DEV Community: AdarshGzz...

What Happens If You Build Your Own Trading Bot? I Tried It

AdarshGzz... — Tue, 07 Apr 2026 19:30:27 +0000

I Built a Real-Time Paper Trading Bot (To Understand How Trading Systems Work and can i automate it) and it took me 3 weeks.

so recently i wanted to understand how trading systems actually work behind the scenes

not just charts… but like:
• how data comes in
• how decisions are made
• how trades are executed

so i ended up building a paper trading bot for BTC/USDT

(no real money involved 😅)

what it does

it connects to Binance WebSocket and gets live market data

then on every 5-minute candle, it decides:
• go LONG
• go SHORT
• or do nothing

based on a simple strategy

*the strategy *(kept it simple)

i didn’t want anything too complex

so i used:
• EMA (50) → trend
• RSI (14) → momentum

entry logic:
• LONG → price above EMA + RSI > 50 + green candle
• SHORT → price below EMA + RSI < 50 + red candle

entry happens exactly on candle close

risk management (most important part)

this was actually interesting to implement
• only 1% risk per trade
• stop loss based on structure (swing high/low)
• target = 1.5x risk
• auto stop trading if:
• -3% loss
• +5% profit

also restricted trading hours to avoid random moves

tech i used
• Node.js → backend
• WebSockets → real-time data
• PostgreSQL (Neon) → store trades + candles
• React → dashboard

what i learned

this project was less about trading and more about systems
• handling real-time streams is tricky
• small delays can affect decisions
• syncing backend + frontend in real time is not easy
• logic looks simple but edge cases are everywhere

live project

if you want to see it:

👉 https://paper-trader-drab.vercel.app/
👉 https://github.com/AdarshGzz/Paper-Trader

final thought

it’s still a simple bot and not something for real trading

but building it gave me a better idea of:
• how trading engines work
• how data flows in real-time systems

planning to improve it more (maybe better strategies or analytics)

if you’ve built something similar or have ideas, would love to hear 👍

I Found a Better Way to Build APIs (And It Actually Makes Sense)

AdarshGzz... — Sat, 04 Apr 2026 17:38:54 +0000

so i was just reading some posts on dev.to and came across this idea called contract-driven development

looked interesting… so sharing what i understood

⸻

the idea (simple)

instead of writing backend first

you define your api structure first

like:
• endpoints
• request
• response

basically a clear blueprint

then you build backend based on that

⸻

what is this “contract”

it’s just like a fixed structure of your api

people usually use OpenAPI

it basically creates a JSON file of your API which can be used for:
• docs
• frontend usage
• testing

⸻

setup (what i found people are using)

this is the stack i saw most commonly:

install packages

npm install express zod @trpc/server @trpc/server/adapters/express trpc-openapi
if using typescript:

npm install -D typescript ts-node @types/node @types/express

⸻

docs (if you want to explore more)
• Express → https://expressjs.com/
• Zod → https://zod.dev/
• tRPC → https://trpc.io/
• tRPC OpenAPI → https://github.com/trpc/trpc-openapi
• OpenAPI → https://swagger.io/specification/

⸻

something i liked

they use Zod for validation

so instead of writing checks again and again

you define schema once and it validates automatically

⸻

best part

docs are auto generated 🤯

like you don’t manually write docs

it creates something like openapi.json

and you can plug it into tools like Swagger

⸻

why this feels useful
• clear structure from start
• frontend + backend stay in sync
• no outdated docs
• less confusion

⸻

thinking to try this

haven’t implemented fully yet

but feels like a clean way to build things

⸻

if anyone using this

is it actually good in real projects?

or gets complicated later?

would like to know 👍

⚠️ Axios Supply Chain Attack — If You Installed Yesterday, Check This

AdarshGzz... — Wed, 01 Apr 2026 17:45:01 +0000

⚠️ axios issue (i just found out… maybe check your project once)

so yeah… i just came across this today and it honestly surprised me 😅

apparently axios had some kind of supply chain issue yesterday (31 march).
for a small time window, some bad versions were published.

and the weird part is…

👉 just running npm install was enough
👉 you didn’t even have to use axios in your code

what i understood (might not be perfect)

from what i read:

some axios versions were compromised
there was a hidden dependency (plain-crypto-js)
it had a script that runs on install
it was trying to access env vars / keys / stuff like that

ngl… didn’t know npm packages can do this automatically

when this happened

i think it was something like:

31 march — around 3 hours window

so if you installed deps around that time, maybe just check once

how i checked my project

i didn’t do anything fancy

just looked inside my package-lock.json and searched for:

axios@1.14.1
axios@0.30.4
plain-crypto-js

also ran this:

grep -E "axios" package-lock.json | grep -E "1\.14\.1|0\.30\.4"

it returned nothing for me so i think i’m safe (hopefully 😅)

if you find it (what i read you should do)

i haven’t faced it personally but from what others said:

downgrade axios to safe version
delete node_modules + lockfile
reinstall everything
and rotate keys (this part sounds scary tbh)

small takeaway (for me at least)

i used to not care much about lockfiles or versions

but this made me realize:

things can break even if your code is fine
dependencies are a big trust system
maybe pinning versions is actually important

that’s it

i’m still learning all this so if i got something wrong pls correct me 🙏

just sharing in case it helps someone 👍