# JavaScript 10-Week Learning Plan (Checklist) ## Week 1 --- JS Fundamentals - [ ] Variables: let, const, var - [ ] Data types - [ ] Functions (declaration, expression, arrow) - [ ] Objects & arrays - [ ] JS execution model - [ ] Practice: Explain 20--30 snippets line by line [Reading](https://developer.mozilla.org/en-US/docs/Learn/Getting_started_with_the_web/JavaScript_basics) ## Week 2 --- DOM & Events - [ ] DOM tree understanding - [ ] Selecting & modifying elements - [ ] Event listeners - [ ] Event bubbling & capturing - [ ] fetch/XHR basics - [ ] Practice: Trace JS on real websites - [ ] Resource: DOM Crash Course (Traversy) ## Week 3 --- Scopes, Closures, Hoisting - [ ] Lexical scope - [ ] Closures - [ ] IIFE - [ ] Hoisting behavior - [ ] Practice: Read lodash functions - [ ] Resource: YDKJS --- Scope & Closures ## Week 4 --- Asynchronous JS - [ ] Callbacks - [ ] Promises - [ ] async/await - [ ] Event loop - [ ] Practice: Trace async flows - [ ] Resource: Async JS Crash Course ## Week 5 --- Web APIs & Front-end Logic - [ ] LocalStorage/SessionStorage - [ ] fetch() advanced usage - [ ] JSON handling - [ ] CORS basics - [ ] Practice: Analyze login flows - [ ] Resource: javascript.info/fetch ## Week 6 --- Node.js & Express - [ ] Node.js architecture - [ ] Modules: import/export, require - [ ] fs & path modules - [ ] Express routing & middleware - [ ] Practice: Read open-source Node apps - [ ] Resource: Express Docs ## Week 7 --- Security-Focused JS Reading - [ ] DOM XSS sinks & sources - [ ] Dangerous APIs (innerHTML, eval, etc.) - [ ] Prototype pollution basics - [ ] CSRF token reading - [ ] Auth/session logic in JS - [ ] Resource: PortSwigger DOM XSS ## Week 8 --- Real-World JS Reading - [ ] Minified code reading - [ ] Obfuscated JS basics - [ ] Using AST Explorer - [ ] Reading library source code (axios/jwt) - [ ] Practice: Rewrite complex code clearly ## Week 9 --- Secure Coding Patterns - [ ] Injection patterns - [ ] SSRF in Node.js - [ ] File upload logic - [ ] Race condition patterns - [ ] Regex DoS awareness - [ ] Resource: OWASP NodeGoat ## Week 10 --- Full Codebase Mapping - [ ] Choose one open-source JS app - [ ] Map file structure - [ ] Identify routes & controllers - [ ] Trace authentication flow - [ ] Trace API logic - [ ] Draw full architecture diagram - [ ] Identify 3--5 vulnerabilities