', (message) => {
  console.log('Parent received message from child:', message);
});

child.on('close', (code) => {
  console.log(`Child process exited with code ${code}`);
});

child.send({ greeting: 'Hello from parent!' }); // Send message to child

setTimeout(() => {
  child.send({ task: 'calculate', num: 5 });
}, 1000);

setTimeout(() => {
  child.send({ task: 'exit' });
}, 3000);

child.js

// child.js
process.on('message', (message) => {
  console.log('Child received message from parent:', message);

  if (message.greeting) {
    process.send({ response: `Hi there, parent! Got your: ${message.greeting}` });
  } else if (message.task === 'calculate') {
    const result = message.num * message.num;
    process.send({ result: `The square of ${message.num} is ${result}` });
  } else if (message.task === 'exit') {
    console.log('Child exiting...');
    process.exit(0);
  }
});

console.log('Child process started.');

To run the fork example: node parent.js.

Exercises/Mini-Challenges:

1. Challenge 11.1: Write a script using child_process.exec that gets the current Git branch name (git rev-parse --abbrev-ref HEAD). Log the branch name. Handle potential errors if Git is not installed or if it’s not a Git repository.
2. Challenge 11.2: Create a worker.js file that simulates a CPU-intensive task (e.g., calculating prime numbers up to a large number). In a main.js file, use child_process.fork to offload this task to worker.js. Send the large number to the worker, and have the worker send the result back to main.js. Measure the time taken by the main thread and show that it’s not blocked while the worker calculates.

4.4 Authentication and Authorization (Concepts)

Detailed Explanation:

Authentication and authorization are critical security aspects for most web applications.

• Authentication: The process of verifying who a user is. Common methods include:

  • Password-based: Username/email and password (usually hashed and salted).
  • OAuth/OpenID Connect: Delegation of authentication to a third-party provider (Google, Facebook).
  • JSON Web Tokens (JWT): A compact, URL-safe means of representing claims to be transferred between two parties. JWTs are often used for stateless authentication in APIs.
  • Session-based: Server stores session information and issues a session ID (cookie) to the client.

• Authorization: The process of determining what an authenticated user is allowed to do. This involves checking permissions based on roles (e.g., admin, user), resources (e.g., view own profile, edit any post), or specific policies.

Best Practices for Node.js:

• Use Passport.js: A popular authentication middleware for Node.js. It’s flexible and supports various authentication strategies (local, OAuth, JWT).
• Hash passwords: Always hash passwords (using bcrypt or Argon2) and never store them in plain text. Add a salt to prevent rainbow table attacks.
• Validate input: Sanitize and validate all user input to prevent injection attacks (SQL injection, XSS). Use libraries like express-validator or Joi.
• Secure JWTs:
  • Store JWTs securely on the client-side (e.g., HttpOnly cookies for web browsers, secure storage for mobile apps).
  • Keep your JWT secret key highly confidential.
  • Set appropriate expiration times.
  • Implement token revocation (if necessary) for blacklisting compromised tokens.
• Role-based access control (RBAC): Assign roles to users and check those roles for specific actions.
• Rate limiting: Protect against brute-force attacks and abuse. (As seen in search results, express-rate-limit is a good choice).
• HTTPS: Always use HTTPS in production to encrypt communication.
• Helmet.js: A collection of middleware functions to help secure Express apps by setting various HTTP headers.

Code Examples (Conceptual/Simplified):

Simplified JWT Authentication Middleware (Conceptual, for Express):

// authMiddleware.js (Simplified JWT example)
const jwt = require('jsonwebtoken');

// In a real app, load this from environment variables
const JWT_SECRET = 'your_super_secret_jwt_key';

const authenticateToken = (req, res, next) => {
  const authHeader = req.headers['authorization'];
  const token = authHeader && authHeader.split(' ')[1]; // Extract token from 'Bearer TOKEN'

  if (token == null) {
    return res.status(401).json({ message: 'Authentication token required.' });
  }

  jwt.verify(token, JWT_SECRET, (err, user) => {
    if (err) {
      console.error('JWT verification failed:', err.message);
      return res.status(403).json({ message: 'Invalid or expired token.' });
    }
    req.user = user; // Attach user payload to the request object
    next(); // Proceed to the next middleware or route handler
  });
};

const authorizeRoles = (...allowedRoles) => {
  return (req, res, next) => {
    if (!req.user || !req.user.role) {
      return res.status(403).json({ message: 'Access denied: User role not found.' });
    }
    if (!allowedRoles.includes(req.user.role)) {
      return res.status(403).json({ message: 'Access denied: Insufficient privileges.' });
    }
    next();
  };
};

module.exports = { authenticateToken, authorizeRoles };

Using in an Express App:

// app.js (using authMiddleware)
const express = require('express');
const { authenticateToken, authorizeRoles } = require('./authMiddleware');
const app = express();
const port = 3000;

app.use(express.json());

// Public route
app.get('/public', (req, res) => {
  res.send('This is a public endpoint.');
});

// Protected route (requires authentication)
app.get('/profile', authenticateToken, (req, res) => {
  res.json({ message: 'Welcome to your profile!', user: req.user });
});

// Admin-only route (requires authentication and 'admin' role)
app.get('/admin-dashboard', authenticateToken, authorizeRoles('admin'), (req, res) => {
  res.json({ message: 'Welcome to the admin dashboard!', user: req.user });
});

// Simulate a login endpoint that generates a JWT
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  // In a real app, validate username/password against a database
  if (username === 'testuser' && password === 'password123') {
    const user = { id: 1, username: 'testuser', role: 'user' };
    const token = jwt.sign(user, 'your_super_secret_jwt_key', { expiresIn: '1h' });
    res.json({ message: 'Login successful', token });
  } else if (username === 'admin' && password === 'adminpass') {
    const user = { id: 2, username: 'admin', role: 'admin' };
    const token = jwt.sign(user, 'your_super_secret_jwt_key', { expiresIn: '1h' });
    res.json({ message: 'Admin login successful', token });
  }
  else {
    res.status(401).json({ message: 'Invalid credentials' });
  }
});


app.listen(port, () => {
  console.log(`Auth demo server listening at http://localhost:${port}`);
});

Note: You’ll need to install jsonwebtoken: npm install jsonwebtoken. This example is highly simplified and not for production use without significant security enhancements.

Exercises/Mini-Challenges:

1. Challenge 12.1: Enhance the /login route to simulate hashing the password with a dummy function (e.g., (password) => password + "_hashed"). Explain why real hashing is important.
2. Challenge 12.2: Add a new route /moderator-panel that only users with the moderator role can access. You’ll need to update the authorizeRoles middleware and potentially your mock login users.

4.5 Database Integration (MongoDB with Mongoose)

Detailed Explanation:

Most backend applications require a database to store and retrieve data. Node.js can connect to various types of databases, including:

• NoSQL Databases: MongoDB, Couchbase, Redis
• Relational Databases: PostgreSQL, MySQL, SQLite

MongoDB is a popular NoSQL (document-oriented) database often paired with Node.js due to its flexible, JSON-like document model that maps well to JavaScript objects.

Mongoose is an Object Data Modeling (ODM) library for MongoDB and Node.js. It provides a straightforward, schema-based solution to model your application data, enforcing structure while still allowing the flexibility of MongoDB. Mongoose handles connections, defines data schemas, and provides methods for CRUD (Create, Read, Update, Delete) operations.

Best Practices:

• Connection Pooling: Mongoose manages connection pooling for you, but understand its benefits (reusing connections instead of creating new ones for each request).
• Environment Variables: Store database connection strings and sensitive credentials in environment variables (e.g., using dotenv) and never hardcode them in your application code.
• Error Handling: Implement robust error handling for database operations.
• Schema Design: Design your MongoDB schemas carefully, considering data relationships and common query patterns.
• Indexing: Use indexes for frequently queried fields to improve read performance.
• Validation: Use Mongoose schema validation to ensure data integrity.

Code Examples:

Setting up Mongoose and defining a Schema:

1. Install Mongoose:

   npm install mongoose dotenv
   

2. .env file (create this in your project root):

   MONGODB_URI=mongodb://localhost:27017/mydatabase
   

   Make sure you have a MongoDB instance running, or use a cloud service like MongoDB Atlas.

3. db.js (for database connection):

   // db.js
   require('dotenv').config(); // Load environment variables
   const mongoose = require('mongoose');
   
   const connectDB = async () => {
     try {
       await mongoose.connect(process.env.MONGODB_URI, {
         // useNewUrlParser: true, // Deprecated in Mongoose 6+
         // useUnifiedTopology: true, // Deprecated in Mongoose 6+
         // These options are now default
       });
       console.log('MongoDB connected successfully!');
     } catch (err) {
       console.error('MongoDB connection error:', err);
       process.exit(1); // Exit process with failure
     }
   };
   
   module.exports = connectDB;
   

4. models/User.js (defining a Mongoose Schema and Model):

   // models/User.js
   const mongoose = require('mongoose');
   
   const userSchema = new mongoose.Schema({
     name: {
       type: String,
       required: true,
       trim: true
     },
     email: {
       type: String,
       required: true,
       unique: true,
       trim: true,
       lowercase: true,
       match: /^\S+@\S+\.\S+$/ // Simple email regex validation
     },
     age: {
       type: Number,
       min: 18,
       max: 100
     },
     createdAt: {
       type: Date,
       default: Date.now
     }
   });
   
   // Add a custom method to the schema (optional)
   userSchema.methods.sayHello = function() {
     console.log(`Hello, my name is ${this.name} and I am ${this.age} years old.`);
   };
   
   const User = mongoose.model('User', userSchema);
   
   module.exports = User;
   

5. app.js (using Express and Mongoose models for CRUD operations):

   // app.js
   const express = require('express');
   const connectDB = require('./db');
   const User = require('./models/User'); // Import the User model
   
   const app = express();
   const port = 3000;
   
   // Connect to MongoDB
   connectDB();
   
   app.use(express.json()); // Middleware to parse JSON bodies
   
   // --- CRUD API Endpoints for Users ---
   
   // Create a new user (POST /api/users)
   app.post('/api/users', async (req, res) => {
     try {
       const newUser = new User(req.body);
       const savedUser = await newUser.save(); // Save to database
       res.status(201).json(savedUser);
     } catch (error) {
       // Handle validation errors or duplicate key errors
       if (error.code === 11000) { // Duplicate key error
           return res.status(409).json({ message: 'Email already exists.' });
       }
       res.status(400).json({ message: 'Error creating user', error: error.message });
     }
   });
   
   // Get all users (GET /api/users)
   app.get('/api/users', async (req, res) => {
     try {
       const users = await User.find(); // Find all users
       res.json(users);
     } catch (error) {
       res.status(500).json({ message: 'Error fetching users', error: error.message });
     }
   });
   
   // Get a single user by ID (GET /api/users/:id)
   app.get('/api/users/:id', async (req, res) => {
     try {
       const user = await User.findById(req.params.id); // Find by ID
       if (!user) {
         return res.status(404).json({ message: 'User not found' });
       }
       res.json(user);
     } catch (error) {
       // Handle invalid ID format
       if (error.name === 'CastError') {
           return res.status(400).json({ message: 'Invalid User ID format' });
       }
       res.status(500).json({ message: 'Error fetching user', error: error.message });
     }
   });
   
   // Update a user by ID (PUT /api/users/:id)
   app.put('/api/users/:id', async (req, res) => {
     try {
       const updatedUser = await User.findByIdAndUpdate(
         req.params.id,
         req.body,
         { new: true, runValidators: true } // new: return the updated document; runValidators: apply schema validators
       );
       if (!updatedUser) {
         return res.status(404).json({ message: 'User not found' });
       }
       res.json(updatedUser);
     } catch (error) {
        if (error.name === 'CastError') {
           return res.status(400).json({ message: 'Invalid User ID format' });
       }
       res.status(400).json({ message: 'Error updating user', error: error.message });
     }
   });
   
   // Delete a user by ID (DELETE /api/users/:id)
   app.delete('/api/users/:id', async (req, res) => {
     try {
       const deletedUser = await User.findByIdAndDelete(req.params.id);
       if (!deletedUser) {
         return res.status(404).json({ message: 'User not found' });
       }
       res.status(204).send(); // No content for successful deletion
     } catch (error) {
        if (error.name === 'CastError') {
           return res.status(400).json({ message: 'Invalid User ID format' });
       }
       res.status(500).json({ message: 'Error deleting user', error: error.message });
     }
   });
   
   // Global error handler (catch all unhandled errors)
   app.use((err, req, res, next) => {
       console.error(err.stack);
       res.status(500).json({ message: 'Something went wrong on the server!' });
   });
   
   app.listen(port, () => {
     console.log(`Server for Mongoose CRUD demo running on http://localhost:${port}`);
   });
   

   To run this, make sure MongoDB is running on your machine (or accessible via your URI). Then node app.js.

Exercises/Mini-Challenges:

1. Challenge 13.1: Add a custom validation rule to the email field in models/User.js that checks if the email ends with @example.com.
2. Challenge 13.2: Implement a new route GET /api/users/oldest that finds and returns the oldest user based on the age field (or createdAt if age is not present). If no users exist, return a 404.

5. Guided Projects

These projects will help you apply the concepts learned and build functional Node.js applications.

Project 1: Simple RESTful API with Express and MongoDB (Todo List)

Objective: Build a backend API for a simple Todo list application. This API will allow users to create, read, update, and delete todo items.

Problem Statement: You need to create a server that manages a list of tasks. Each task should have a unique ID, a title, a description, and a completed status (boolean).

Project Structure:

todo-api/
├── .env
├── package.json
├── server.js
└── models/
    └── Todo.js

Step-by-step instructions:

1. Project Setup: Create a new directory todo-api and initialize a Node.js project.

   mkdir todo-api
   cd todo-api
   npm init -y
   npm install express mongoose dotenv
   

2. Environment Variables (.env): Create a .env file in the todo-api directory:

   PORT=3000
   MONGODB_URI=mongodb://localhost:27017/todoapp
   

   Ensure MongoDB is running or use a cloud MongoDB Atlas URI.

3. Define Todo Model (models/Todo.js): Create a models directory and inside it, Todo.js:

   // models/Todo.js
   const mongoose = require('mongoose');
   
   const todoSchema = new mongoose.Schema({
     title: {
       type: String,
       required: true,
       trim: true,
       minlength: 3 // Todo title should be at least 3 characters
     },
     description: {
       type: String,
       trim: true
     },
     completed: {
       type: Boolean,
       default: false
     },
     createdAt: {
       type: Date,
       default: Date.now
     }
   });
   
   const Todo = mongoose.model('Todo', todoSchema);
   
   module.exports = Todo;
   

   Self-correction point: Add a minlength validator to the title for basic input validation.

4. Create the Express Server (server.js): This file will handle the database connection and define all the API routes.

   // server.js
   require('dotenv').config();
   const express = require('express');
   const mongoose = require('mongoose');
   const Todo = require('./models/Todo');
   
   const app = express();
   const PORT = process.env.PORT || 3000;
   const MONGODB_URI = process.env.MONGODB_URI;
   
   // Middleware
   app.use(express.json()); // To parse JSON request bodies
   
   // Connect to MongoDB
   mongoose.connect(MONGODB_URI)
     .then(() => console.log('MongoDB connected for Todo API'))
     .catch(err => {
       console.error('MongoDB connection error:', err);
       process.exit(1); // Exit if DB connection fails
     });
   
   // --- API Routes ---
   
   // GET all todos
   app.get('/api/todos', async (req, res) => {
     try {
       const todos = await Todo.find();
       res.json(todos);
     } catch (err) {
       res.status(500).json({ message: err.message });
     }
   });
   
   // GET a single todo by ID
   app.get('/api/todos/:id', async (req, res) => {
     try {
       const todo = await Todo.findById(req.params.id);
       if (!todo) return res.status(404).json({ message: 'Todo not found' });
       res.json(todo);
     } catch (err) {
       if (err.name === 'CastError') {
         return res.status(400).json({ message: 'Invalid Todo ID format' });
       }
       res.status(500).json({ message: err.message });
     }
   });
   
   // POST a new todo
   app.post('/api/todos', async (req, res) => {
     const todo = new Todo({
       title: req.body.title,
       description: req.body.description
       // completed will default to false
     });
     try {
       const newTodo = await todo.save();
       res.status(201).json(newTodo);
     } catch (err) {
       if (err.name === 'ValidationError') {
         return res.status(400).json({ message: err.message });
       }
       res.status(500).json({ message: err.message });
     }
   });
   
   // PUT/PATCH update a todo
   app.patch('/api/todos/:id', async (req, res) => {
     try {
       const updatedTodo = await Todo.findByIdAndUpdate(
         req.params.id,
         req.body,
         { new: true, runValidators: true } // Return updated doc, run schema validators
       );
       if (!updatedTodo) return res.status(404).json({ message: 'Todo not found' });
       res.json(updatedTodo);
     } catch (err) {
       if (err.name === 'CastError') {
         return res.status(400).json({ message: 'Invalid Todo ID format' });
       }
       if (err.name === 'ValidationError') {
         return res.status(400).json({ message: err.message });
       }
       res.status(500).json({ message: err.message });
     }
   });
   
   // DELETE a todo
   app.delete('/api/todos/:id', async (req, res) => {
     try {
       const deletedTodo = await Todo.findByIdAndDelete(req.params.id);
       if (!deletedTodo) return res.status(404).json({ message: 'Todo not found' });
       res.status(204).send(); // No content on successful deletion
     } catch (err) {
       if (err.name === 'CastError') {
         return res.status(400).json({ message: 'Invalid Todo ID format' });
       }
       res.status(500).json({ message: err.message });
     }
   });
   
   // Global error handler (last middleware)
   app.use((err, req, res, next) => {
     console.error(err.stack);
     res.status(500).send('Something broke on the server!');
   });
   
   // Start the server
   app.listen(PORT, () => {
     console.log(`Todo API server running on http://localhost:${PORT}`);
   });
   

5. Test the API (using a tool like Postman/Insomnia or curl):

   • Create Todo: POST http://localhost:3000/api/todos Body (JSON):

     {
       "title": "Learn Node.js",
       "description": "Complete the guided projects."
     }
     

   • Get All Todos: GET http://localhost:3000/api/todos
   • Get Single Todo: (Replace [id] with an actual ID from a created todo) GET http://localhost:3000/api/todos/[id]
   • Update Todo: (Replace [id] with an actual ID) PATCH http://localhost:3000/api/todos/[id] Body (JSON):

     {
       "completed": true
     }
     

   • Delete Todo: (Replace [id] with an actual ID) DELETE http://localhost:3000/api/todos/[id]