DEV Community: Dharmender Kumar

No More Sneaky Uploads : How I Made My Node.js App Virus-Free🛡️🦠

Dharmender Kumar — Sun, 15 Jun 2025 12:48:13 +0000

So, I’m working on An app, and today it hit me like: What if someone tries to sneak in a virus through a file upload?

But then I found this awesome tool called ClamAV, and its command-line sidekick clamscan, which is like a hero for keeping your app safe from malicious files. Also it's super-easy to integrate in Node.js project.

What I Figured Out

ClamAV is a free, open-source antivirus engine that scans files for viruses, trojans, and other nasty stuff. Think of it as the bouncer at your app’s file upload gate, checking IDs and kicking out troublemakers.(same like security guard of your college😁)

😎Quick Setup Guide-

1). npm i clamscan

2). How to use it in your code-

const NodeClam = require('clamscan');

(async () => {
  const clamscan = await new NodeClam().init();
  const { isInfected, viruses } = await clamscan.isInfected('/path/to/your/file');

  if (isInfected) {
    console.log(`🚨 Uh-oh, infected file! Found: ${viruses}`);
    // Toss the file or block the upload
  } else {
    console.log('🎉 File’s all good!');
  }
})();

that's it . this simple code block can prevent malicious files from being uploaded by users in database

Hope this helps you,
Let’s build safe and secure apps.

-Dharm

How to Find Full-Stack Projects That Get You Hired

Dharmender Kumar — Wed, 28 May 2025 13:29:56 +0000

if your portfolio screams “I built another Todo app,” you’re blending into a sea of clones faster than a TikTok dance trend. Don’t worry—I’m here to help you stand out, not become another NPC in the developer crowd

Let’s talk about how to pick unique full-stack projects that make hiring managers sit up, take notice, and maybe even spill their coffee.

Step 1: Don’t Build What Everyone Else Is Building

You know the ones—those tired, predictable apps that every tutorial and bootcamp churns out like a fast-food chain. Building these won’t make you stand out; they’ll make you that developer who thought another weather app was a personality trait. Here are some common culprits to avoid:

1).Todo Apps: The darling of every “Learn React in 30 Days” course. Unless your Todo app predicts your tasks using AI or syncs with your fridge to remind you to buy milk, skip it.
2).Weather Apps: Fetching an API and displaying “It’s sunny!” doesn’t scream innovation. Everyone and their dog has built one.
3).E-commerce Clones: Another Amazon knockoff with a cart that barely works? Hard pass.
4).Note-Taking Apps: Unless it’s a note-taking app that adds notes based on recording audio.
5).Portfolio Websites (That Only Show Other Portfolio Websites): Meta, yes. Impressive? No.

Step 2: The Smart Way to Find Projects That Impress

The goal is to build projects that are in demand, align with your skills, and show off your full-stack prowess without overwhelming you.

1).Scout Freelancing Platforms Like a Pro
Head to freelancing sites like Upwork, Freelancer, or Toptal (or even niche ones like PeoplePerHour for smaller gigs). These platforms are goldmines for understanding what clients actually want. Filter projects by your tech stack—say, MERN (MongoDB, Express.js, React, Node.js) or Django + PostgreSQL—and start taking notes.

2). Make a Demand-Driven Project List
Scroll through the job postings and compile a list of the most commonly requested project types. For example, you might see:
a. Custom CRM systems for small businesses
b. E-learning platforms with user progress tracking
c. Appointment scheduling apps with calendar integrations
d. Inventory management tools for retail
e. Community forums with real-time chat

Rank these by demand (how often they pop up). This gives you a sense of what’s hot in the market. For instance, if you see 50 posts for CRMs and only 5 for weather apps, you know where to focus.

3). Filter by Complexity (Don’t Bite Off More Than You Can Code)
Now, sort your list by complexity based on your current skill level. Be honest—don’t try to build a full-blown SaaS platform if you’re still shaky on API authentication. Categorize projects into:

a. Beginner-Friendly: Simple apps like a task tracker with basic CRUD (Create, Read, Update, Delete) functionality.
b. Intermediate: Projects with multiple features, like a booking system with payment integration (e.g., Stripe).
c. Advanced: Complex systems like a multi-user collaboration tool with real-time updates using WebSockets.

Start with one or two projects from the beginner or intermediate tier, depending on your confidence. For example, if CRMs are in high demand, you could build a lightweight CRM for freelancers to track clients and invoices—functional, marketable, and not another Todo app.

4). Build, Polish, Deploy

Pick your top project and get coding. Make sure it’s:
a. Functional: It should work flawlessly, no bugs allowed.
b. Polished: A clean UI with a sprinkle of CSS magic (Tailwind CSS is your friend).
c. Deployed: Host it on platforms like Vercel, Netlify, or Heroku so recruiters can see it live.
d. Documented: A README that explains your tech choices and how to run it locally shows you mean business.

Step 3: Why This Strategy Is a Win-Win

Here’s the beauty of this approach: you’re not just building for your portfolio—you’re building marketable projects. If hiring managers aren’t impressed (and trust me, they will be), you can pivot and sell these projects on freelancing platforms to clients who need them. That CRM you built? A small business might pay good money for it. That scheduling app? A local gym could be your first client. You’re not just coding for clout; you’re coding for cash.

Plus, by aligning your projects with real-world demand, you’re showing recruiters you understand the market. You’re not just a coder—you’re a problem-solver who knows what businesses need. That’s the kind of developer who gets hired.

Now go forth and code something awesome. The job market’s waiting, and you’re about to make it your playground.

made with love by
dharm

Why Are Crypto's Buy and Sell Prices So Confusing?

Dharmender Kumar — Mon, 19 May 2025 05:26:17 +0000

You: Bitcoin's at $103,500?? I'm about to SPEND my entire life savings! ( in case it goes To the moon! 🚀😏 )
Coinbase:💼 Sure thing, champ. But it's $104,500.
You: Wait—what? That's not the price I saw??
Coinbase:😎 That’s the buy price, my dude.
You: (panicking): Fine, then I’ll sell some of BTC instead!
Coinbase: 😏 Cool cool… we'll give you $101,950.
You: Wha—so y’all just... robbing me with math??
Coinbase: Not Really!📈💸 Welcome to the bid-ask spread. It’s like a cover charge to get wrecked.

What’s This Spread Nonsense?

In simple terms, the spread is the difference between what you pay to buy Bitcoin (the ask price) and what you get when you sell it (the bid price). On Coinbase, when Bitcoin’s chilling at $103,500, the buy price is $104,500, and the sell price is $101,950. That $2,550 gap? That’s the spread, and it’s how Coinbase keeps the lights on.
Think of Coinbase like a pawn shop for crypto. You bring in your old Bitcoin to sell, and they lowball you. Want to buy some shiny new BTC? They jack up the price. It’s not personal—it’s just business.

Why Does the Spread Exist?

Here’s the deal: Crypto exchanges aren’t running a charity. They’ve got servers to maintain, hackers to fend off, and probably a fancy office with a ping-pong table. The spread is their profit margin, but there’s more to it:

Volatility Is Crypto’s Middle Name Bitcoin’s price can swing $5,000 in an hour (and has—remember those 2021 flash crashes?). Exchanges like Coinbase widen the spread to protect themselves from getting rekt if the price tanks mid-transaction.
Liquidity Isn’t Always Lit The spread depends on how many people are buying and selling. If Coinbase’s order book is thin (fewer buyers or sellers), the spread gets chonkier. It’s like trying to sell a rare Pokémon card at 3 a.m.—good luck getting a fair price.
Fees, Fees, and More Fees Coinbase tacks on transaction fees, but the spread also covers their risk of holding Bitcoin while they match buyers and sellers. It’s like paying extra for a concert ticket from a scalper because they’re taking the risk of getting stuck with it.

How to Outsmart the Spread

1). Use Limit Orders: Instead of buying at the market price, set a limit order to buy at a specific price. It’s like haggling at a flea market—you might get a better deal if you’re patient.
2). Trade on Low-Volatility Days: When Bitcoin’s price is stable, spreads tend to shrink. Avoid trading during Elon Musk tweetstorms.
3). Check Other Exchanges: Binance, Kraken, or even DEXs might have tighter spreads. Shop around like you’re hunting for Black Friday deals.
4). HODL, Don’t Trade: If you’re just gonna buy and hold, the spread hurts less over time. Bitcoin’s up 10x since 2020—$2,550 is pocket change in the long run.

Hope , it clears your Doubts about Spread

love u all,
Dharm

Cursor Terminates Student Discount in India: The Good The Bad and The Ugly

Dharmender Kumar — Sun, 11 May 2025 15:42:08 +0000

Before Starting , Picture this :)- You're a Tier 3 college student in India 🥲 running on 2 hours of sleep, 4 cups of chai, and sheer delusion. Suddenly, Cursor AI drops a free Pro plan for students.
GPT-4o? 500 fast requests?
Bro, take my student ID, my Aadhar, my soul — whatever you need. 😭💻

But just when you and Cursor were becoming besties...
BAM! They yank the student discount in India.

BUT WHY....?

A few legends thought,
😎 Why get a CS degree when I can sell fake student accounts and get rich?"
And they did. 😤💸

Cursor’s kind-hearted “Free Pro for Students” offer turned into an underground economy faster than you can say Photoshop. People were whipping up fake college IDs, selling accounts, and basically speedrunning the downfall of a good thing.
So what did Cursor do?
Removed India from the list of student discount.

Legit students: Bro, what did we do?☹️
Cursor: Blame the Jeet(just an imaginary name) who sold 69 fake accounts on X or Telegram or Whatsapp😤.

The student plan was meant to help real students with valid emails/IDs via SheerID. But once it got flooded with fakes, Cursor had two options:

1). Go broke 💸

2). Hit CTRL + ALT + DELETE on India’s student discount.
They chose survival....🫠

The only bad thing that happened was

Legit Students Got Wrecked

Tons of real students used Cursor to code like pros.
Hackathons? ✅
College projects? ✅
AI-powered debugging at 3AM? ✅

But every coin 🪙 has 2 sides

Yes, losing Cursor Pro for Indian students hurts—but maybe, just maybe, it’s a blessing in disguise.

Now, students might-

1).Focus more on learning the core concepts, instead of over-relying on AI to autocomplete their homework.

2).Build a deeper understanding of how code works, rather than what an LLM thinks might work.

3).Turn frustration into fuel—and possibly build something even better, homegrown and accessible.

some thoughts

Trust is fragile. Abuse it, and everyone pays the price.
An entire generation of devs just got a front-row seat to how ethics aren't optional in tech.
Not the lesson we asked for—but one we clearly needed. 👀

love you
Dharm