Node wins when the work is I/O-bound and the team is already shipping TypeScript on the frontend — one language, one type system, shared validation schemas across client and server. Go takes over when you need raw CPU throughput or a single static binary; Python takes over when the work leans on its data/ML ecosystem. For typical API, realtime, and background-job workloads, Node's non-blocking I/O model and npm ecosystem usually win on time-to-ship.
Fastify, by default. It's schema-first — request and response validation, plus serialization, are built into the framework rather than bolted on — and its plugin encapsulation model keeps large codebases from turning into middleware soup. We reach for Express only on brownfield projects already built around it, where a rewrite isn't worth the risk.
BullMQ on Redis for anything that needs retries, delays, rate limiting, or cron-style scheduling — webhook delivery, email sends, ETL steps. Jobs are idempotent by design so a retry after a crash never double-processes. We separate the job processor into its own deployable so a queue backlog never starves the API's event loop.
tRPC when both client and server are TypeScript — it gives end-to-end type inference with zero codegen and zero schema language to maintain. REST when the API has external or third-party consumers who need a stable, documented contract. GraphQL when clients need to shape their own queries across a genuinely graph-like data model — we don't reach for it just because it's available.
Yes — most of our work is brownfield. We start with a tech audit: Node version, framework, dependency health, test coverage, and where `any` or untyped boundaries hide. We ship into the existing app behind feature flags and migrate incrementally; no big-bang rewrites unless the codebase genuinely can't be salvaged.
Vitest for unit and integration tests, against the same TypeScript config as the app. Supertest-style HTTP assertions for route-level coverage, and BullMQ's test utilities for job processors. CI runs the full suite plus `npm audit`/Snyk on every PR; nothing merges with a red build or an unaddressed critical vulnerability.
10 — Start
Let's build something worth shipping.
Two-week diagnostic, four-week MVP, twelve-week ground-up. Bring the brief — we'll send a plan, not a pitch deck.