NodeJs and Express: is there any risk my source code can be seen?

i am new to nodejs and express deployment…

i want to upload my files to my windows server machine, but i am afraid my source code can be retrieved using some url like http://myip:8080/app.js

Where should i put my files when i deploy my nodeJS app? Additional question: does anyone know where should i put my username and password for database instead of inside the source code?

Hi @irq20xdfr,

Node works differently than other web servers that you might be familiar with. With something like Apache, for example, URLs often correspond to actual files (html documents, images, css files etc.) from the server’s file system.

Node works differently - a running application will only respond to requests for URLs that you explicitly set up.

Here’s a really basic Hello World example of a Node server, using the Express framework:

var express = require('express');
var app = express();

app.get('/', function (req, res) {
  res.send('Hello World!');

app.listen(3000, function () {
  console.log('Example app listening on port 3000!');

As it says on the example page:

The app starts a server and listens on port 3000 for connections. The app responds with “Hello World!” for requests to the root URL (/) or route. For every other path, it will respond with a 404 Not Found.

It doesn’t really matter where you put the files, as they’ll never be directly exposed to the web. Any static files (images, CSS) would have to be served via Node, or (probably better) served by a separate web server such as Apache.

It’s common practice to read configuration settings and sensitive information like credentials and API keys from environment variables on the server.

The simplest way to do this when developing on a Windows machine is probably to use something like the dotenv module. This allows you to put your credentials in a separate .env file, which can be loaded and made available to your app.

.env file


Your Node app

// Import the settings early

// ...

// Access the credentials when you need them
// via process.env
var db = require('db')
  host: process.env.DB_HOST,
  username: process.env.DB_USER,
  password: process.env.DB_PASS

Really really good explanation! Thank you fretburner…

Now as an extra doubt? if i plan to run my project in my windows server in production…
is there any other technology i should use besides express, a process manager (for keeping my process alive), nginx or apache (for redirecting ports and request) ?

thank you in advance

git, without version control it’s difficult to undo mistakes (in the code). and often an easy way to deploy code.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.