- PR Code Review Practices
- Defensive Programming / Application Security Best Practices
I had collected some points and created a list of some best practices for software development. I plan to refer to this list from time to time to help me become a better Engineer. Publishing the list so that others too may refer and get benefitted from this list.
- Learn & practice Design Patterns
- Practice KISS (Keep It Simple Stupid), DRY (Don't Repeat Yourself) design principles
- Practice Occam's Razor problem-solving principles; Occam's razor simply states that of any given set of explanations for an event occurring, the simplest one is most likely the correct one
- Always ask questions when in doubt. Do not assume anything, be explicit over being implicit.
- Remember, Explicit is better than implicit
- Don't be afraid to experiment, or to commit mistakes, however, you must learn from your mistakes quickly and ensure the same mistake does not happen again. Write test cases to protect yourself from common mistakes.
- Test everything (Only your code, not other people's code which you are referring, like external libraries)
- Keep learning, keep reading latest articles, books, watch tutorials, attend workshops, discuss with experts to update your knowledge and skillsets
- Keep practising Algorithms and Puzzles solving to improve your problems solving skills
- Document everything and don't forget to update those documents when information or relevant facts change
- Never ignore errors or exceptions. Always log your errors with full details sans sensitive information
- Log everything and store the logs a remote location for thorough analysis and for historical reference (Loggly/ELK Stack)
- Assign a transaction id to each log statement
- Increase transparency using smart logging
- Continuously analyze Performance of your code and your application
- Document your technical debts, and clear those debts as soon as the opportunity arrives
- Mark unfinished/incomplete part of the code, //TODO: (Technical Debt)
- Better yet, create a fresh ticket for these //TODO
- Document your application's API by using Swagger
- Periodically perform Security Audit of code/project (Very important)
- Always perform even-sided validation Client and Server-side validation both
- Comment code to explain intent, use doc comment to document the summary functionality of functions
- Keep comments relevant as your code evolves
- Don't use comments as an excuse for bad code. Keep your code clean
- Don't use clean code as an excuse to not comment at all
- Everyone in a team should use the same code formatting strategy (Same prettier configuration everywhere)
- Always pull/update before commit/push
- Put some extra effort to write a good commit message. You should describe your work briefly in the commit message. First line should be the work summary. Separate the subject from the body with a newline
- Within your PR comment write a brief overview of the functionality of your code, or why you did it the way you did it, if possible, write assumptions as well if there are any
- Update your Jira/Github Issue task item with actions/user stories, and development checklist
- Always make time to review other's code. Add constructive, helpful comments or solutions instead of just pointing out errors or mistakes. Code reading/reviewing improves your thought process and overall understanding of the project
- Always constructively criticize someone else's code if they ignore any coding best practices. Point out the specific "guideline" that is not being followed
- Always calculate estimates for tasks, add a 20% buffer to the estimate. Try to complete the task within the given estimated time. However, refrain from overestimating, and adjust your estimating strategies continuously to become adept at estimation.
- Always challenge yourself, keep updating your estimates, if your success rate is below 70%.
- Always tackle the hardest tasks first. Solve the most complicated problems first before solving easy tasks. However, you can always use opportunities as and when it arrives to pick low hanging fruits.
- Don't write code that you think you might need in future, but don't need yet
- Always remove unnecessary code, keep cleaning dead codes
- Fail fast and fail early. Check input and fail on nonsensical input or invalid state as early as possible, preferably with an exception or error response
- When in doubt, throw exceptions
- Write your code defensively. Always think about what can go wrong, what will happen on invalid input, and what might fail, which will help you catch many bugs before they happen
- If a function or method goes past 30 lines of code, consider breaking it up. The good maximum module size is about 500 lines. Test files tend to be longer than this
- Refactor whenever you see the need and have the opportunity to do so
- Make code correct first and fast second. Make sure your code is working as expected and tests are green; in the refactoring phase, you may optimize your code. When working on performance issues, always profile before making fixes
- Use meaningful and pronounceable variable names (Especially as Parameters)
- Functions should do one thing and one thing only. Practice Single Responsibility Principle
- Function names should say what they do
- Always Unit Test your Code (even for simple/quick fixes and one-liners)
- Writing code is easy, but reading it is hard, sometimes incomprehensible. So, write code as if you are writing poetry, your code should be easy to read
- Still, don't be too verbose in your coding. Remember, compact but comprehensive coding gives less surface area for bugs to hide in
- if you are using some reference code picked from some article or StackOverflow, always include the link beside the referenced code as a comment, so that reviewers can visit the link to understand why you did what you did
- Organize your files around product features/pages/components, not roles. Also, place your test files next to their implementation.
- Design a rollback solution for deployments
- Don't over-optimize your code, keep it open for extension
- Be stateless, kill your servers almost every day
- Serve frontend content using dedicated middleware (Nginx, S3, CDN)
- Good habits take some time to set in, so be vigilant and mindful about your habits; keep reading this list
NOTE: If you want to update this list, please comment, I'll incorporate your changes.