primary key Data
A column that uniquely identifies each row in a table — no two rows can share the same value. Usually it's an auto-generated id number that the database assigns for you.
Plain-language definitions for every bit of jargon in the lessons. You'll also see these terms underlined throughout the courses — click one to get the definition without losing your place.
A special SvelteKit file that runs before every page loads. Because it applies across the whole site, it's the right place to set up things like analytics that should run everywhere.
A SvelteKit file-naming convention that tells the framework to run this file only on the server, never in the browser. It's the safe home for database queries and secrets, since the code never ships to your users.
A file listing what Docker should skip when copying your project into an image, working just like .gitignore does for Git. It keeps things like node_modules and .env out of your image, so builds stay fast and secrets stay safe.
A hidden file macOS quietly drops into folders to remember display settings like icon positions. It's harmless on your own machine but only clutters a Git repo, so it belongs in your .gitignore.
A plain text file holding your environment variables (secrets and settings) for local development. It stays out of Git so your keys never end up public.
A safe-to-commit file that lists the names of every environment variable your project needs, using fake placeholder values. It acts as a map for teammates or your future self without ever exposing real secrets.
The hidden folder Git creates inside your project the first time you run git init. It holds every snapshot, every commit message, and all of Git's inner workings — think of it as Git's brain, and you'll basically never need to open it yourself.
A plain text file at the root of your project that tells Git which files and folders to leave out entirely — secrets, generated files, and OS junk that don't belong in your history. You list one pattern per line, with * standing in as a wildcard.
An extra step where the cardholder confirms a payment straight with their bank — a pop-up, a texted code, or a tap in the banking app. It's often required in Europe, and Stripe Checkout walks the customer through it automatically.
A DNS record that points your domain straight at a numerical IP address, telling browsers which server to connect to when someone visits your site. Reach for it when your host gives you a fixed IP rather than a hostname.
The full address of a file or folder, written all the way from the root of your drive (like /Users/you/projects/my-app). Because it's complete, it points to the same place no matter where you are in the terminal.
When an attacker gains access to someone else's account, often by exploiting a weak spot in how your app verifies who's who. It's the main danger of automatically merging accounts just because they share an email address.
Your bank as the seller — the place where money from successful sales lands, usually a day or two after a transaction clears.
A number that changes what you do next — like the share of visitors who click your signup button, or which source sends people who actually stick around.
The narrow strip of icons along the far left edge of VS Code that switches you between panels like the file Explorer, search, source control, and extensions.
A browser extension that stops ads and tracking scripts from loading. Many ad blockers also block analytics tools like GA4, so some of your real visitors won't show up in the data.
A small plugin that tells SvelteKit how to package your app for a particular host or deployment target. Different hosts need different adapters — deploying to Vercel uses adapter-vercel, while a fully static site uses adapter-static.
An AI that can take actions in your project, like running commands and creating files, instead of just writing text back to you. Unlike a plain chat window, it can actually carry out your instructions.
A tiny Linux distribution that's a favorite Docker base image because it's only a few megabytes instead of the hundreds a full Linux adds. You'll spot it in image names like node:20-alpine.
A server that stays running around the clock waiting for requests, rather than spinning up only when called like a serverless function. You need one for things like background jobs and persistent database connections, and it usually costs a flat monthly fee.
Data about how people use your site, such as which pages they visit, how long they stay, and where they came from, gathered by a small script on your page and shown in a dashboard.
An Application Programming Interface — a defined way for one program to talk to another. When your app "calls an API," it's asking another service to do something or hand back data.
A secret token that identifies your app to an outside service and proves you're allowed to use it. Treat it like a password — keep it out of your code.
A modern password-hashing algorithm widely considered today's gold standard. Like bcrypt it's slow on purpose, but it also eats up memory, which makes brute-force guessing even harder.
The thing a command acts on — a filename, a folder, or a word you pass in after the command itself. In cd projects, the word projects is the argument.
Proving who a user is — usually an email and password, or a "log in with Google" button. It's how your app knows which account someone is using.
The part of an app that runs on the server: databases, logic, and anything users shouldn’t see directly. It pairs with the "frontend" in the browser.
Copying existing data into a new place — usually from an old database column into one you just added — so nothing gets lost when you restructure your database. It's the middle step of the expand-then-contract migration pattern.
Work your app does behind the scenes — sending emails, processing uploads, cleaning up old records — without a user directly triggering it. These need an always-on server and won't run on free serverless tiers.
The total amount of data your host sends out to visitors — every page, image, and API response adds up toward a monthly limit. Most small projects barely dent a typical free-tier cap.
The pre-built image your own Docker image starts from, named after the FROM line in a Dockerfile. It usually bundles a minimal operating system with a runtime like Node or Python already installed, so you only add your app on top.
A password-hashing algorithm built to be deliberately slow, so attackers can't cheaply guess passwords by trying millions of combinations. It's a long-standing, trusted choice for safely storing passwords in a database.
A TypeScript library you install right into your app to handle the hard parts of login: password hashing, sessions, social login, and sensible security defaults. Your users and sessions live in your own database, not on someone else's service.
The secret string Better Auth uses to sign and verify user sessions — the master key that stops anyone from faking a logged-in state. Set it as an environment variable in production, and if it ever leaks, treat every session as compromised.
The percentage of visitors who leave after viewing just one page without doing anything else. A high bounce rate on a page that matters is usually a sign something isn't landing.
A separate line of work in Git where you can try changes without touching the main version. If it works, you merge it in; if not, you throw it away.
A security bug where your app checks that a user is logged in but never checks whether the data they're asking for actually belongs to them. That gap lets any logged-in user read or edit someone else's records by guessing an ID.
The automated step your host runs after you push code — compiling, bundling, and checking your app before it goes live. If the build fails, the broken version never reaches your users and the last working one stays up.
The command a host runs to compile and package your app into files it can serve — for a SvelteKit project that's usually npm run build. It runs every time you push new code.
The time your host spends compiling and packaging your app each time you push new code. Free hosting tiers include a monthly allowance of build minutes, though most small projects use only a sliver of it.
The exact address on your app that a provider like Google or GitHub sends users back to after they confirm who they are. You register it with the provider ahead of time so users only get redirected to places you control.
The single official web address you pick as the real home for your site — say, yourdomain.com rather than www.yourdomain.com. Redirecting every other version to it tells search engines there's only one true address, so your site's reputation doesn't get split across copies.
Companies like Visa, Mastercard, and Amex that set the rules for card payments, route each transaction to the right bank, and take a small cut along the way.
A Stripe object your server creates for a single payment attempt — it holds the price, the product details, and the URLs to send the customer to after they succeed or cancel. Stripe hands back a URL where your customer goes to actually pay.
Anthropic's official command-line AI tool that runs in your terminal and can read, write, and run code in your project with your approval. It's one of the agentic tools we recommend in this course.
A hosted authentication service with a generous free tier that gives you ready-made sign-in screens and a user dashboard out of the box, so you can have working login in under an hour.
A pair of credentials a provider like Google or GitHub hands you when you register your app: the client ID names your app publicly, and the client secret is a private key proving you really own it. Both are needed to complete the OAuth flow.
A free hosting service from Cloudflare that publishes your website by dragging in your files or connecting a GitHub repo. You get a real public URL in seconds, with no server setup.
A cloud file-storage service from Cloudflare with a generous free tier and no egress fees, so you aren't charged every time someone downloads one of your files.
A type of DNS record that points one domain name at another. Often used to point "www" or a subdomain at your host.
A named property tracked for every row in a table, like email, created_at, or title. Each column has a type that tells the database what kind of value to expect.
A search box in VS Code (opened with Ctrl+Shift+P or Cmd+Shift+P) that lets you find and run almost any editor action by typing its name. It's faster than hunting through menus.
A saved snapshot of your changes in Git, with a short message describing what you did. Each commit is a point you can always come back to.
The long string of letters and numbers Git assigns to each commit as its unique fingerprint — something like a3f91c2. You use it to point at a specific snapshot in commands like git diff or git revert.
The cost of actually running your code on a host's hardware — the CPU time it takes to handle each request. Hosts bill for it either by the second (serverless) or as a flat monthly fee for an always-on server.
A middleman between your app and your database that reuses a set of open connections instead of opening a brand-new one for every request. It keeps short-lived serverless functions from blowing past the database's connection limit.
A single URL containing everything your app needs to reach a database: host, username, password, database name, and any connection settings. Keep it secret and never commit it to Git.
When a visitor completes a specific action you care about — signing up, clicking a button, making a purchase. You decide what counts as a conversion for your own site.
An attack that takes a giant list of leaked email-and-password pairs from one breached site and automatically tries them on your login page, betting people reused passwords. Rate limiting on login is the main defense.
A task that runs automatically on a set schedule — say, every night at midnight or every Monday morning. Named after the Unix cron tool, it's handy for things like weekly emails or refreshing data feeds.
An attack where a malicious site tricks your browser into firing a request at another site — say, your bank — while it quietly carries your login cookies, triggering actions you never meant to take. The SameSite cookie attribute is the main modern defense.
An attack where malicious JavaScript gets injected into a page and runs in other users' browsers, where it can steal things like session tokens. HttpOnly cookies are one layer of defense, since JavaScript can't read them even if an XSS attack lands.
The four basic operations every app performs on a database: Create (insert a row), Read (fetch rows), Update (change a row), and Delete (remove a row).
Short for call-to-action: a button or link that asks the visitor to do one specific thing, like "Sign up free" or "Get started." It's usually the most important clickable element on the page.
The keyboard shortcut for stopping whatever is running in your terminal. Press Control and C together and the running process halts, handing your prompt back to you.
A command-line tool for sending HTTP requests straight to a server, with no browser or form involved. Developers use it to test APIs, and attackers use it to poke at servers while skipping any checks your frontend would normally enforce.
The folder your terminal is currently "standing in." Any command you run acts on this location unless you point it somewhere else.
A code editor built on VS Code with an AI assistant baked right in. You can prompt it to write, edit, and explain code without leaving the editor.
A signal you fire from your own code to record a specific action, like a button click or a form submission. Unlike pageviews, which are tracked automatically, you write the line that says "this just happened."
A large, climate-controlled building full of computers and networking gear that runs around the clock. When you host a site, your files and code live on a machine inside one of these.
An organized store for your app's data — users, lessons, orders — that you can save to and search quickly. Most web apps have one behind the scenes.
Pushing your app from your laptop out to a server so the world can use it. "Going to production" means making it live.
A named design decision — a specific color, font, or spacing size — stored once and reused everywhere. Tokens keep your whole project visually consistent instead of each page drifting slightly off.
Running a container in the background by adding -d to docker run, so your terminal stays free for other commands. Without it, the container takes over your terminal with its live output until you stop it.
A panel built into every modern browser (open it with F12) that shows JavaScript errors, network activity, and log messages from your app. It's one of the first places to look when something isn't working.
A built-in panel in every modern browser (usually opened with F12) for inspecting a page's code, network requests, and errors. Its Network tab is handy for confirming your analytics events are actually firing.
A highlighted view of exactly what changed in a file: removed lines in red, added lines in green. When an AI proposes an edit, reading the diff shows you precisely what it's about to change before you accept.
A DNS record that cryptographically signs your outgoing email, so providers like Gmail trust it really came from your domain and don't flag it as spam.
The internet's phone book. DNS translates a domain like justvi.be into the server address your browser actually connects to.
The time it takes for a change to your DNS records to spread to servers around the world so everyone sees the update. It usually finishes within 30 minutes but can take up to 48 hours in rare cases.
A way to package your app with everything it needs to run, so it behaves the same on your machine and in production. The package is called a "container."
A tool for describing a whole stack of containers — your app, a database, whatever else — in one file, then starting or stopping them all together with a single command. It also puts them on a shared network so they can find each other by name.
The official app that installs and runs the Docker engine on Mac, Windows, and Linux. When it's running you'll see a whale icon in your menu bar, and your docker commands work from the terminal.
The default public registry for Docker images, run by Docker itself. It hosts official images for popular software like Postgres and Nginx, and you can push your own public images there for free.
A snapshot of everything an app needs to run — the code, its dependencies, and a slimmed-down operating system — packaged into one reusable file. It doesn't run on its own; you spin up running containers from it, as many as you like.
The YAML file Docker Compose reads to learn which services to run, how they connect, and where their data lives. You write it once, and it replaces a long string of manual docker commands.
A plain text file of step-by-step instructions that tells Docker how to build an image for your app — install these dependencies, copy this code, run this command. Docker reads it top to bottom to produce a portable, self-contained image.
Your site's address on the web, like justvi.be. You rent it (usually ~$10/year), and it's one of the few things you truly own in your stack.
A company you rent your domain name from (like yourthing.com), usually for around $10-15 a year. Cloudflare and Porkbun are two popular ones.
A well-tested JavaScript library that cleans untrusted HTML before you display it, stripping out anything that could be used for a cross-site scripting attack. It's the go-to choice when you genuinely need to render user-submitted rich text.
A lightweight TypeScript ORM used in this course to define database schemas and run queries against Postgres. It generates readable SQL and fits cleanly into SvelteKit.
A JavaScript library that lets you define your database tables in code and query them with TypeScript instead of raw SQL. It ships with a companion tool, drizzle-kit, that generates and runs your migration files for you.
The command-line companion to the Drizzle ORM that turns your schema changes into real database migrations and applies them. You'll reach for it during development whenever you add or change a table.
An app that runs code on the server for each request — handling logins, talking to a database, or building pages on the fly. It needs a host that can actually execute your code, not just hand out files.
A global network of servers that delivers your site's files from whichever location is physically closest to each visitor, so pages load faster everywhere. Cloudflare Pages runs on one of the largest edge networks on the internet.
A charge some cloud providers add when data is downloaded out of their storage, the cost that quietly piles up as more people view your images or files.
A step where your app emails a link to a new user's address and asks them to click it before their account is fully active. It proves they actually own that address, which cuts down on fake accounts and makes password recovery possible.
A setting kept outside your code — like an API key or database URL — so secrets aren't hard-coded and can differ between your laptop and production. Stored in a .env file locally.
Converting special characters like < and > into harmless display text before showing user-supplied content, so the browser prints them literally instead of running them as code. Most modern frameworks do this for you unless you explicitly opt out.
A VS Code extension that scans your JavaScript for common mistakes and flags them before they cause problems. Think of it as a spell-checker for code logic.
The share of visitors who leave your site from a particular page. A high exit rate on a page that's meant to lead somewhere next is a sign people are dropping off where they shouldn't.
The file-browser panel on the left side of VS Code that shows your project's files and folders as a tree. Think of it as your project's table of contents.
An add-on you install in VS Code to give it new abilities, like a color theme, support for a programming language, or an AI assistant. Most are free and install with one click.
The simplest kind of merge, where the branch you're merging in sits directly ahead of your current branch with no diverging work. Git just slides the pointer forward instead of creating a separate merge commit.
A privacy-friendly analytics service that counts visits and custom events without cookies or personal data. It runs as a paid hosted plan, so you don't have to manage a server.
The nested structure of folders inside folders that your computer uses to organize every file. It starts at a single root and branches outward like an upside-down tree.
An extra option you tack onto a command to change how it behaves, usually starting with a dash (like -a or --help). Flags let a single command do several related jobs.
A cloud hosting platform that runs your app in containers on servers around the world, deployable with a single command from your terminal. Like Vercel and Render, it handles custom domains, HTTPS, and rolling back to a previous version.
A column that stores the ID of a row in another table, creating a link between them. For example, an ingredients row with a recipe_id column points to the recipe it belongs to.
A VS Code setting that tidies up your code's spacing and indentation automatically every time you save. Paired with a formatter like Prettier, it keeps your code clean without you thinking about it.
A service that catches a form submission from your site and forwards it straight to your email inbox, with no backend code to write, which makes it a quick fix for simple contact forms.
A starter structure and set of tools for building apps, so you're not wiring everything from scratch. just vibe is built on SvelteKit, one such framework.
The no-cost level of a paid service, usually capped by usage limits like emails per month or gigabytes of storage. It's meant to let a small or new project get started without paying anything.
The part of an app that runs in the browser — what people see and click. The "backend" is the part on the server that handles data and logic.
A built-in database feature that lets people search across blocks of text, like blog posts or product descriptions, without bolting on a separate search tool, often plenty for a small project.
The number of times your serverless functions get called in a given period. Free tiers cap how many you get per month, so an app that fires off many backend calls per page load can hit that ceiling sooner than you'd expect.
A series of steps you expect a visitor to take, like landing page to signup to confirmed, where you track how many people make it through each one. It shows you exactly where people drop off.
Google's free analytics platform, short for Google Analytics 4, with deep reports on user behavior, funnels, and traffic sources. It uses cookies and stores data on Google's servers, so it usually needs a consent banner.
A European privacy law that requires websites to get clear permission before collecting personal data about visitors. It's the main reason so many sites show a cookie consent banner.
GitHub's official command-line tool for creating repos, opening pull requests, and more without touching a browser. Your AI can use it to manage your code on GitHub for you.
A version-control tool that tracks every change to your code, so you can undo mistakes, see history, and never lose work. Think of it as save points for your whole project.
The command that makes a full local copy of a remote repository — every file and the entire commit history — and automatically wires up the connection back to the remote. It's how you pull an existing project onto your machine to start working on it.
A Git option that replaces your most recent commit with a corrected version — handy for fixing a typo in a commit message or slipping in a file you forgot. Only use it before you push, since it rewrites history.
A Git command that shows the exact line-by-line changes between your current files and your last commit, or between any two commits you name. Lines starting with - were removed; lines starting with + were added.
The permanent record of every change ever committed to a repository, including files and lines you later deleted. A secret you committed and then removed still lives in the history, which is why rotating it matters more than trying to erase it.
The command that turns a plain folder into a Git repository by creating a hidden .git folder inside it. You run it once, right at the start of a project, and never again.
The command that shows your repository's commit history — who committed, when, and with what message. Adding --oneline collapses each entry to a single line for a quick, scannable view.
The command that fetches commits from a remote and applies them to your local branch. Use it to bring your machine up to date with changes that happened elsewhere.
The command that sends your local commits up to a remote like GitHub, making them visible to anyone with access. Nothing leaves your machine until you push.
A Git command that rewinds your local commit history to an earlier point. Running git reset HEAD~1 undoes your last commit but keeps the file changes as un-staged edits, so nothing is lost — only the commit itself is unwound.
A Git command that throws away unwanted changes to a file, snapping it back to how it looked in your last commit. Add the --staged flag and it instead un-stages a file, leaving your edits untouched.
The safe way to undo a commit you've already pushed: instead of erasing it, Git adds a new commit that does the exact opposite. Because it doesn't rewrite history, it won't trip up anyone else who already pulled the original.
A read-only Git command that shows what has changed, what's staged, and what's untracked — without touching anything. Running it often is a great habit; it never does any harm.
A website that hosts your Git repositories online. It's where your code lives in the cloud — backed up, shareable, and ready to deploy from.
GitHub's built-in registry for Docker images, hosted at ghcr.io. It sits right next to your code repositories, so it's a natural pick if you're already on GitHub.
An AI coding assistant from GitHub that lives inside VS Code, suggesting code as you type and answering questions about it. It's one of the most widely used AI tools for developers.
A free hosting feature built into GitHub that publishes a website straight from one of your repositories. It's a quick way to put up portfolios, docs, and simple static sites.
A VS Code extension that surfaces Git history and "who last changed this line" right inside the editor, making it easier to see how your code got to where it is.
Goods and Services Tax — a consumption tax used in places like Australia, Canada, and India that works much like VAT. Same deal too: it becomes your responsibility when you're the merchant of record.
Writing a sensitive value like a password or API key straight into your source code instead of loading it from a separate, protected place. It's risky because the value then travels everywhere your code goes, including your version history and any shared repository.
Git's pointer to the commit you're currently sitting on — usually the latest commit on your active branch. When you spot HEAD in a command or a conflict marker, read it as "where I am right now."
A test Docker runs over and over inside a container to confirm the service is actually ready for traffic, not just started. It's what lets one container wait for a database to be fully up before connecting to it.
The personal folder your operating system gives your user account, where things like Documents and Downloads live. In the terminal, the tilde (~) is a shortcut that points to it.
A popular package manager for macOS that installs developer tools, like the Stripe CLI, with a single command in the terminal.
A special SvelteKit file whose code runs on every incoming request before it reaches your pages or API routes. It's the natural spot to read the session cookie once and make the logged-in user available everywhere in your app.
A ready-made payment page served by the gateway itself, not your server, that handles the card form and security for you. You send your customer there and they come back when they're done, so your server never touches card data.
The service that runs your app on the internet so it's reachable. Plenty of good hosts have generous free tiers.
A development feature that updates your app in the browser the instant you save a code change, so you see the result without refreshing by hand. It's what makes the edit-save-see loop feel fast.
The language that defines the structure and content of a web page, using tags like <h1> for a heading and <p> for a paragraph. Every site you visit is built on HTML underneath.
A flag you set on a cookie that stops JavaScript from reading it. Session cookies use it so that even if an attacker sneaks malicious code onto your page, they still can't steal the session.
The secure version of HTTP — the padlock in your browser. It encrypts traffic between the visitor and your site, and modern hosts set it up for free.
A unique string you attach to an API call so that if the same request gets sent twice — from a double-click or a network retry — the service only does the work once and returns the original result. It's how you avoid charging someone twice.
A small window embedded inside a web page that loads content from a different server. Stripe Elements uses iframes for the card fields, keeping the actual card data on Stripe's servers, not yours.
The default home page file of a website. When someone visits your URL, the server looks for this file first and serves it up as your front door.
A function from Vercel's analytics package for SvelteKit that quietly adds the tracking script to every page. You call it once in your layout file and it handles the rest.
A terminal built right into VS Code, so you can run commands without switching to a separate app. It opens already pointed at your project folder.
The bank that gave your customer their card. It's the one that decides whether to approve or decline a charge, based on available funds and whether the card is valid.
Replacing a secret key in three steps: generate a new one, swap it in everywhere the old one was used, then revoke the old one so it stops working. Revoking the old key is the step that actually closes the security hole.
One incremental slice of a Docker image, produced by a single instruction in a Dockerfile. Docker stacks these layers to form the final image and caches each one, so an unchanged step doesn't have to run again.
Docker's habit of saving the result of each Dockerfile step so it can reuse it on the next build instead of redoing the work. When a step's inputs change, the cache for that step and everything after it is thrown out and rebuilt.
A free, open-source JavaScript library for dropping interactive maps into a web page, usually paired with free map tiles from OpenStreetMap so you need no API key or billing account.
A payment platform aimed at indie developers selling digital products. Like Paddle, it acts as the legal seller and sorts out taxes worldwide so you don't have to.
The list of things being sold that you hand to Stripe when creating a checkout session — each item spells out the product, the price, the currency, and the quantity.
A VS Code extension that opens your HTML file in a browser and refreshes the page automatically every time you save, so you see edits instantly without reloading by hand.
The kind of AI behind tools like Claude, ChatGPT, and Gemini: a model trained on huge amounts of text that can understand and generate language, write code, and reason through problems.
A SvelteKit function that runs before a page renders and fetches whatever data that page needs. Whatever it returns shows up as data inside your page component, ready to display.
Your own computer, addressed as a website. A locally running app lives at something like localhost:5173 — visible only to you until you deploy.
A per-request scratch space SvelteKit gives you to carry data — like the signed-in user — from server middleware down to your load functions and form actions, so you don't have to look it up from the database again.
A terminal command that lists the files and folders in your current directory. On Windows PowerShell, dir does the same thing.
Short for Long-Term Support: the stable, long-supported release of a piece of software, the version to grab when you just want something that works and won't break on you soon. When in doubt, pick the LTS.
A passwordless sign-in: instead of typing a password, the user gets a one-time link emailed to them, and clicking it logs them straight in.
A database run for you by a third-party service that handles the backups, updates, and uptime, so you just connect and use it. Supabase, Neon, and Turso are popular examples.
The small image squares that get stitched together to draw a map on screen. Libraries like Leaflet fetch and arrange these tiles for you from a source such as OpenStreetMap.
A simple way to write formatted text with plain symbols (# for headings, * for emphasis). just vibe's lessons are written in it.
Short for Model Context Protocol, a standard that plugs external tools like a database or hosting service straight into an AI so it can use them natively. Think of it as handing your AI a toolbox instead of making it type commands.
The unique ID that GA4 gives you when you create a property, formatted like G-XXXXXXXXXX. You paste it into your site's code so GA4 knows which account to send the data to.
A GA4 feature that lets your server send events straight to Google over HTTP, skipping the visitor's browser. Because it comes from your server, the data still gets through even when someone uses an ad blocker.
A free, open-source search engine you can run on your own server that returns fast, typo-tolerant results, handy once your database's built-in search starts to feel slow or too rigid.
The legal entity on the hook for charging the customer and handling taxes like VAT. Platforms like Paddle and Lemon Squeezy act as the merchant of record so you don't have to wrestle with international tax compliance yourself.
The Git operation that takes the commits from one branch and folds them into another. When your feature branch is ready, you merge it into main so that work becomes part of the main codebase.
What happens when two branches change the same lines of the same file and Git can't tell which version to keep. Git pauses the merge and marks the spot so you can open the file, decide on the final text, and finish the merge yourself.
A tracked, repeatable change to your database’s schema (like adding a column). Migrations let you evolve the database safely and apply the same change everywhere.
When a secure HTTPS page loads some of its resources — an image, script, or stylesheet — over plain, unencrypted HTTP. Browsers warn about it because it weakens the security of the whole page, even if everything else is properly encrypted.
The AI brain behind a tool like Claude or ChatGPT — a large language model trained on text that generates responses from the instructions you give it. When someone says "the model did X," they mean the AI itself, not the app wrapped around it.
A Dockerfile technique where you use one throwaway image to compile or bundle your app, then copy only the finished output into a smaller final image. It keeps build tools and source files out of the image you actually ship, making it much leaner.
A persistent storage area Docker manages outside any single container, so the data survives even if the container is stopped or deleted. It's how you keep a database's data from being wiped every time you restart the stack.
A hosted Postgres service with a genuinely free tier and no lock-in. You create a database, get a connection string, and connect any tool or framework to it.
A free hosting platform that automatically publishes your site from a GitHub repo and gives you a public URL. Like Vercel, it's a popular home for static sites and JavaScript apps.
A popular, lightweight web server used to serve static files or sit in front of an app as a reverse proxy. In this course it shows up as a ready-made Docker image you can pull and run in seconds.
A runtime that lets you run JavaScript outside the browser, directly on your computer or a server. It's the engine underneath most modern web development tools.
The folder npm or pnpm creates to hold all the third-party packages your project depends on. It can swell to thousands of files, so it never gets committed to Git — anyone can regenerate it by running an install.
A runtime that lets your computer run JavaScript outside the browser, which is what most modern web apps and their dev tools are built on. Installing it is usually the first step to running a JavaScript project locally.
A constraint you add to a database column to make it required — the database rejects any row that tries to leave that column empty.
The tool that installs and manages the free code packages your project depends on. One command pulls in libraries other people already built.
A built-in npm command that checks your installed packages against a database of known security vulnerabilities. Running it before you ship helps you catch dangerous flaws in third-party code before your users are exposed.
A command that downloads all the open-source packages your project depends on so it can actually run. Think of it as gathering every ingredient a recipe calls for before you start cooking.
The standard command to start a project in development mode on your own machine. It spins up a local server so you can open the app in your browser at an address like localhost:5173.
A command that ships with npm and runs a package's command-line tool on demand without installing it permanently. It's handy for one-off tools, like the Better Auth CLI.
The database's way of saying "nothing here" — the value stored in an optional column when nothing was provided. It isn't zero or an empty string; it's the absence of a value.
A standard way to let people log in with an account they already have (Google, GitHub) instead of making a new password. The other service vouches for them, so you never handle their password.
A service for storing files — images, videos, documents, user uploads — outside your main app server. Standard options like Cloudflare R2 or AWS S3 are portable, so any host can point at them.
A link between two tables where one row on the first side can connect to many rows on the second, like one recipe having many ingredients. You set it up by putting a foreign key on the "many" table that points back to the "one".
Software whose code is published for anyone to read, use, and improve. Open-source tools are usually free and keep you out of any single company's grip, because the code is yours to keep and run.
A command-line tool for cryptography that's already on most machines. In this course you use it to generate a long, truly random secret for signing session cookies.
A free, community-built map of the world that anyone can use as a source of map tiles, the image pieces that make up an interactive map, without signing up or paying.
The conventional nickname Git gives your main remote repository, almost always the one on GitHub. You could call it anything, but nearly everyone uses origin, so it's worth sticking with.
A library that lets you write database queries in your app's own language instead of raw SQL. It translates your code into SQL the database understands and catches type mistakes along the way.
The folder that holds your app's compiled files once the build command finishes — the files your host actually serves to visitors. Which folder it is depends on your framework and adapter.
A reusable bundle of code someone else wrote that you drop into your project with one install command. It lets you add a feature without building it from scratch.
A file in your project that lists every external package your app depends on, plus the scripts (like npm run build) that run it. If a package is missing here, your host's build will fail because it never knows to install it.
A payment platform for software businesses that becomes the legal seller and handles payment processing plus international tax compliance for you — in exchange for a higher per-sale fee than Stripe.
One instance of a page loading in someone's browser. If a single person reloads the page three times, that's three pageviews.
The full card number printed on a credit or debit card. Storing, sending, or even logging one triggers serious security and legal obligations, which is why payment gateways are built to keep it off your server entirely.
A database query where user input is passed as separate data instead of being mixed into the SQL text. This is how your ORM blocks SQL injection by default, under the hood.
A one-way process that scrambles a password into a fixed string before storing it, so even if your database leaks, the real passwords can't be read back out. Good hashing uses deliberately slow algorithms like bcrypt or Argon2 to make guessing expensive.
A list of folders your terminal searches whenever you type a command, so it knows where to find the tool you're asking for. If a tool is installed but not on your PATH, the terminal acts like it doesn't exist.
A service like Stripe or Square that securely captures card details, checks them, and hands the transaction off to the banking system, then returns an approved or declined answer to your app. It's the front door between your checkout and the financial world.
The behind-the-scenes plumbing that moves a transaction between the payment gateway and the card networks. Often one company plays both roles (Stripe does), so you never deal with the processor directly.
A safe, stand-in reference that a payment gateway hands your server instead of the real card number. You can use it to complete a charge, but it's worthless to anyone who steals it.
A Stripe object that tracks one charge from start to finish — whether it succeeded, failed, or still needs the customer to confirm with their bank. Stripe creates one for you whenever a checkout session is used.
The Payment Card Industry Data Security Standard — the security rules any business must follow if it touches raw card numbers. Falling short can mean fines or losing the ability to accept cards at all.
A secret string you generate on GitHub that stands in for your password when Git talks to GitHub over HTTPS. GitHub no longer accepts your plain account password from the command line, so a token is how you prove you're allowed to push.
A hosting service that handles the infrastructure for you — you connect your GitHub repo and push code, and it builds and deploys automatically. Vercel, Netlify, Cloudflare Pages, Render, and Railway are all platform hosts.
When a platform makes it hard to move your project elsewhere, usually because your data, settings, or code only work inside their system. Avoiding lock-in is a core principle of the just vibe approach.
A privacy-friendly, open-source analytics tool that counts visits without cookies or tracking individuals. You can self-host it for free or pay for a hosted version.
A fast, disk-efficient package manager for JavaScript projects that works much like npm but keeps packages in a shared store so they aren't duplicated across projects. You use it to install and manage the libraries your project relies on.
A backup system that can restore your database to exactly how it looked at any moment in the past, not just the last nightly snapshot. Neon includes it automatically, so a bad migration or accidental delete doesn't have to be permanent.
An affordable domain registrar known for low prices and a friendly interface. It's a solid place to buy and manage your domain name.
A Docker setting that connects a port on your machine to a port inside a container, written as host-port:container-port. Without it, a server running inside the container stays invisible from the outside.
A popular, free, battle-tested database. A solid default for real apps — and what just vibe runs on.
A popular VS Code extension that automatically tidies up your code's spacing and layout every time you save. It handles the fussy formatting so you don't have to.
A temporary live link that some hosts (like Vercel) create automatically for every branch or pull request, so you can see and share your changes before merging them. It lets you review work-in-progress without touching the real site.
A column that uniquely identifies each row in a table — no two rows can share the same value. Usually it's an auto-generated id number that the database assigns for you.
A program that's actively running on your computer, like a local web server or a file watcher. Some terminal commands start a process that keeps running until you stop it with Ctrl + C.
The live version of your app that real users touch — as opposed to the copy running on your laptop. Often shortened to "prod."
The running record of everything your live app prints — each console.log, error, and crash message — kept by your hosting platform. Glancing at them right after a deploy is the fastest way to catch trouble before your users do.
The instruction or question you give an AI model to tell it what to do or build. A good prompt includes enough context, constraints, and examples that the model produces what you actually had in mind.
The official command-line tool for connecting to and querying a Postgres database. You run it with a connection string to open an interactive prompt where you can type SQL directly.
The Stripe key that's safe to drop into browser code. It can only do harmless things like load a payment form — it can't move money or read your account data.
A proposal to merge one branch into another on GitHub, where the changes can be reviewed before they go in. Often shortened to "PR."
A terminal command that prints the full path of the folder you're currently in. It stands for "print working directory" and is the quickest way to check where you are.
A request you send to a database to fetch or change specific data. In SQL, a query reads a lot like a plain sentence: "give me all the posts by user 42" maps almost directly onto the code you write.
A cloud platform that deploys your app straight from a GitHub repo with very little setup. It can also spin up managed databases right alongside your app in the same project dashboard.
A guardrail that caps how many requests one user or IP address can make in a short window. On a login page, it stops attackers from rapidly trying thousands of passwords.
The site or source that sent someone to your page — a search engine, a social post, or another website. When there's no referrer, the visit gets labeled "direct."
A company that sells domain names and lets you manage the DNS records for the ones you own, like Porkbun or Namecheap. It's wise to keep your registrar separate from your hosting provider so neither one can hold the other hostage.
A storage service for Docker images, the way GitHub is storage for code. You push an image up once, and any machine can pull it down and run it.
A database that organizes data into tables which can reference each other through shared IDs. Most apps you'll build — blogs, todo lists, contact apps — fit this model naturally.
A file or folder address written from where you currently are, instead of from the root of the drive. For example, src/components means "the components folder inside src, right here where I'm standing."
Git's name for a copy of your repository that lives somewhere other than your own machine — usually on GitHub. You push commits up to a remote and pull changes back down from it.
A cloud hosting platform you connect to your GitHub repo so it rebuilds and redeploys your app on every push. It has a free tier, managed databases, and a logs view for debugging what went wrong in production.
A project's folder tracked by Git — all its files plus the full history of changes. Usually shortened to "repo."
A developer-friendly email delivery service that makes sending transactional emails from your app simple. It's the email provider used in the just vibe stack.
Switching your live app back to an earlier version that you know worked, usually because a new deploy broke something or a bug only showed up with real users. On most modern hosts it's a single click on a past deployment, with no rebuild needed.
The very top of your computer's folder structure, with nothing above it. On Mac and Linux it's written as /, while on Windows each drive has its own root, like C:.
One entry in a database table — for example, one user, one post, or one task. Every row in a table shares the same columns but holds its own values.
Short for Software as a Service: a web app people log into and pay for on a subscription, like Notion or Spotify. Building your own SaaS is one of the classic goals of vibe coding.
A cookie setting that controls whether the browser includes a cookie on requests coming from other websites. Setting it to Lax blocks most cross-site request forgery attacks without breaking normal links and navigation.
The starter structure a tool or AI generates to get a project going — folder layout, config files, and boilerplate you'd otherwise type by hand. It's the skeleton you flesh out into a real app.
The shape of your data — which tables exist and what columns they have. Defining the schema is deciding what your app stores and how it’s organized.
A package manager for Windows that installs developer tools, including the Stripe CLI, from the command line without needing administrator permissions.
A ready-made package of code a service gives you so you can use their API without wiring up all the connection details yourself. Installing one is usually a single command, like npm install resend.
Any string that grants access on your behalf — an API key, a database password, a signing token. If someone else gets hold of it they can act as you, which is why secrets must never live in your code.
The Stripe key that must stay on your server and never be exposed. It can move money and access your full account, so treat it exactly like a password.
A GitHub feature that watches your repository for known secret formats — like API keys and tokens — and alerts you when it spots one. It's on by default for public repositories.
Running software on a server you control instead of paying a company to run it for you. Analytics tools like Plausible and Umami can be self-hosted so your data never leaves your own infrastructure.
Running software on a server you control instead of paying a company to run it for you. You get full ownership of your data and no vendor lock-in, in exchange for a bit more setup and upkeep.
The legal business that shows up as the seller on a customer's receipt and is on the hook for collecting the right taxes. When you wire up Stripe yourself, that seller is you.
A service that automatically catches unhandled errors in your live app and pings you with the full stack trace, the page the user was on, and details about their device. You hear about bugs the moment they happen instead of waiting for someone to report them.
A Postgres shorthand for an auto-incrementing integer column. Every time you add a row, the database hands it the next number (1, then 2, then 3) so you never have to set the ID yourself.
A SvelteKit function that handles a form submission on the server. It receives the submitted data, runs your logic (like inserting a database row), and SvelteKit refreshes the page with the result afterward.
A SvelteKit file (named +server.js) that runs only on your server and answers HTTP requests. It's where you create checkout sessions and receive webhooks, so your secret keys never reach the browser.
An analytics event sent from your server instead of the visitor's browser. It can't be stopped by browser extensions, and it only fires once something has actually succeeded.
When a web app builds each page on the server and sends the finished HTML to the browser, instead of assembling it in the browser with JavaScript. It's part of what sets a framework like SvelteKit apart from a purely static site.
A way of running code where your host spins up a tiny process for each incoming request and shuts it down right after, so you never manage a long-running server yourself. It scales automatically, but every request starts fresh with no memory of the last one.
A small piece of backend code that runs only when it's called, then shuts down, so you pay for the moments it's actually working rather than a server running around the clock. Great for occasional jobs like handling a form submission or fetching data from an API.
In Docker Compose, one container in your stack — say your web app or your database. Each service gets a name, and Compose uses those names as hostnames so the containers can find each other on a shared network.
How an app remembers you're logged in as you move between pages, so you don't sign in on every click. Usually backed by a cookie.
A long, random string your server creates when someone logs in and stores in a cookie in their browser. The browser sends it back on every request, and the server looks it up to confirm the user is still logged in.
The plain-text file where VS Code stores your personal editor preferences, like font size and formatting rules. You can edit it directly or share it so your whole team gets the same setup.
The program inside your terminal window that actually reads what you type and runs it. Common ones are zsh (the Mac default) and PowerShell (the Windows default).
Confirming that a webhook really came from Stripe and wasn't faked by someone else. Your code recomputes a hash using your signing secret and checks it against the one Stripe attached to the request.
A small block of HTML or JavaScript you paste into your site to switch on a third-party service. Analytics tools like GA4 hand you a snippet to drop into your page so they can start collecting data.
When a server with no recent traffic gets shut down to save resources, so the next visitor waits 30 to 60 seconds while it wakes back up. This is common on free tiers like Render's.
The language used to ask a database questions and change its data ("give me all users who signed up today"). Most databases speak it.
A security attack where someone sneaks extra SQL commands into your query by typing them into a form field. Using an ORM with parameterized queries protects you from this automatically.
A lightweight database that stores everything in a single file on disk — great for building and testing locally. The catch is that it isn't built to survive the fresh-start wipes most cloud hosts perform on every deploy.
The collection of tools, languages, and services that make up your app, like the ingredients in a recipe. A simple site might need only HTML and a host; a full app adds things like a database, auth, and payments.
A detailed error report showing the exact chain of function calls your code was running when it crashed, down to the file and line where it failed. It's your app telling you precisely where things went wrong.
A holding zone in Git where you gather the exact changes you want in your next commit. Picture loading items onto a tray before snapping a photo — only what's on the tray ends up in the snapshot.
A website made of plain HTML files that don't change on the server — what's stored is exactly what visitors see. It's the simplest thing you can ship, needs no database, and is free to host almost anywhere.
The thin bar along the bottom of the VS Code window that quietly shows useful details like your current Git branch, the file's language, and any errors in your code.
A payment company whose APIs, dashboard, and SDKs this course uses to accept card payments. It charges 2.9% plus 30 cents on each successful US card transaction.
A command-line tool from Stripe that forwards real Stripe events to the app running on your own machine, so you can test your webhook handler and trigger fake events without deploying anything.
Stripe's drop-in UI pieces for building your own card form on your page. The sensitive fields are really secure iframes served by Stripe, so the card number still never touches your server.
A free, open-source platform that hands you a hosted Postgres database plus extras like a visual data browser and built-in user logins, all bundled together so you don't have to wire them up yourself.
A file-storage service bundled with Supabase that works like a cloud folder: you upload a file, get back a URL, and save that URL in your database so your app always knows where the file lives.
A framework for building interactive interfaces that compiles your components into lean, fast browser code ahead of time. It's the UI layer that SvelteKit is built on top of.
The full-stack web framework used throughout this course, built on top of Svelte. It handles routing, server-side data loading, and forms so you can build a complete app without wiring all those pieces together by hand.
The way a code editor colors different parts of your code — keywords, text, variable names — so you can tell them apart at a glance. It makes code much faster to read and scan.
A named collection of data inside a database, structured like a spreadsheet tab: rows are individual records and columns are the facts you track about each one.
The text window where you type commands to your computer instead of clicking. Intimidating at first, but it's just a way to give precise instructions — and where a lot of vibe coding actually happens.
A safe sandbox Stripe gives you for building and testing your whole payment flow with fake card numbers. No real money moves, and you don't need to hook up banking details to start.
A column type that stores an exact point in time, down to the second. It's what powers created_at and updated_at columns so you always know when a record was made or last changed.
A sneaky vulnerability where an attacker figures out a secret by measuring how long an operation takes — like a password check that quits early on a mismatch, leaking how many characters matched. The fix is comparing values in constant time, so the duration gives nothing away.
Automated emails your app fires off in response to a specific action — a verification link, a password reset, an order confirmation. A service like Resend handles the delivery plumbing so these messages actually land in inboxes.
An open-source tool that scans your Git history for leaked secrets and verifies whether the credentials it finds still actually work against their services. You can run it without a permanent install using npx trufflehog.
A managed database service built on SQLite, with a free tier and designed to run at the edge close to your users. A lightweight choice when you want persistent storage without standing up a full Postgres setup.
A version of JavaScript that adds type labels to your code, so your editor can catch many mistakes before you ever run it. Tools like Drizzle use it to let you describe your database in the same language as the rest of your app.
An open-source, privacy-friendly analytics tool you can host yourself for free. It tracks pageviews and custom events without using cookies.
A distinct person (or device) who visits your site within a given time window. One unique visitor can rack up many pageviews.
Files that exist in your project folder but that Git has never been told to watch. They show up in git status as a nudge that they won't be saved until you stage and commit them.
An outside service that pings your live URL on a schedule and alerts you the instant your site stops responding. Because it runs separately from your app, it can spot an outage even when your own code is too broken to report it.
A long, randomly generated identifier like a3f2c1d8-... used as a row's unique ID instead of a simple counting number. It's practically impossible to guess and stays unique even across separate databases.
A number that looks impressive but doesn't tell you whether your site is actually working — like total pageviews or follower counts. It can't point you toward a decision.
Value-Added Tax — a sales tax common in Europe and many other countries that sellers often must collect and pass on, including on digital products. Use Stripe directly and figuring out when you owe it is on you.
When leaving a service is so painful — because your data or logic only works in their proprietary format — that you feel stuck even after prices rise or the service gets worse.
A cloud platform for hosting web apps that connects to your Git repo — when you push your code, Vercel builds and publishes it automatically. It's the hosting provider used in the just vibe stack.
A built-in analytics feature for sites hosted on Vercel that counts visits without cookies, so you don't need a consent banner. It tracks pageviews and referrers for free on the Hobby plan.
Software that records every change you make to a project over time, so you can see what changed, when, and why — and roll back to any earlier state. Git is the most widely used version control system in the world.
Software that emulates a whole computer — its own CPU, memory, and operating system — running inside your real one. It solves a similar portability problem as containers but is far heavier, taking minutes to boot and gigabytes of disk.
A rented virtual computer in a data center that you set up and run yourself — full control, but also full responsibility for the setup, security, and upkeep. Not where a beginner should start.
A free, widely used code editor from Microsoft that most vibe coders use to write and browse their project files. You can open a whole project folder in it from the terminal with the command code ..
A message a service like Stripe sends straight from its servers to yours to tell you something happened, such as a payment completing. Unlike a browser redirect, it doesn't depend on the customer keeping their connection open.
A secret Stripe uses to sign every webhook it sends you. Your server checks that signature to confirm the message really came from Stripe and wasn't forged by someone else.
A connection that stays open between a browser and a server so the two can pass messages back and forth in real time — the kind of thing behind live chat, multiplayer games, and live notifications. WebSockets need a persistent server and don't work with serverless functions.
An AI-powered code editor (built on VS Code) that can read your project and write or change code across many files at once. It's one of the agentic coding tools recommended in this course.
Cloudflare's environment for running serverless code at the edge — fast and global, but not quite standard Node.js, so once in a while a package you want won't run there. Worth a quick check before you commit backend logic to it.
Cloudflare's command-line tool for deploying and managing sites and apps on its platform. Running wrangler commands is how you ship to Cloudflare Pages from your terminal.
An attack where someone submits text containing a script, and your app renders it as live HTML so every visitor's browser runs the attacker's code. Modern frameworks like Svelte escape output by default, which prevents it automatically.
Letting people sign in with an account they already have elsewhere, like Google or GitHub, instead of making a brand-new password. That outside service (the provider) confirms who they are, and your app then creates or looks up a matching account in your own database.