惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
O
OpenAI News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 三生石上(FineUI控件)
Webroot Blog
Webroot Blog
GbyAI
GbyAI
S
SegmentFault 最新的问题
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
J
Java Code Geeks
Google DeepMind News
Google DeepMind News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 【当耐特】
S
Secure Thoughts
酷 壳 – CoolShell
酷 壳 – CoolShell
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta
S
Security Affairs
H
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
D
DataBreaches.Net
云风的 BLOG
云风的 BLOG
Hugging Face - Blog
Hugging Face - Blog
Google DeepMind News
Google DeepMind News
Spread Privacy
Spread Privacy
T
Threatpost
Forbes - Security
Forbes - Security
C
Cisco Blogs
Scott Helme
Scott Helme
Attack and Defense Labs
Attack and Defense Labs
Simon Willison's Weblog
Simon Willison's Weblog
腾讯CDC
The Last Watchdog
The Last Watchdog
Cloudbric
Cloudbric
Last Week in AI
Last Week in AI
Recorded Future
Recorded Future
小众软件
小众软件
V
Vulnerabilities – Threatpost
美团技术团队
人人都是产品经理
人人都是产品经理
有赞技术团队
有赞技术团队
Apple Machine Learning Research
Apple Machine Learning Research
Hacker News - Newest:
Hacker News - Newest: "LLM"
I
Intezer
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 司徒正美
C
Cybersecurity and Infrastructure Security Agency CISA
Martin Fowler
Martin Fowler
博客园 - 聂微东

The Practical Developer

The Libuv Thread Pool Trap: Why Node.js Async APIs Stall Under Load Postgres Covering Indexes with INCLUDE: Eliminate Heap Fetches on Read-Heavy Workloads Postgres DISTINCT ON: The Fastest Way to Get the Latest Row Per Group Postgres Transaction Isolation: The Anomalies Your App Actually Faces in Production Linux TCP Tuning for Node.js Microservices: The Kernel Settings That Stop Silent Connection Drops Under Load Postgres HOT Updates and Fillfactor: Why Not All Writes Are Created Equal Database Connection Pool Leaks: Finding the Promise That Never Returns Its Seat Linux OOM Killer in Production: Why Your Node.js Containers Die Without a Stack Trace Postgres Materialized Views: Refresh Strategies That Do Not Lock Your Dashboards API Dependency Health Checks: Why /health Is Not Enough Authorization with Zanzibar Tuples: How Google Manages Permissions and How To Build the Same Check in Node.js Postgres Advisory Locks: The 20-Character Primitive That Replaces Redis for Coordination Dead Letter Queues: The Message Queue Pattern That Saves You at 2 a.m. File Descriptor Exhaustion: The Kernel Limit That Silently Drops Node.js Connections Graceful Degradation: The Pattern That Turns Total Outages into Partial Success PostgreSQL Full-Text Search: Dropping Elasticsearch for 90% of Use Cases S3 Presigned Multipart Uploads: Stop Your API Server from Being a File Upload Bottleneck MessagePack vs JSON: The Binary Serialization Switch That Cut Our Internal RPC Overhead by 40% DNS Caching in Node.js: The Silent Cause of Production Latency Spikes Reliable Cron Jobs: The Pattern That Stops Double Runs, Missed Executions, And The 2 AM Page GraphQL Query Complexity: Stop the OOM Query Before It Reaches Your Resolver Node.js Event Loop Lag: The Hidden Metric Behind Random Latency Spikes API Request Validation with Zod: The Schema That Catches Bad Input Before It Corrupts Your Database Load Shedding in Node.js: How to Reject Traffic Before You Drown Request Hedging: Cut Tail Latency In Half Without Overprovisioning Git Bisect: The Automated Binary Search That Finds Breaking Commits in Minutes Node.js Garbage Collection Tuning: Stop Letting V8 Pause Your Event Loop Node.js Server Timeouts: The Settings That Stop Slow Clients from Holding Sockets Hostage Postgres BRIN Indexes: The Time-Series Secret That Shrinks Indexes by 99% Event Sourcing with PostgreSQL: The Pragmatic 80% Solution Node.js Cluster Mode: Scaling the Event Loop Across CPU Cores Postgres Partial Indexes: Stopping Soft Deletes from Ruining Your Query Performance Request Coalescing with the Singleflight Pattern: Stop Drowning Your Database on Every Cache Miss The Bulkhead Pattern: Why One Slow Endpoint Should Not Drown Your Whole Service Node.js AsyncLocalStorage: End-to-End Request Context Without the Propagation Hell Postgres Deadlocks: Logging the Victim, Reproducing the Race, and Fixing the Lock Order Your Node.js HTTP Client Is the Bottleneck: Connection Pool Tuning That Works Optimistic Locking in Postgres: Stop Losing Data to Race Conditions Postgres Read Replicas: Stop Serving Stale Data to Your Users Cursor Pagination: Why Offset Queries Explode at Scale and How to Fix Them Node.js Worker Threads: 60 Lines That Stop a CSV Upload from Timing Out Every Other Request Reliable Webhook Delivery: Architecture for Outbound HTTP You Can Trust Request Timeouts and Deadline Propagation: Stop the Chain of Slowness Advanced Security Practices in Node.js Graceful Shutdown in Node.js: The 40 Lines That Stop 502s During Deploys Finding Node.js Memory Leaks with Heap Snapshots Idempotency Keys in 30 Lines: Stop Your Webhook From Charging Customers Twice Backpressure In Node.js: The Fix For Slow-Motion Queue Meltdowns Retries Done Right: Jitter, Budgets, and the Stampede You Did Not See Coming The Cache Stampede: Why Your "Just Add Redis" Layer Crashes Postgres at 3 a.m. Postgres SKIP LOCKED: An 80-Line Job Queue You Can Run Without Redis Stop Doing Work Nobody Wants: AbortController in Node.js, Done Right The N+1 Query Problem: We Found 23 In One Codebase And Killed Every One I Tried 5 AI Coding Tools for a Month. Here Is What I Actually Use CI/CD From Zero to Production in 30 Minutes With GitHub Actions Node.js vs Bun vs Deno: Which Runtime Should You Pick in 2025? Kubernetes Resource Requests And Limits: The Numbers That Decide If Your Cluster Is Stable The Three Pillars of Observability Are A Myth: What Actually Matters In Production pnpm Vs npm Vs yarn Vs Bun For Monorepos: Which One Earns The Migration In 2024 JSONB Indexing In Postgres: GIN Vs Expression Indexes, And When Each Is The Right Choice A Code Review Checklist That Ends The Same Three Arguments Every Sprint gRPC Vs REST In 2024: When The Switch Pays For Itself React Suspense For Data Fetching: The Pattern That Replaces Half Your Loading State Code The Five-Stage Rollout: How To Ship A Risky Change Without Holding Your Breath GitHub Actions In A Monorepo: Caching, Path Filters, And Secret Boundaries That Actually Work The Blameless Postmortem That Actually Improves Things: A Template And Six Hard-Won Rules Recursive CTEs In Postgres: How To Query A Tree Without N Round Trips Node.js Streams: When They Actually Help, And When They Just Add Complexity Playwright Vs Cypress In 2024: The Honest Comparison Of Which One Earns The Test Time React Server Components: The Mental Model That Makes The "use client" Boundary Obvious Pod Disruption Budgets: The K8s Object That Keeps Your Service Up During Cluster Maintenance Postgres LISTEN/NOTIFY: The Pub/Sub You Already Have And Are Not Using Chaos Engineering Starter Kit: The Five Drills That Don't Need Netflix-Scale Spec-Driven API Development With OpenAPI: How To Stop Drifting From Your Docs Kubernetes Autoscaling Beyond CPU: The Custom-Metric HPA Pattern That Actually Works Postgres Partitioning For Time-Series: The Boring Setup That Saves Your Database Distributed Locks With Redis: An Honest Look At Redlock And When You Don't Need It HTTP/2 vs HTTP/3: What Actually Changes For Your App, And What Doesn't Image Optimization For The Web In 2023: srcset, AVIF, And The Lighthouse Score You Actually Want Kafka vs RabbitMQ: A Decision Tree That Doesn't Hate You UUID vs Bigint Primary Keys In Postgres: The Index Math That Decides For You Flame Graphs: How To Find The Slow Function In 30 Seconds Without Profiling Theatre Postgres Streaming Vs. Logical Replication: Which One Solves Your Actual Problem ESLint Rules That Earn Their Keep: The Twelve I Enable On Every Project Pre-Commit Hooks That Pay For Themselves: Husky, lint-staged, And The Five Rules That Stick Zero-Downtime Database Migrations: The Six-Step Pattern That Rules Them All Circuit Breakers In Node.js: 50 Lines That Stop A Failing Dependency From Taking Down Your Service Postgres VACUUM Is Not Magic: How Your Hot Table Bloats To 80GB And How To Fix It Kubernetes Liveness And Readiness Probes: The Difference That Causes Half Your Outages Rate Limiting In Production: A Token Bucket In 30 Lines Of Redis The Outbox Pattern: How To Stop Losing Events When Postgres And Kafka Disagree Load Testing With k6: The Three Scenarios That Find Real Bugs (Not Synthetic Numbers) Postgres Row-Level Security For Multi-Tenant Apps: The Pattern That Stops You From Leaking Data Rebase vs. Merge: The Team Policy That Ends The Argument Forever OpenTelemetry in Node.js: Distributed Tracing That Actually Helps During an Incident Feature Flags That Pay Rent: The 4 Flag Types And When To Delete Each ETag, Last-Modified, and the Caching Headers Most APIs Get Wrong Connection Pooling Without the Cargo Cult: pgbouncer in 100 Lines of Config JSONB Is Not a Schema: When To Reach For It in Postgres, And When To Stop Bash Strict Mode: The Three Lines That Stop Your Deploy Script From Lying To You
Image Processing with Sharp: Build a Production-Grade Transformation API
The Practica · 2026-06-25 · via The Practical Developer

A user uploads a headshot from their iPhone. The raw file is 6.2MB, 4032x3024 pixels. Your server saves it to S3 byte-for-byte. Your blog hero renders it at 1200px wide scaled down in the browser with width: 100% CSS and the browser still downloads all 6.2MB because the <img> has no srcset and no server-side resize.

Then a hundred users do this. Then a thousand. Your S3 bill doubles, your page load times go from “fine” to “why is this so slow,” and your CI pipeline starts failing Lighthouse budgets you set last month.

This is the problem: modern phone cameras produce absurdly large files, and by default your backend will treat every pixel like it matters. It does not. A 4000px-wide photo displayed in an 800px container is 95% wasted bytes. The fix is not “tell users to resize their photos.” The fix is a server-side image processing pipeline that resizes, reformats, compresses, and caches every upload into every size your application actually needs.

Sharp is the fastest, most memory-efficient image processing library for Node.js, and it lets you build this pipeline with about 200 lines of code. No extra services, no Lambda@Edge, no external CDN transforms. Just a Fastify route, a Sharp pipeline, and a caching layer.

Why Sharp instead of everything else

There are a lot of ways to process images in Node.js. Here is how they compare.

jimp is pure JavaScript. It works everywhere and needs no native dependencies, but it processes a single large image in seconds instead of milliseconds and consumes enormous amounts of memory. Fine for a CLI tool that resizes one avatar. Not fine for a production API that handles concurrent uploads.

gm (GraphicsMagick / ImageMagick) spawns a child process for every transformation. That means process overhead, disk I/O for temp files, and no streaming. On a server handling 50 req/s, spawning 50 convert processes will exhaust your process table and spike CPU to 100% before you finish reading this sentence.

sharp uses the libvips C library under the hood and runs in the main Node.js process with zero subprocess overhead. It streams pixels through a pipeline, uses a memory pool that reuses allocations, and handles most operations without decompressing the entire image. A 4000x3000 JPEG resize to 800px takes about 40ms and uses under 30MB of RAM. Sharp is not the easy option. It is the only option that scales.

Library     | Lib/approach | Time (resize 6MB JPEG to 800px) | Peak memory
------------+--------------+----------------------------------+-------------
jimp        | Pure JS      | 3200ms                           | 180MB
gm          | Child proc   | 1200ms (plus process overhead)    | 120MB + subproc
sharp       | libvips      | 38ms                             | 28MB

The numbers speak for themselves. Use Sharp.

A simple transformation pipeline

Here is the core of the pipeline: an Express or Fastify route that accepts an image, processes it through Sharp, and returns the result. This example generates three sizes for every uploaded image.

import sharp from 'sharp';
import { randomUUID } from 'node:crypto';
import { writeFile, mkdir } from 'node:fs/promises';

interface ProcessedImage {
  original: string;
  sizes: { key: string; path: string; width: number }[];
}

const SIZES = [
  { key: 'thumbnail', width: 150, height: 150, fit: 'cover' as const },
  { key: 'medium', width: 600, height: 600, fit: 'inside' as const },
  { key: 'large', width: 1200, height: 1200, fit: 'inside' as const },
];

export async function processImage(
  inputBuffer: Buffer,
  uploadDir: string
): Promise<ProcessedImage> {
  const id = randomUUID();
  const dir = `${uploadDir}/${id}`;
  await mkdir(dir, { recursive: true });

  const metadata = await sharp(inputBuffer).metadata();
  const ext = metadata.format === 'png' ? 'png' : 'jpg';

  // Save the original
  const originalPath = `${dir}/original.${ext}`;
  await writeFile(originalPath, inputBuffer);

  const sizes: ProcessedImage['sizes'] = [];

  for (const size of SIZES) {
    const outputPath = `${dir}/${size.key}.jpg`;
    const pipeline = sharp(inputBuffer)
      .resize(size.width, size.height, { fit: size.fit, withoutEnlargement: true })
      .jpeg({ quality: 80, mozjpeg: true });

    await pipeline.toFile(outputPath);
    sizes.push({ key: size.key, path: outputPath, width: size.width });
  }

  return { original: originalPath, sizes };
}

A few details worth calling out:

  • withoutEnlargement: true stops Sharp from upscaling small source images to the requested dimensions. If someone uploads a 100px avatar, you do not want to stretch it to 1200px and ship a blurry mess.
  • fit: 'cover' crops the image to exactly fill the requested dimensions (great for square thumbnails). fit: 'inside' preserves the aspect ratio and fits the image within the bounding box (good for responsive content images).
  • mozjpeg: true enables Mozilla’s JPEG encoder, which produces 10-15% smaller files at identical quality settings compared to baseline libjpeg. It is slightly slower but the bandwidth savings are worth it for stored outputs.

Streaming the input instead of buffering

The example above reads the entire input buffer into memory before processing. For a few hundred kilobytes that is fine. For a 20MB panorama from an iPhone, you just allocated memory for the buffer, Sharp’s internal copy, and the output buffer. Three copies of a 20MB file in memory at once.

The fix is to stream the input directly into Sharp so it processes pixels as they arrive and never holds the whole file in memory at once.

import { createWriteStream, createReadStream } from 'node:fs';
import { Readable } from 'node:stream';
import sharp from 'sharp';

async function processImageStreamed(
  inputStream: Readable,
  uploadDir: string,
  id: string
): Promise<void> {
  const dir = `${uploadDir}/${id}`;
  await mkdir(dir, { recursive: true });

  // Pipeline: input stream -> sharp -> output file
  const transform = sharp()
    .resize(1200, 1200, { fit: 'inside', withoutEnlargement: true })
    .jpeg({ quality: 80, mozjpeg: true });

  const output = createWriteStream(`${dir}/large.jpg`);

  await new Promise<void>((resolve, reject) => {
    inputStream
      .pipe(transform)
      .pipe(output)
      .on('finish', resolve)
      .on('error', reject);
  });
}

Sharp is a transform stream that accepts a readable stream as input and produces a readable stream of the processed output. This means you can pipe an HTTP request body, an S3 download stream, or a database read stream directly through Sharp without ever writing the raw bytes to disk first.

Format detection and WebP/AVIF conversion

The format you save matters more than any other optimization choice. JPEG at quality 80 is a good baseline, but WebP at quality 75 is typically 25-30% smaller at the same perceptual quality, and AVIF at quality 60 can cut file size in half compared to JPEG.

Sharp supports all three formats. Here is a format-aware variant that picks the best output format based on the Accept header from the client.

type OutputFormat = 'jpeg' | 'webp' | 'avif';

function pickFormat(acceptHeader: string | undefined): OutputFormat {
  if (!acceptHeader) return 'jpeg';

  if (acceptHeader.includes('image/avif')) return 'avif';
  if (acceptHeader.includes('image/webp')) return 'webp';
  return 'jpeg';
}

Then apply the chosen format to the Sharp pipeline:

async function transformImage(
  input: Buffer,
  width: number,
  acceptHeader?: string
): Promise<{ data: Buffer; format: OutputFormat }> {
  const format = pickFormat(acceptHeader);
  const pipeline = sharp(input)
    .resize(width, width, { fit: 'inside', withoutEnlargement: true });

  switch (format) {
    case 'avif':
      pipeline.avif({ quality: 60, effort: 4 });
      break;
    case 'webp':
      pipeline.webp({ quality: 75 });
      break;
    default:
      pipeline.jpeg({ quality: 80, mozjpeg: true });
  }

  const data = await pipeline.toBuffer();
  return { data, format };
}

Now the caller sets Content-Type based on the returned format and the browser gets the smallest possible file for its supported formats.

Caching transformed images

Generating every transformation on every request is wasteful. If the same 1200px JPEG of the same source image was already generated once, it should be served from a cache until the source changes.

The simplest production caching strategy for image transforms is content-addressable keys. Hash the source image identifier and the transform parameters, and use that hash as the cache key.

import { createHash } from 'node:crypto';

function cacheKey(imageId: string, width: number, format: string): string {
  return createHash('md5')
    .update(`${imageId}:${width}:${format}`)
    .digest('hex');
}

Store the result in S3 with that key as the object path. On the next request, check S3 first. If the object exists, redirect the client directly to the S3 URL with a long Cache-Control header. Skip the Sharp pipeline entirely.

const OBJECT_CACHE = '86400'; // 24 hours in seconds

async function getOrCreateImage(
  sourceId: string,
  width: number,
  acceptHeader?: string
): Promise<{ url: string; cacheHit: boolean }> {
  const format = pickFormat(acceptHeader);
  const key = `processed/${cacheKey(sourceId, width, format)}.${format}`;

  try {
    // Check S3 for an existing transform
    await s3.headObject({ Bucket: BUCKET, Key: key }).promise();
    const url = s3.getSignedUrl('getObject', {
      Bucket: BUCKET,
      Key: key,
      Expires: 86400,
    });
    return { url, cacheHit: true };
  } catch {
    // Not cached -- generate the transform
    const sourceBuffer = await loadSourceImage(sourceId);
    const { data } = await transformImage(sourceBuffer, width, acceptHeader);
    await s3
      .putObject({
        Bucket: BUCKET,
        Key: key,
        Body: data,
        ContentType: `image/${format}`,
        CacheControl: `public, max-age=${OBJECT_CACHE}`,
      })
      .promise();
    const url = s3.getSignedUrl('getObject', {
      Bucket: BUCKET,
      Key: key,
      Expires: 86400,
    });
    return { url, cacheHit: false };
  }
}

A CDN (CloudFront, Cloudflare, Fastly) sits in front of the S3 bucket and caches the response at the edge. After the first request for a given transform, every subsequent request anywhere in the world hits the edge cache. The Sharp pipeline runs exactly once per unique transform.

Two edge cases to plan for:

  • Cache invalidation. If the source image changes, you need to delete all cached transforms derived from it. Store a manifest file mapping source IDs to cache keys, or use the source image’s lastModified timestamp as part of the cache key so a new upload produces a new hash automatically.
  • Thundering herd on cache miss. If fifty clients request the same uncached transform simultaneously, your Sharp worker could get hammered. Use a mutex based on the cache key (Redis SET NX or a Postgres advisory lock) so only one worker generates the transform and the rest wait for the cached result.

Rate limiting expensive operations

Not all transformations are equal. Resizing a 20MB TIFF to 2000px uses 100x more CPU and memory than converting a 200KB JPEG to a 150px thumbnail. Use a resource-based rate limiter that accounts for input dimensions.

interface TransformRequest {
  inputWidth: number;
  inputHeight: number;
  outputWidth: number;
}

function estimateCost(req: TransformRequest): number {
  const inputMegapixels = (req.inputWidth * req.inputHeight) / 1_000_000;
  const reductionFactor = Math.max(
    1,
    (req.inputWidth * req.inputHeight) /
      (req.outputWidth * req.outputWidth)
  );
  return Math.round(inputMegapixels * reductionFactor);
}

Then use a token bucket or sliding window that deducts the estimated cost from the user’s budget per-second instead of counting flat requests.

Putting it all together — a complete Fastify route

Here is a full route that ties everything together: parse the multipart upload, validate dimensions and format, process through Sharp, cache the result, and return a URL.

import Fastify from 'fastify';
import multipart from '@fastify/multipart';
import sharp from 'sharp';
import { randomUUID } from 'node:crypto';

const app = Fastify({ logger: true });
app.register(multipart, { limits: { fileSize: 20 * 1024 * 1024 } });

app.post('/images', async (request, reply) => {
  const data = await request.file();
  if (!data) {
    return reply.status(400).send({ error: 'No file uploaded' });
  }

  // Validate content type before processing
  const allowedTypes = ['image/jpeg', 'image/png', 'image/webp', 'image/tiff'];
  if (!allowedTypes.includes(data.mimetype)) {
    return reply.status(415).send({ error: 'Unsupported image format' });
  }

  // Buffer the file for metadata extraction
  const buffer = await data.toBuffer();
  const metadata = await sharp(buffer).metadata();

  if (!metadata.width || !metadata.height) {
    return reply.status(400).send({ error: 'Could not read image dimensions' });
  }

  // Reject images that are too large to process
  const megapixels = (metadata.width * metadata.height) / 1_000_000;
  if (megapixels > 50) {
    return reply
      .status(413)
      .send({ error: 'Image too large. Maximum 50 megapixels.' });
  }

  const imageId = randomUUID();

  // Generate all required sizes
  const results = await Promise.all(
    SIZES.map(async (size) => {
      const pipeline = sharp(buffer)
        .resize(size.width, size.height, {
          fit: size.fit as keyof sharp.FitEnum,
          withoutEnlargement: true,
        })
        .jpeg({ quality: 80, mozjpeg: true });

      const outputBuffer = await pipeline.toBuffer();
      const s3Key = `images/${imageId}/${size.key}.jpg`;

      await s3
        .putObject({
          Bucket: BUCKET,
          Key: s3Key,
          Body: outputBuffer,
          ContentType: 'image/jpeg',
          CacheControl: 'public, max-age=31536000, immutable',
        })
        .promise();

      return { key: size.key, width: size.width, s3Key };
    })
  );

  return reply.status(201).send({
    id: imageId,
    sizes: results,
    urls: results.map(
      (r) => `https://cdn.example.com/${r.s3Key}`
    ),
  });
});

app.listen({ port: 3000 });

The Cache-Control: public, max-age=31536000, immutable on the stored object tells both CDNs and browsers that this URL will never change. If you regenerate the image (different quality, new format), write it to a new path so the old cache entry is never incorrectly reused.

Error handling patterns for image processing

Image processing has failure modes that normal request handlers do not. Here are the three most common and how to handle them:

Corrupted or truncated input. A user uploads half a JPEG before their connection drops. Sharp will throw a SharpException when it tries to parse the stream. Catch it specifically and return a 422 with a clear message so the client knows to retransmit.

try {
  const result = await sharp(buffer).resize(800).jpeg().toBuffer();
} catch (err) {
  if (err instanceof Error && err.message.includes('Input file')) {
    return reply.status(422).send({ error: 'Corrupted image file' });
  }
  throw err;
}

Out of memory on large images. A 100MP TIFF can exhaust Node’s heap even with Sharp’s streaming. Set an upfront megapixel gate (the megapixels > 50 check above) and return a 413 before Sharp even starts. That check costs microseconds from the metadata call and prevents allocating buffers you cannot hold.

Filesystem full or permission error. The toFile call writes to disk. If the disk is full, Sharp throws. Log the error, send a 500, and monitor disk usage separately.

The practical takeaway

Server-side image processing is not optional for a production application that accepts user uploads or generates thumbnails. Serving raw phone-camera JPEGs through an unoptimized pipeline is the single largest wasted-bandwidth opportunity in most web applications.

Sharp gives you a streaming, memory-efficient, format-aware pipeline that handles every common case with minimal code. Pair it with an S3-backed content-addressable cache and a resource-based rate limiter, and you can serve images at every breakpoint your layout needs without burning CPU on redundant transformations or spending money on a dedicated image service.

The key decisions in order of impact: (1) use Sharp, not a subprocess-based library, (2) cache every transform by content-addressable key, (3) detect Accept and serve WebP/AVIF when the client supports it, and (4) gate on megapixels before processing to avoid OOM crashes.

If you are currently serving raw uploads through <img src="/uploads/IMG_1234.jpg"> with no server-side resize, your Lighthouse score is bleeding bytes on every page load. The fix is an afternoon of Sharp code and an S3 bucket.

A note from Yojji

Building a production-grade image pipeline means thinking about streaming, caching, format negotiation, resource limits, and error handling as a single system rather than a collection of one-off scripts. That kind of infrastructure thinking, where bandwidth and memory budgets are designed in from the start rather than patched after the bill arrives, separates teams that ship features from teams that ship reliable features. Yojji is an international custom software development company founded in 2016, with offices in Europe, the US, and the UK. Their senior engineering teams specialize in the JavaScript ecosystem (React, Node.js, TypeScript), cloud platforms (AWS, Azure, Google Cloud), and full-cycle product delivery from discovery through DevOps and production operations.