思维导图备注

Node.js Best Practices
首页 白天 夜间 BookChat 小程序 小程序 阅读
  • 书签 我的书签
  • 添加书签 添加书签 移除书签 移除书签

5. Going To Production Practices

 来源:goldbergyoni 浏览 678 扫码 分享 2021-01-03 13:52:14
  • 5.1. Monitoring
  • 5.2. Increase transparency using smart logging
  • 5.3. Delegate anything possible (e.g. gzip, SSL) to a reverse proxy
  • 5.4. Lock dependencies
  • 5.5. Guard process uptime using the right tool
  • 5.6. Utilize all CPU cores
  • 5.7. Create a ‘maintenance endpoint’
  • 5.8. Discover errors and downtime using APM products
  • 5.9. Make your code production-ready
  • 5.10. Measure and guard the memory usage
  • 5.11. Get your frontend assets out of Node
  • 5.12. Be stateless, kill your servers almost every day
  • 5.13. Use tools that automatically detect vulnerabilities
  • 5.14. Assign a transaction id to each log statement
  • 5.15. Set NODE_ENV=production
  • 5.17. Use an LTS release of Node.js
  • 5.18. Don’t route logs within the app
  • 5.19. Install your packages with npm ci
当前内容版权归 goldbergyoni 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 goldbergyoni .
上一篇:
下一篇:
  • 书签
  • 添加书签 移除书签
  • Node.js Best Practices
  • 1. Project Structure Practices
    • 1.1 Structure your solution by components
    • 1.2 Layer your components, keep the web layer within its boundaries
    • 1.3 Wrap common utilities as npm packages
    • 1.4 Separate Express ‘app’ and ‘server’
    • 1.5 Use environment aware, secure and hierarchical config
  • 2. Error Handling Practices
    • 2.1 Use Async-Await or promises for async error handling
    • 2.2 Use only the built-in Error object
    • 2.3 Distinguish operational vs programmer errors
    • 2.4 Handle errors centrally, not within a middleware
    • 2.5 Document API errors using Swagger or GraphQL
    • 2.6 Exit the process gracefully when a stranger comes to town
    • 2.7 Use a mature logger to increase error visibility
    • 2.8 Test error flows using your favorite test framework
    • 2.9 Discover errors and downtime using APM products
    • 2.10 Catch unhandled promise rejections
    • 2.11 Fail fast, validate arguments using a dedicated library
    • 2.12 Always await promises before returning to avoid a partial stacktrace
  • 3. Code Style Practices
    • 3.1 Use ESLint
  • 4. Testing And Overall Quality Practices
    • 4.2 Include 3 parts in each test name
    • 4.3 Structure tests by the AAA pattern
    • 4.5 Avoid global test fixtures and seeds, add data per-test
    • 4.11 Refactor regularly using static analysis tools
    • 4.12 Carefully choose your CI platform (Jenkins vs CircleCI vs Travis vs Rest of the world)
    • 4.13 Test your middlewares in isolation
  • 5. Going To Production Practices
    • 5.1. Monitoring
    • 5.2. Increase transparency using smart logging
    • 5.3. Delegate anything possible (e.g. gzip, SSL) to a reverse proxy
    • 5.4. Lock dependencies
    • 5.5. Guard process uptime using the right tool
    • 5.6. Utilize all CPU cores
    • 5.7. Create a ‘maintenance endpoint’
    • 5.8. Discover errors and downtime using APM products
    • 5.9. Make your code production-ready
    • 5.10. Measure and guard the memory usage
    • 5.11. Get your frontend assets out of Node
    • 5.12. Be stateless, kill your servers almost every day
    • 5.13. Use tools that automatically detect vulnerabilities
    • 5.14. Assign a transaction id to each log statement
    • 5.15. Set NODE_ENV=production
    • 5.17. Use an LTS release of Node.js
    • 5.18. Don’t route logs within the app
    • 5.19. Install your packages with npm ci
  • 6. Security Best Practices
    • 6.1. Embrace linter security rules
    • 6.2. Limit concurrent requests using a middleware
    • 6.3 Extract secrets from config files or use packages to encrypt them
    • 6.4. Prevent query injection vulnerabilities with ORM/ODM libraries
    • 6.5. Collection of generic security best practices
    • 6.6. Adjust the HTTP response headers for enhanced security
    • 6.7. Constantly and automatically inspect for vulnerable dependencies
    • 6.8. Protect Users’ Passwords/Secrets using brypt or scrypt
    • 6.9. Escape HTML, JS and CSS output
    • 6.10. Validate incoming JSON schemas
    • 6.11. Support blacklisting JWTs
    • 6.12. Prevent brute-force attacks against authorization
    • 6.13. Run Node.js as non-root user
    • 6.14. Limit payload size using a reverse-proxy or a middleware
    • 6.15. Avoid JavaScript eval statements
    • 6.16. Prevent evil RegEx from overloading your single thread execution
    • 6.17. Avoid module loading using a variable
    • 6.18. Run unsafe code in a sandbox
    • 6.19. Take extra care when working with child processes
    • 6.20. Hide error details from clients
    • 6.22. Modify session middleware settings
    • 6.24. Prevent unsafe redirects
    • 6.25. Avoid publishing secrets to the npm registry
  • 7. Draft: Performance Best Practices
    • 7.1. Don’t block the event loop
    • 7.2. Prefer native JS methods over user-land utils like Lodash
  • 8. Docker Best Practices
    • 8.1 Use multi-stage builds for leaner and more secure Docker images
    • 8.2. Bootstrap using ‘node’ command, avoid npm start
    • 8.3. Let the Docker runtime handle replication and uptime
    • 8.4. Use .dockerignore to prevent leaking secrets
    • 8.5. Clean-up dependencies before production
    • 8.6. Shutdown smartly and gracefully
    • 8.7. Set memory limits using both Docker and v8
    • 8.8. Plan for efficient caching
    • 8.9. Use explicit image reference, avoid latest tag
    • 8.10. Prefer smaller Docker base images
    • 8.11. Clean-out build-time secrets, avoid secrets in args
    • 8.12. Scan images for multi layers of vulnerabilities
    • 8.13 Clean NODE_MODULE cache
    • 8.14. Generic Docker practices
    • 8.15. Lint your Dockerfile
暂无相关搜索结果!

    本文档使用 BookStack 构建

    展开/收起文章目录

    分享,让知识传承更久远

    文章二维码

    手机扫一扫,轻松掌上读

    文档下载

    • 普通下载
    • 下载码下载(免登录无限下载)
    你与大神的距离,只差一个APP
    APP下载
    请下载您需要的格式的文档,随时随地,享受汲取知识的乐趣!
    PDF文档 EPUB文档 MOBI文档
    温馨提示 每天每在网站阅读学习一分钟时长可下载一本电子书,每天连续签到可增加阅读时长
    下载码方式下载:免费、免登录、无限制。 免费获取下载码

    微信小程序阅读

    BookChat 微信小程序阅读
    您与他人的薪资差距,只差一个随时随地学习的小程序

    书签列表

      阅读记录

      阅读进度: 0.00% ( 0/0 ) 重置阅读进度