Start of main content

Node.js: Less complexity, more reliability

Day 3


You don't know the capabilities of Node.js platform well, its built-in API and machinery. You do use frameworks instead, libraries and external dependencies, which are much worse and weak. Does it look like you? Let's look at fs, v8, vm, child_process, worker_threads, async_hooks, crypto, undici, etc. and forget about axios, express, lodash, async.js, bcrypt, argon2, mkdirp, bluebird,, etc.

You don't think about security and reliability, so let's find out about request routing without ReDOS vulnerabilities and path traversal, isolation of execution contexts from each other. Let's review XSS, SQL injection, CSRF, etc. and talk about error handling on callbacks, promises that you often ignore, memory leaks, race conditions, deadlocks that you can easily reach even with a single-threaded JavaScript. You should not fight them by restarting the process, better try to fix the problem.

You use architectural and structural anti-patterns imposed on you like middleware, global state, mixing abstraction layers, Law of Demeter violation and no DDD principles applied. Don't allow req and res to be accessible from the domain code and database access layer, remember about GRASP and SOLID, use GoF and clean architecture.

Let's write framework agnostic code, don't rely on frameworks and dependencies, rely on Node.js.

  • #nodejs