[Beta] Back-end challenges feedback

While the back end text tutorials are richer than the rest of the curriculum (not only well written but touches subjects that are usually hard to find on your own), the projects are quite lackluster.

The information provided is excellent, but the projects don’t force you to use that information, let me explain:
In the API projects you read about mongodb, mongoose and express, but at the end of the day you barely use mongoose, you never create a CRUD using everything that you learned and most of your projects follow the same pattern of giving a simple JSON response using express. All of that excellent information you just read about is left untouched, none of the API projects make use of that knowledge.

This leads into another huge problem, the security projects. While in the API projects you didn’t do much with mongoose/mongo, here in the security projects you will start doing CRUD projects, at the price of not doing security projects. The security measures you have to take usually boildown to the simple use of the helmet middleware.
The problem with that is that this curriculum teaches you about hashing, serialization, sessions, authentication and many other very important and interesting aspects of security that are just not the focus of the projects. The Security projects seem to fit more in the API area, since they actually deal with mongoDB.

Another problem of the security projects is that the user stories seem to imply that you should use the Freecodecamp test suite, but that doesn’t make a lot of sense, since the purpose of this curriculum is to teach you security and TDD. if you use the FCC test suite you won’t be learning TDD at all, but that may be a beta problem with the user stories needing revision.

I believe the projects should reflect what the curriculum is trying to teach you, and while the other 4 curriculums do a great job of that, at the back end this reflection disappears. If in the api project we had 5 projects, one for each aspect of the CRUD and the fifth one dealing all 4 operations, we could probably have a much more interesting security/quality assurance batch of projects, with a focus on password hashing, fullstack website construction, TDD, authentication, sessions, etc…
Instead what we have is a API curriculum that teaches you mongo but doesn’t enforce it, and a security/TDD curriculum that teaches you all about it, but doesn’t make you do anything with that knowledge.