Achieving Efficiency and Effectiveness in NodeJs/Full Stack Development Pt2

In this second part to our Blog on Developing solutions efficiently and effectively , we continue to look at the key Best Practices methods and approaches that each and every NodeJs project should consider and adopt if it wants to meet those business goals.

In the First Part we looked at Version Control, Common Coding Standards, Application Structure, Testing,  and Monitor Performance

In this second part, we continue and consider the key areas of Security, Syntax & Linting, Optimise, Logging and CD/CI.

6. Security

It’s important to make sure that your application follows all the best practices for security, A brief overview is outlined below, but a more detailed examination of the key processes, guidelines, baselines and policies that cover application development will be covered later. Key things to look out for, as part of securing "Data at Rest", "Data in Use" and "Data in Transit" ;-

• Ensuring secure authentication & authorisation of users and access to sensitive data.
• Using HTTPS for all communications and encrypting any sensitive data stored in databases.
• Limiting access to only trusted users with proper privileges.
• Using built-in Node.js security features such as secure cookies and CSRF tokens.
• Validating user input by using libraries such as Sanitizer and preventing SQL injections by using parameterised queries.
• Patching: Keeping all dependencies up to date, including Node.js itself, as well as any third party modules used within the application.
• Regularly scanning applications for vulnerabilities, such as with a Static or Dynamic application security testing tool set.

Security design should be included into every step of the development cycle, testing/challenging at each and every delivery step of the lifecycle. Integrating Security assurance into the delivery process is key, and driving, supporting or enhancing the security posture is important to ensure quality, reliability ( Confidentiality, Integrity and Availability ).

7. Syntax & Linting

Linting tools can be used to help ensure  code follows the coding standards and is free of errors. These tools can be used to automatically check for any errors or issues, and help find them quickly. Running  through  source code and find issues relating to formatting irregularities, developer bugs, bad practices and style/syntax errors is time consuming and likely to fail if left to a 'manual' process. Common tools include JSLint, standardJS, JSHint, and ESLint.

8. Optimise

Optimising  code will make it run faster and more efficiently, improving user experience. It can involve cleaning up unnecessary or improving existing code, to improve  response times of applications, lower latency, error handling , throughput, and minimize CPU and memory resources. A number of areas you should consider includes;-:

• Asynchronous Functions
• Avoid Sessions and Cookies
• Database Queries
• Clustering
• Reduce TTFB (Time to First Byte)
• Error Trapping, Logging & Monitoring
• Use HTTP/2
• Multi-thread/Parallel Execution

We will look at these all in more detail later, but for now this gives you an overview of the areas that should be considered and factored into your application design.

9. Logging

Logging is essential for debugging Node.js applications. It can help track down  errors or issues quickly and easily. It should be implemented at all levels of the application, from the front  to back, Up and down the solution stack, and include all supporting components ( eg Middleware, proxy servers, database etc ).

10. CD/CI

Continuous Delivery/Continuous Integration help ensure that any changes made to the application are tested and check rapidly, reducing issues from occurring in production . CD/CI can also be used to measure progress, for teams to co-ordinate, and for a constant feed back as to quality, compliance and success. It has become critical in the modern delivery team to ensure performance, and to drive agility in the delivery cycle.

Summary

Each and every project requires careful tailoring (adaption) of these "Best Practises" to ensure the smoothest adoption, and best performance. Version Control, Common Coding Standards, Application Structure, Testing,  Monitor Performance,  Security, Syntax & Linting, Optimize, Logging and CD/CI should all be agreed and established as part of the project charter, and owned by the project & technical leadership. While tooling and process will often remain constant, each team within each project will have a different set of goals, priorities and skills/experiences - leading to the need to ensure the right alignment of each of these delivery methods against the project and the team. As part of the on-boarding process, each delivery team member should be made aware of their responsibilities, and in some cases trained to ensure they are able to fully adopt and help drive maturity in adoption.

Developing complex enterprise scale solutions efficiently and effectively, keeping costs under control, risks managed and deliveries on time, requires a focus on process, quality and standards. To achieve predictability, and agility these "Best Practises" methods and approaches should be adapted and adopt into your delivery process to help ensure business goals are met.