JWT authentication in Node.js + Express done the way clients pay for: 15-minute access tokens, opaque refresh tokens hashed in PostgreSQL, refresh-token rotation with reuse detection, real revocation. Quick start, Prisma schema, client-side fetcher, production checklist.
| Error | What it means / fix |
|---|---|
| UnhandledPromise | Express.js async error handling that actually works in 2026 Express.js async error handling that actually works in 2026: Express 5 native catching, the express-async-errors patch for legacy apps, typed error classes, and the Sentry integration that survives a bad deploy. |
| MODULE_NOT_FOUND | Fix “Cannot find module” in Node.js (CommonJS, ES modules, TypeScript) Fix Cannot find module in Node.js: CommonJS vs ESM resolution rules, TypeScript path aliases at runtime, file case-sensitivity, monorepo workspace pitfalls, and the diagnostic tree I hand new engineers. |
| EADDRINUSE | Fix EADDRINUSE: address already in use in Node.js (Mac, Linux, Windows) Fix EADDRINUSE: address already in use in Node.js on Mac, Linux, and Windows. The kill commands per OS, the TIME_WAIT trap, graceful shutdown, and how to stop it from coming back. |
Fastify hits 114K req/s where Express stalls at 21K. The full Node.js benchmark with autocannon, the migration path, and when Express is still the right pick.