FAQ - We've Got You Covered

What is the HyperKit Template?

The HyperKit Template is a production-ready, enterprise-grade web application foundation that combines the performance of Fastify with battle-tested patterns for building modern business applications. It provides authentication, payments, admin dashboards, and security features out of the box, allowing you to focus on your business logic rather than infrastructure.

Who is this template for?

This template serves developers and teams who want to ship features quickly without sacrificing quality or security. It's particularly suited for:

Small to medium development teams building business applications
Agencies creating multiple client projects
Startups that need enterprise features without enterprise complexity
Experienced developers who want to focus on business logic, not boilerplate
Anyone tired of spending months setting up authentication, security, and infrastructure

What exactly is included?

You receive:

Complete source code for the entire template
30+ production-ready plugins
Authentication system with WebAuthn and OTP
Stripe payment integration
Admin dashboards and user management
Docker and deployment configurations
Comprehensive documentation
Example implementations and patterns
Testing infrastructure
Security configurations achieving A+ ratings

You own the code completely and can use it for unlimited projects. Modify it, extend it, build your business on it - it's yours.

How much development time does this actually save?

Based on real implementations: 2-4 months for a complete setup. Authentication systems typically take 2-3 weeks, security configuration 1-2 weeks, payment integration 2-3 weeks, admin interfaces 3-4 weeks, and deployment setup 1 week. The template provides all of this pre-configured and tested.

What's the licensing model?

You own the code completely. Use it for unlimited commercial projects, modify it however you want, no attribution required. The only restriction is you can't resell the template itself.

What is your refund policy?

We do NOT offer refunds. Please read this carefully:

Once you purchase the HyperKit Template, you receive the complete source code immediately. As a digital product containing intellectual property, we cannot "take back" the code once it's been delivered. Therefore, all sales are final.

We're completely transparent about what's included, our technology choices, and our opinionated approach. This entire FAQ exists to help you make an informed decision. Please:

Read through this FAQ thoroughly
Review the feature list and documentation
Ensure our technology choices align with your needs
Confirm your team is comfortable with our approach
Verify the template fits your project requirements

If you're unsure whether the template is right for you, please take more time to evaluate. We want you to be completely confident in your purchase decision. Once you have the code, the transaction is complete and cannot be reversed.

Why should I pay when there are free alternatives?

Time is money. Consider the real costs:

Building from scratch: 2-4 months of developer time (£20,000-40,000 at typical rates)

Free boilerplates: 2-4 weeks fixing gaps and adding security (£5,000-10,000)

Our template: 2-4 hours to productive development

You're not paying for code - you're paying for:

Tested configurations that work together
Security setup that passes enterprise audits
Documentation that actually helps
Patterns proven across production applications
Time to focus on your business logic

The template pays for itself within the first week of development time saved.

What if this becomes abandonware?

First, the technology choices ensure longevity:

Fastify is backed by major companies
Node.js has long-term support
JavaScript isn't going anywhere
The patterns are standard web development

Second, you receive complete source code. Even if we disappeared tomorrow (we won't), you have everything needed to maintain and extend your applications. No vendor lock-in, no proprietary systems.

Third, this is our business, not a side project. We use these patterns in production applications. We're invested in keeping it current and secure.

Why JavaScript instead of TypeScript?

Several practical reasons:

Fastify's dynamic plugin system works more naturally with JavaScript
No compilation step means faster development feedback loops
Stack traces point to actual source code, not compiled output
Testing ecosystem (Mocha, Chai, Sinon) works seamlessly without configuration
If you need TypeScript, the codebase can be converted - it's standard Node.js patterns

Why CommonJS instead of ESM?

CommonJS remains more practical for server-side applications: better testing ecosystem compatibility, no module resolution complexity, works with all npm packages without configuration. ESM benefits (tree shaking, static analysis) matter for frontend bundles, not server applications.

Why HTMX instead of React/Vue/Angular?

HTMX handles 90% of business application interactions without client-side complexity. For the remaining 10% requiring complex UI (charts, data grids), we use native JavaScript modules exactly where needed. This approach eliminates state synchronisation bugs, reduces bundle sizes, and improves SEO without sacrificing functionality.

Why Handlebars for templating?

Handlebars provides server-side rendering with automatic XSS protection, works without JavaScript, and integrates seamlessly with HTMX. Templates are readable by non-developers and don't require build tools. For complex components, we use native JavaScript modules where appropriate.

Why Fastify over Express?

Fastify's plugin system provides better code organisation and dependency injection. Built-in schema validation, automatic serialisation, and superior performance. The plugin architecture makes testing and modular development significantly easier.

Isn't 30+ plugins overwhelming?

This misunderstands how the plugin architecture works in practice:

Set and forget: 90% of plugins work invisibly after initial setup. Security headers, rate limiting, compression, caching - they just work.

You interact with 3-4: Routes (your business logic), templates (your UI), and data models. The rest is infrastructure.

Clear separation: Each plugin solves one specific problem well. When you need to modify authentication, you know exactly where to look.

Compare this to manually configuring 20+ packages in Express or dealing with the hidden complexity of a "simple" Next.js application. We've pre-configured everything professionally so you don't have to.

Why not use a modern framework like Next.js/Nuxt/SvelteKit?

We're solving different problems. Modern frameworks excel at building complex SPAs with heavy client-side state. We excel at building business applications that need to ship quickly and remain maintainable for years.

Their approach: Send a JavaScript virtual machine to handle everything

Our approach: Send HTML, enhance where beneficial

For most business applications, our approach results in faster development, better performance, and significantly lower maintenance burden. When you need complex client interactions, we integrate native JavaScript modules exactly where needed.

The multi-modal JavaScript approach seems inconsistent?

It's consistency in principles with flexibility in implementation:

90% of your app uses simple HTMX for standard CRUD
8% uses native JavaScript modules for complex interactions (charts, grids)
2% integrates external services via iframe

This isn't inconsistency - it's using the right tool for each job. You wouldn't use a sledgehammer to hang a picture or a tack hammer to demolish a wall. Same principle applies to web development.

How is the code organised?

Plugin-based architecture with clear separation: route plugins handle HTTP requests, server plugins contain business logic, utility plugins provide shared functionality. Each feature is self-contained in its own directory with routes, views, and tests.

How does authentication work?

WebAuthn/Passkeys for modern authentication, OTP fallback for compatibility. JWT tokens for session management, bcrypt for password hashing. No external dependencies - you own the entire authentication system.

How scalable is this architecture?

Stateless design enables horizontal scaling. Redis caching reduces database load. PM2 clustering utilises multiple CPU cores. Plugin boundaries make it straightforward to extract microservices later. The architecture has been proven in production applications serving millions of requests.

What's the testing approach?

Comprehensive test suite using Mocha, Chai, and Sinon. Unit tests for plugins, integration tests for routes, end-to-end tests with Playwright. Shared test fixtures prevent "too many listeners" issues. Tests run fast and provide good coverage without being brittle.

What security measures are implemented?

Comprehensive security headers, automatic CSP generation, rate limiting, input validation, XSS protection, CSRF tokens, secure session management, and SQL injection prevention. Achieves A+ ratings on Security Headers Scanner, SSL Labs, and Mozilla Observatory.

How does the automatic CSP work?

Script hashes are generated at application startup for all inline scripts. The CSP header is automatically constructed to allow these scripts while blocking everything else. Works seamlessly with HTMX and provides strict XSS protection without manual configuration.

Are these security claims verified?

Yes, by third-party scanners: Security Headers Scanner (A+), SSL Labs (A+), Mozilla Observatory (110/100), ImmuniWeb (A rating), and clean vulnerability scans from Pentest Tools.

What performance improvements can I expect?

Redis caching provides 10-100x improvement for database queries and computed results. Server-side rendering eliminates loading states. Minimal JavaScript reduces parse time. Automatic compression reduces bandwidth by ~70%. Typical Lighthouse scores: 95+ Performance, 100 SEO.

How does this compare to SPA frameworks?

Better initial page load times and SEO. Lower memory usage and CPU consumption. Simpler debugging and fewer runtime errors. For complex interactions requiring SPA behaviour, native JavaScript modules can be used exactly where needed.

How customisable is the template?

Completely customisable - it's standard Node.js code with clear patterns. Modify plugins, swap authentication methods, change styling frameworks, add or remove features. No vendor lock-in or proprietary abstractions.

Can I integrate this with existing applications?

Yes. The plugin architecture makes it straightforward to gradually adopt patterns or extract specific functionality. You can run the template alongside existing systems and migrate incrementally.

What if my team prefers different coding styles?

The template includes scripts to convert to semicolon style, add TypeScript, or use Prettier formatting. It's your code - configure it however makes your team productive.

How do I deploy this?

Includes Docker configurations for development and production, PM2 ecosystem files, and deployment scripts. Works with any cloud provider or VPS. Environment-based configuration makes it easy to deploy to multiple stages.

What if this becomes abandoned?

You have complete source code using standard technologies (Node.js, JavaScript, HTML, CSS). No proprietary dependencies or vendor lock-in. The patterns are based on stable web standards that will work for decades.

Do you provide support?

The template includes comprehensive documentation and examples. For specific technical questions, you can reach out via the provided channels, but this is a code template, not a supported service.

How do I stay updated with changes?

Updates and improvements are announced through our channels. Since you own the code, you can choose which updates to integrate based on your needs.

Components

Frequently Asked Questions