×
思维导图备注
Node.js Best Practices
首页
白天
夜间
小程序
阅读
书签
我的书签
添加书签
移除书签
7. Draft: Performance Best Practices
来源:goldbergyoni
浏览
391
扫码
分享
2021-01-03 13:52:14
7.1. Don’t block the event loop
7.2. Prefer native JS methods over user-land utils like Lodash
当前内容版权归
goldbergyoni
或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问
goldbergyoni
.
上一篇:
下一篇:
Node.js Best Practices
1. Project Structure Practices
1.1 Structure your solution by components
1.2 Layer your components, keep the web layer within its boundaries
1.3 Wrap common utilities as npm packages
1.4 Separate Express ‘app’ and ‘server’
1.5 Use environment aware, secure and hierarchical config
2. Error Handling Practices
2.1 Use Async-Await or promises for async error handling
2.2 Use only the built-in Error object
2.3 Distinguish operational vs programmer errors
2.4 Handle errors centrally, not within a middleware
2.5 Document API errors using Swagger or GraphQL
2.6 Exit the process gracefully when a stranger comes to town
2.7 Use a mature logger to increase error visibility
2.8 Test error flows using your favorite test framework
2.9 Discover errors and downtime using APM products
2.10 Catch unhandled promise rejections
2.11 Fail fast, validate arguments using a dedicated library
2.12 Always await promises before returning to avoid a partial stacktrace
3. Code Style Practices
3.1 Use ESLint
4. Testing And Overall Quality Practices
4.2 Include 3 parts in each test name
4.3 Structure tests by the AAA pattern
4.5 Avoid global test fixtures and seeds, add data per-test
4.11 Refactor regularly using static analysis tools
4.12 Carefully choose your CI platform (Jenkins vs CircleCI vs Travis vs Rest of the world)
4.13 Test your middlewares in isolation
5. Going To Production Practices
5.1. Monitoring
5.2. Increase transparency using smart logging
5.3. Delegate anything possible (e.g. gzip, SSL) to a reverse proxy
5.4. Lock dependencies
5.5. Guard process uptime using the right tool
5.6. Utilize all CPU cores
5.7. Create a ‘maintenance endpoint’
5.8. Discover errors and downtime using APM products
5.9. Make your code production-ready
5.10. Measure and guard the memory usage
5.11. Get your frontend assets out of Node
5.12. Be stateless, kill your servers almost every day
5.13. Use tools that automatically detect vulnerabilities
5.14. Assign a transaction id to each log statement
5.15. Set NODE_ENV=production
5.17. Use an LTS release of Node.js
5.18. Don’t route logs within the app
5.19. Install your packages with npm ci
6. Security Best Practices
6.1. Embrace linter security rules
6.2. Limit concurrent requests using a middleware
6.3 Extract secrets from config files or use packages to encrypt them
6.4. Prevent query injection vulnerabilities with ORM/ODM libraries
6.5. Collection of generic security best practices
6.6. Adjust the HTTP response headers for enhanced security
6.7. Constantly and automatically inspect for vulnerable dependencies
6.8. Protect Users’ Passwords/Secrets using brypt or scrypt
6.9. Escape HTML, JS and CSS output
6.10. Validate incoming JSON schemas
6.11. Support blacklisting JWTs
6.12. Prevent brute-force attacks against authorization
6.13. Run Node.js as non-root user
6.14. Limit payload size using a reverse-proxy or a middleware
6.15. Avoid JavaScript eval statements
6.16. Prevent evil RegEx from overloading your single thread execution
6.17. Avoid module loading using a variable
6.18. Run unsafe code in a sandbox
6.19. Take extra care when working with child processes
6.20. Hide error details from clients
6.22. Modify session middleware settings
6.24. Prevent unsafe redirects
6.25. Avoid publishing secrets to the npm registry
7. Draft: Performance Best Practices
7.1. Don’t block the event loop
7.2. Prefer native JS methods over user-land utils like Lodash
8. Docker Best Practices
8.1 Use multi-stage builds for leaner and more secure Docker images
8.2. Bootstrap using ‘node’ command, avoid npm start
8.3. Let the Docker runtime handle replication and uptime
8.4. Use .dockerignore to prevent leaking secrets
8.5. Clean-up dependencies before production
8.6. Shutdown smartly and gracefully
8.7. Set memory limits using both Docker and v8
8.8. Plan for efficient caching
8.9. Use explicit image reference, avoid latest tag
8.10. Prefer smaller Docker base images
8.11. Clean-out build-time secrets, avoid secrets in args
8.12. Scan images for multi layers of vulnerabilities
8.13 Clean NODE_MODULE cache
8.14. Generic Docker practices
8.15. Lint your Dockerfile
暂无相关搜索结果!
本文档使用
BookStack
构建
×
分享,让知识传承更久远
×
文章二维码
手机扫一扫,轻松掌上读
×
文档下载
普通下载
下载码下载(免登录无限下载)
你与大神的距离,只差一个APP
请下载您需要的格式的文档,随时随地,享受汲取知识的乐趣!
PDF
文档
EPUB
文档
MOBI
文档
温馨提示
每天每在网站阅读学习一分钟时长可下载一本电子书,每天连续签到可增加阅读时长
下载码方式下载:免费、免登录、无限制。
免费获取下载码
下载码
文档格式
PDF
EPUB
MOBI
码上下载
×
微信小程序阅读
您与他人的薪资差距,只差一个随时随地学习的小程序
×
书签列表
×
阅读记录
阅读进度:
0.00%
(
0/0
)
重置阅读进度