To go about what? Narrow your focus - what do you want to accomplish? The answer can't be "Build Netflix". What's the smallest thing you want to do?

The first question is always.... What are your user needs? That will help you see if you need to serve mobile users, low-bandwidth users, app users, or someone else. It is also worth considering - what do your users want that your competitors don't provide? Only then can you start looking at technology solutions.

Done. Cheers :-)

I've found a minor security bug in Hashnode - who can I report it to?

I'm going to respectfully disagree with the other answers. Jobs are hard to come by, and sometimes we have to stay in abusive relationships in order to put food on the table. Your long term plan should be to leave this company, or get them to change their policies. Your short term plan is this: Set up 2FA on GitHub . Use a token rather than SMS if possible. Change your GitHub password to a random string of letters, numbers, and symbols. Make sure it is different from every other password you use for other services. If your employer threatens you into handing it over, you can do so in relative safety. Your employer will not be able to log in without your 2FA code, and you'll be able to check for failed login attempts . To be clear - this is not a long term practical solution. If you work in a large company, you should contact their information security team. If you work in a regulated environment, you should discuss this with your regulators. If you are being threatened or bullied, talk to your Trade Union to see how they can help. And, of course, start looking for a new job. Ultimately, no, you shouldn't have to hand over your password. But 2FA will give you some protection and some breathing room until you can find a better solution.