August 18, 2016
Some tips and tricks when coding NodeJS:
(Caution: highly opinionated thoughts follow)
- keep code tidy with "jscs" (decide on a style guide and find or make a jscs template for it) and "jshint" or "eslint"
- use "slow-deps" to find out which packages are slowing down your "npm install" (possibly "jscs" - consider installing it globally) - more info on "slow-deps"
- lock down your package versions, and their dependencies verisons, with "shrinkwrap" (this is good for stability and security!)
- scan your dependencies regularly for security issues, using tools like "snyk" (pronounced "sneak") or "nsp" - I made a docker image for this
- "vax" will help with some other security stuff - run it
- "you can't manage what you don't monitor"... run a "statsd" server to gather metrics on events, actions and durations in your app - I made a docker image to help with this during development
- improve console debug/output/start-up output with "cli-tables" and "colors" - personally I like to (programmatically) print out all of the endpoints an application exposes... which saves on external documentation
- "expressjs" is popular, but "restify" lets you add all kinds of extra metadata on to your routes which you can then act on (easier permission handling, debug data output, etc)
- make use of "sinon"s "sandbox" functionality to easily stub and reset object properties and methods (for testing in isolation) - and "istanbul" makes code coverage easy
- restrict and validate data with "joi" - note: it does not prevent SQL Injection or HTML characters in strings, that's on you (take a look at "striptags" and "xss")
- update your packages more easily with "npm-check" (run with "-Ue")
- "pnpm" attempts to speed up "npm install" by downloading in parallel, but I had some issues (seemingly race conditions) - might be worth keeping an eye on and trying
- be aware of some of the unicode issues: https://www.youtube.com/watch?v=qFfjJ8pOrWY