Like any kind of apps, JavaScript apps also have to be written well.
Otherwise, we run into all kinds of issues later on.
In this article, we’ll look at some best practices we should follow when writing Node apps.
Using APM products
APM products let us discover performance issues with our apps.
It goes beyond traditional monitoring and measures the experience of users.
It can highlight the root cause of the problems in our app.
Downtimes can also be measured.
Create a Maintenance Endpoint
We can create a maintenance endpoint to show us the health of the app.
Also, we can use it for monitoring our app.
We don’t want to experiment with our app to find our data about them.
Security
There’re many obvious security-related things we should think about.
For instance, we can use VPNs to access things that shouldn’t be exposed to the public.
Also, we should secure business transactions with SSL/TLS.
SQL injection should also be avoided with stored procedures and parameterized queries.
HTTP headers and cookies that expose too much data about the internals of our system should also be avoided.
Move Frontend Assets Out of Node
Frontend assets should be moved out of our Node app since serving front end assets will bog down our app.
The single-threaded model will make this a burden.
If we serve assets from the front end, the Node thread will remain busy streaming files to users.
It won’t have much capacity to produce dynamic content.
Kill Servers Almost Every Day
Servers should be killed almost every day.
To do this, we need to use an external data store to store our app’s state.
We can’t have a local app state which we rely on.
Killing servers free up resources regularly.
Measure and Guard the Memory Usage
We should look for memory leaks in our apps.
This way, our app would free up memory for other processes.
We’ve to monitor it so that our app won’t be leaking megabytes of memory.
The max amount of memory is 1.5GB for a single Node app instance, so it’s a good idea to be efficient.
Assign Transaction ID to Each Log Statement
Logging with transaction ID lets us trace the workflow our app went through.
Because of the async nature of Node apps, this is especially important.
With th IDs, we can trace our app’s activities easier since it’s not async.
Tools that Automatically Detect Vulnerabilities
Vulnerabilities let attackers attack our app.
Security holes are fixed regularly for maintained dependencies, so we should update them often so that we can patch them.
If we see threats, we should watch for them until they’re fixed.
It’s easy to automate this with various tools like Dependabot.
Automated, Atomic and Zero-Downtime Deployments
Automated, atomic, and zero-downtime deployments are important.
This reduces risks for every deploy so we can deploy more often.
If it can be done with a click of a button, then we won’t be stressed when we’re doing it.
Atomic deployments make them easily reversible in case anything goes wrong.
We can do this easily with Docker and CI tools.
They have turned into the industry standard.
Conclusion
We can use some tools to help us with monitoring and deployment.
Also, it’s important to reduce the burden of our Node app since it’s single-threaded.
