Stripe Cancel-Save Flow in Node: Retain Subscribers
Build a Stripe cancel-save flow in Node with cancellation intent, save offers, period-end cancellation, and reason analytics.
Articles
Engineering guides
Long-form, cited guides for maintainers hardening GitHub Actions workflows and Stripe billing paths.
Stripe MRR and Churn in Node: Subscription Metrics
Compute Stripe MRR, ARR, churn, paid invoice revenue, and refunds from idempotently stored subscription events in Node.
Usage-Based Billing with Stripe in Node: Meter Safely
Build usage-based Stripe billing in Node with a durable usage ledger, billing meter events, customer alerts, and invoice timing checks.
Stripe Per-Seat Billing in Node: Proration Controls
Build Stripe per-seat subscriptions in Node with durable seat counts, explicit quantity updates, and predictable proration behavior.
Stripe Webhook Idempotency in Node: Stop Double Work
Build idempotent Stripe webhooks in Node by verifying raw bodies, storing event IDs, and separating API idempotency from webhook dedupe.
npm Trusted Publishing: Safer GitHub Actions Releases
How to keep npm publishing workflows tokenless, traceable, and narrow enough to review.
Dependabot GitHub Actions: Safer Bot PR CI Workflows
How to review token, secret, and automation boundaries on Dependabot pull requests.
GitHub Actions Script Injection: Safer Shell Steps
How to keep pull request text and other event data from becoming shell code.
GitHub Actions Cache Security: Avoid Poisoned Builds
How to use GitHub Actions caches without turning dependency restores into a hidden supply-chain trust path.
Artifact Attestations: Verify GitHub Actions Builds
How to add GitHub Actions artifact attestations without turning release provenance into unchecked paperwork.
Self-Hosted Runners: Secure GitHub Actions CI Builds
How to review self-hosted runner exposure before CI jobs can reach local machines, private networks, or long-lived credentials.
Reusable Workflows: Secure GitHub Actions Pipelines
How to review reusable workflow calls before shared automation spreads CI/CD risk across repositories.
OIDC Trust Policies: Secure GitHub Actions Cloud Deploys
How to keep GitHub Actions OIDC cloud trust policies narrow enough for production deployments.
Pin GitHub Actions to SHAs: Secure CI/CD Pipelines
How to make third-party GitHub Actions dependencies immutable, reviewable, and easier to enforce.
GITHUB_TOKEN Permissions: Safer GitHub Actions CI/CD
How to make GitHub Actions token permissions explicit, narrow, and easier to audit.
GitHub pull_request_target Security: Safe PR Workflows
When pull_request_target is useful, when it is risky, and how to split trusted automation from untrusted pull-request code.
GitHub Actions Security: 5 CI Risks to Fix Right Now
Five workflow checks to prioritize before release automation expands risk.