DEV Community: Bashar V I

I published my first npm package: `short-id-lite` 🎉

Bashar V I — Thu, 01 Jan 2026 16:45:15 +0000

A tiny, secure short ID generator for Node.js — feedback welcome

Publishing your first npm package is oddly intimidating.

You keep asking yourself:

“Is this useful enough?”
“Am I reinventing the wheel?”
“Will anyone actually use this?”

Last week, I decided to stop overthinking and ship something small, focused, and honest.

That package is short-id-lite.

👉 GitHub repo: https://github.com/BasharVI/short-id-lite

👉 npm package: https://www.npmjs.com/package/short-id-lite

The problem I kept running into

In almost every backend project, you eventually need short IDs:

invite codes
public-facing references
temporary tokens
human-friendly identifiers

Not UUIDs. Not database IDs.

Just short, random, URL-safe strings.

So naturally, you reach for existing solutions.

And here’s the friction I kept feeling

UUIDs

Too long, not human-friendly, overkill for many use cases.
Math.random-based helpers

Easy to write, but not safe. Collision risk, predictability issues.
Fully featured libraries (like nanoid)

Excellent libraries — but sometimes:
- more options than I need
- more surface area than I want
- more code to audit for very small use cases

In many projects, I just wanted:

“Give me a short, safe ID. No config. No decisions.”

Why I created `short-id-lite`

I wanted a package that was:

Extremely small
Dependency-free
Crypto-safe
Boring in the best way
Easy to audit
Stable for years

So I built exactly that — and nothing more.

This is not meant to replace nanoid.

It’s meant to cover the 80% case with 10% complexity.

What `short-id-lite` does

Generates short, URL-safe IDs
Uses Node.js crypto (crypto.randomBytes)
Has one function
No configuration objects
No mutable global state
No browser support
No magic

Example


ts
import { shortId } from "short-id-lite";

shortId();      // e.g. "aZ3F9q"
shortId(10);    // e.g. "Qm9KfP2aXz"

🚨 Freelancers beware: how a suspicious “Node.js bug fix” invite helped me spot a possible malware dropper on Upwork

Bashar V I — Tue, 23 Sep 2025 20:14:13 +0000

Today I received an Upwork job invite titled
“Experienced Node.js Coder Needed for Bug Fix”
with a tempting $760 fixed price and a Dropbox link to the code.

It looked normal at first, but a few details didn’t sit right:

💸 Unrealistic budget for a simple bug fix.
📦 The client insisted I download and run a ZIP immediately to “see the error.”
👤 Profile not payment verified and brand-new.

Instead of running it, I inspected the archive without executing anything.
Here’s what I found:

node/helpers/css.js reads a “CSS” file (public/css/types.txt) and runs it with eval() only on Windows.
types.txt isn’t CSS at all—it’s obfuscated JavaScript that
extracts hidden ZIPs (js.zip, node.zip, i.zip),and silently spawns Windows executables via cmd.exe /c start.
The project even bundles a 7-Zip binary so it can unpack those hidden files locally.**_

That pattern—obfuscation + hidden zips + detached .exe launch—is exactly how a dropper/backdoor works.

I’ve flagged the job and reported it to @Upwork Trust & Safety so they can warn others.

🔑 Takeaways for fellow freelancers

Never run code from strangers without first looking inside (even on trusted platforms).
Watch for red flags: unverified payment, big payout for trivial work, pressure to run code immediately.
If something feels off, stop, inspect, and report.

Stay safe and keep each other safe.

Upwork #freelance #security #NodeJS #infosec #webdev #malware

From Mechanical Engineer to Web Developer: My Journey

Bashar V I — Fri, 07 Jun 2024 17:52:35 +0000

Hi Everyone!

I’m Bashar, a mechanical engineering graduate who transitioned into web development. My journey began as a Design Engineer, where I spent six years creating machine parts and manufacturing drawings. However, the COVID-19 pandemic changed everything. Like many, I lost my job and found myself rethinking my career path.

I’ve always had a passion for coding. Despite opportunities during my school days, I didn’t pursue it then (a decision I now regret). During the pandemic, with ample free time, I decided to dive into programming. I stumbled upon a YouTube channel called Crossroads (now Brototype) and their '100K Coding Challenge' series. This series was a turning point for me. Seeing my first 'Hello World' output filled me with joy and ignited my enthusiasm for learning programming.

As a Design Engineer, I rarely saw the end products of my work, which left me feeling unfulfilled. In contrast, coding allowed me to see immediate results, giving me a sense of ownership and satisfaction. This newfound happiness motivated me to continue my coding journey.

I completed several projects by following YouTube tutorials and an online course on Udemy to learn JavaScript. I started building projects using the MERN Stack and began applying for coding jobs. The transition was challenging, but after a few months of job hunting, I secured my first coding job as a Backend Developer at Skyniche Technologies.

At Skyniche, I worked on various projects, which helped me learn and upskill significantly. This career switch boosted my confidence and courage to pursue more in life. Now, I’m in the vibrant city of Dubai, looking for exciting opportunities while continuously learning new technologies.

I’d love to connect with fellow tech enthusiasts and learn more about growing in the tech field. Feel free to connect with me on LinkedIn and GitHub.

LinkedIn: Bashar V I
GitHub: BasharVI

Thanks for reading!

Cheers,
Bashar