DEV Community

Cover image for NodeJS top 10 things to note when developing
chrdek
chrdek

Posted on

NodeJS top 10 things to note when developing

NodeJS top 10 listing


I've already been working with node for some time and I have gathered a small listing of things that I (or some web developers) might find important and would be useful to share online.

Here is a list of the top 10 things to be aware of when using Node:
1. Use nvm whenever possible to make it easier to track multiple node instances in your environment.

2. If you are going to use npm for installations behind a proxy, make sure you have the environment settings globally applied on .npmrc for your running instance via npm config.

3. Do not over-burden your plugin system with a lot of unnecessary features, check the dependencies first on npm (if avail).

4. Use npm ls | grep "dep@version"(bash) or npm ls | findstr "dep@version"(cmd) to easily filter relevant packages on npm when the installation list grows too large.

5. Check for package-lock.json files first when you have issue with a package or after running npm update to make sure you have non-corrupt modules. Delete *-lock.json and files only when dependencies break your npm. Currently package-lock.json is overwritten by default.

6. Compatibility checks on minor versions for newly added packages are easily applied by using npm update instead of npm install.

7. Do not use --force installs before checking for incompatibility between already installed modules, especially when running your build alongside a testing/build platform (e.g. mocha, commonjs or webpack).

8. When using raw html rendering via a templating engine such as jade or ejs be sure to properly escape characters in your template file to prevent injected malicious code.

9. Make sure you scan your default packages directory for vulnerabilities to keep your installations up-to-date with relevant security changes.

10. Node v12+ supports ES6 modules via usage of "type":"module" in the package.json file or including it as an *.mjs extension. Loading is done via import mod from './modulename' instead of require('./modulename').

Oldest comments (0)