loading...

An enterprise-style Node.js REST API setup with Docker Compose, Express and Postgres

Hugo Di Francesco on April 24, 2019

The why and how of enterprise-style Node.js application. A setup that’s easy to test and extend using battle-hardened technologies like Express.js,... [Read Full]
markdown guide
 

Is there a specific reason you use npm install as opposed to npm ci? The ci command has the advantage that it installs the exact versions that are specified in package-lock.json so your get repeatable builds.

 

Definite oversight on my part 🙂 thanks for pointing it out

 

Hi Hugo,
the way you specified your queries (with template strings), doesn't make your vulnerable to db attacks like SQL Injection?

I also noticed that in order to specify the querie with template strings you used an external lib. That lib just translates the template string into a prepared statement, right?

 

Yes it does, ergonomics of templates with prepared statements.

 

It’s best if you use Typescript and pg-promise as they are more enteprise-like choices

 

Re TypeScript I didn't want to add a build step in.

Pg-promise I just picked any old Postgres client they're all pretty solid.

code of conduct - report abuse