Schedule
Your success is ours! This is our business model!
Small Sessions
Our conference includes small sessions of 30min each (20 minutes Talk + 5 minutes Q&A), delivered by speakers from all over the world, two panels, and various competitions. The following timetable is based on GMT.
Hour
Speaker
Talk
07:00 GMT
Welcome Talk
Welcome Talk
The conference will start with a short welcome talk. During this talk we will go over the schedule and provide more information about the various activities.
07:05 GMT
Nitin Jain
Backstage: The JavaScript Blueprint for Building Developer Platforms
Modern engineering teams juggle microservices, pipelines, docs, dashboards, and tools scattered everywhere. What developers really need is a single, consistent place to discover, build, deploy, and ship software — and that’s exactly the problem Spotify’s Backstage set out to solve.
In this talk, we’ll explore Backstage not just as an open-source project, but as a JavaScript and TypeScript blueprint for building scalable developer platforms. We’ll break down its architecture, tech stack, and plugin model, and see how React, TypeScript, and Node.js come together to power a truly extensible ecosystem.
More importantly, we’ll go beyond “what Backstage is” and focus on what we can learn from it:
– Clean configuration management patterns
– A powerful plugin architecture
– Mono-repo organization at scale
– Clear API boundaries between frontend and backend
– UI composition patterns that keep large React apps maintainable
– Templates and automation that standardize best practices
Whether you use Backstage or not, this session will give you practical insights into designing internal tools, improving developer experience, and building platforms that grow with your engineering team.
Come learn why Backstage is more than a portal — it’s a masterclass in modern JavaScript design.
07:35 GMT
Tamar (Twena) Stern
From Prompt to Production: Building Autonomous AI Agents in Node.js
AI and LLMs are some of the hottest topics in tech today. Many of us understand how LLMs work and how to use them—but what if we go a step further? In this talk, we’ll explore how to architect long-lived, multi-step AI agents that can reason, reflect, retry, use tools, and operate asynchronously—specifically in a Node.js environment. We’ll dive into building a real-world agent system in Node.js where LLMs serve as the core reasoning engine. Along the way, we’ll cover key architectural concepts such as tool use, long-term memory, and task state, event-driven workflows, concurrency, retries, and more. By the end of this session, you’ll understand how to design and implement autonomous AI agents in Node.js – beyond simple prompts and into fully orchestrated, intelligent systems.
08:05 GMT
Christopher Miller How Not To Build Your CLI’s
Are you tired of users successfully adopting your tools? Do you dream of a CLI so frustrating, so incomprehensible, that it actively repels all potential productivity? Then this session is for you! Join us for a provocative and deeply cynical look at the most egregious anti-patterns in command-line interface design. We will embrace these bad habits and dissect the architectural choices that guarantee a negative user experience, ensuring your brilliant application remains forever untouched. This is not a session on best practices; this is a comprehensive guide on how to implement every known pitfall, guaranteeing your CLI is universally disliked, unsupported, and unusable. By the end, you’ll have a playbook for turning a simple task into a torturous process, all while leveraging the full, painful power of Node.js.
08:35 GMT
Kilian Valkhof
INTL: The best browser API you’re not using
Browsers are shipping a massive API: INTL, which is chock-full of features most developer still do an NPM install for. The INTL API will save you time, effort and frustration, even if your site is only in a single language. Learn about all the wonderful built-in ways to deal with date formatting, lists, currencies, items and sentences in any language you can throw at the browser, without shipping literal megabytes of packages to your user.
09:00 GMT
First Break
First Break
09:30 GMT
Shivay Lamba
Bringing and Running AI Agents in the Browser
A growing number of web and JavaScript applications now rely on large language models (LLMs) and vector search/RAG (Retrieval-Augmented Generation) to deliver smarter, more intuitive user experiences. But the landscape is shifting once again. We’re entering the era of AI agents – a powerful paradigm that unifies multiple generative AI capabilities and streamlines how users interact with AI systems. By enabling agents to behave more like humans—making autonomous decisions, choosing tools, and solving tasks end-to-end—we move toward truly human-like, goal-driven automation. In this talk, we’ll begin with a concise overview of LLMs and RAG. From there, we’ll dive deeper into the architecture and capabilities of AI agents. We will learn how to use LLMs for targeted, specialized tasks, we will learn how tool-calling / function-calling works within agent workflows, and we will learn how agents independently select the right functions, APIs or data sources to ccomplish a user’s request efficiently and intelligently. We’ll also demonstrate how to build an AI agent that runs entirely in the browser, and compare that with building and running agents in the cloud. This session is designed for JavaScript developers, AI enthusiasts, and technical innovators who want to bring intelligent, autonomous capabilities into their web applications—and unlock the next generation of interactive user experiences.
10:00 GMT
Alon Mureinik
This DoS goes loop-di-loop – preventing DoS attacks in your Node.js application
Node.js’ single-threaded nature makes it very susceptible to DoS attacks. While Node.js’ event loop allows performing some operations in an asynchronous fashion, it’s still quite easy to write a vulnerable Node.js application by making a few simple mistakes. In this talk I’ll cover some common ways a Node.js application may be vulnerable to DoS attacks and some common best-practices and counter measures to defend against such attacks.
10:30 GMT
XtremeJS Competitive Programming
The XtremeJS Competitive Programming Contest
The competitive programming competition is a Kahoot-based contest with algorithmic challenges that test coding skills, logic, and speed in a fun, competitive format. Make sure you already have the Kahoot app installed on your mobile telephone.
11:00 GMT
XtremeJS Escape Room
The XtremeJS Escape Room
The Escape Room game takes place online. The participants in this game will need to find their way out by overcoming JavaScript-based challenges. The first one to escape out of the room is the winner.
11:30 GMT
Second Break
Second Break
12:00 GMT
Lukasz Nowak
Introduction to Load Testing
During this presentation, we will provide a comprehensive overview of the topic of load testing. We will explore its purpose, importance, and how it helps ensure system reliability under various conditions. Since there are several distinct types of load tests, we will describe the nature of each one, discuss when and why it should be applied, and outline the specific questions that each type is designed to answer. By the end of this session, you’ll have a clearer understanding of how load testing contributes to building stable and scalable software systems.
12:30 GMT
Georgii Perepechko
Boy Scout Rule in the Age of AI: Leaving Codebase Cleaner than You Found it
Artificial Intelligence is rapidly becoming embedded in developers’ workflows (from code-generation assistants to auto-refactoring bots) — and often the temptation is to rely on it blindly, which can lead to messy and brittle code with a lot of duplication. This talk explores how the “always leave the code cleaner than you found it” rule can be applied to modern code bases powered by AI. We will talk about concrete techniques like setting up and enforcing codebase standards, providing exhaustive context, linting, formatting, unit- and e2e-testing, refactoring code incrementally, and keeping docs up to date. By the end, you will have a toolkit of strategies to make sure your AI-assisted code is not only working — but also remains maintainable and readable.
13:00 GMT
Martin Henz
Full Disclosure – Visualizing JavaScript with the CSE Machine
Browser debuggers and tutoring tools show you where your code breaks, but not why JavaScript behaves the way it does. The Source Academy team has developed the CSE Machine, a visualization tool that exposes JavaScript execution at a granular level—from argument evaluation and closure creation to environment frame management—with interactive animation in your browser. This talk demonstrates how the CSE Machine handles scenarios that stump traditional tools: complex closure chains, loop variable capture, and scope puzzles. You’ll see live examples and leave with both a deeper mental model of JavaScript’s execution semantics and a practical tool for teaching and debugging.
13:30 GMT
XtremeJS Hackathon
XtremeJS Hackathon
An intense, fast-paced competition where participants race to solve a real-world programming challenge. Any tool, any library – even AI – is allowed. The first to build a working solution, submit the code, and deliver the correct result claims victory. A thrilling test of speed, creativity, and coding mastery.
14:00 GMT
Third Break
Third Break
14:30 GMT
Victor Lyuboslavsky
HTTP Message Signatures Demystified: Stronger Security for JavaScript
APIs power modern software, yet many still depend on weak security methods like API keys or bearer tokens. While simple, these approaches offer minimal real protection. Mutual TLS (mTLS) is far more secure but remains notoriously difficult to implement across public APIs and diverse client environments. What developers truly need is a security solution that is flexible, transparent, and resilient—strong enough to safeguard today’s distributed systems without adding unnecessary complexity.
.
15:00 GMT
Tanya Janca
30 Tips for Secure JavaScript
In this talk, we will cover 30 tips for writing more secure JavaScript, emphasizing what to do, what NOT to do, and utilizing open-source tooling to enhance security. JavaScript is not only the most popular web programming language, but it also faces security threats like XSS and code injection, meaning we need to ensure our JavaScript is tough, rugged, and secure. We’ll touch only upon items that are specific to JavaScript, as opposed to agnostic topics that apply to all languages, such as encryption or authentication. By the end, you’ll gain insights into selecting the best framework, adopting secure coding practices, and leveraging tools for web application security, catering to both seasoned developers and beginners seeking practical guidance.
15:30 GMT
XtremeJS Championship
XtremeJS Championship
We are going to have a Kahoot-based quiz competition. The competition will take place online, and it will include quiz questions. The points are given in each quiz question in accordance with the correctness and the speed of the answer. Make sure you already have the Kahoot app installed on your mobile.
16:00 GMT
Xperts Panel
XtremeJS Xperts Panel: The AI Revolution in Coding – Tools, Trends, and Tomorrow
Join leading experts for a thought-provoking discussion on how AI is reshaping software development. From agentic IDEs to spec-driven methodologies, the panel explores tools, trends, and the evolving role of developers in the age of intelligent coding. Audience interaction is encouraged. more info
Matteo Collina
Nick Taylor
Guillaume Blaquiere
16:25 GMT
Closure Talk
Closure Talk
This talk concludes the conference. During this 10 minutes talk we will also announce the winners in the various competitions XtremeJ included.
Your Success is Ours!
We will do our best to serve your needs! This is our business model!
