This document outlines best practices and tools for JavaScript development, including initializing projects with npm, managing dependencies through package managers, and employing proper coding styles. It covers async programming techniques, testing methodologies, documentation practices, and strategies for scaling applications using Docker. Additionally, it highlights the importance of performance measurement and security precautions in web development.

2. Basti
• Sebastian Springer
• from München
• work @MaibornWolff
• https://github.com/sspringer82
• @basti_springer
• sebastian.springer@maibornwolff.de
• JavaScript Developer

5. That’s what most people
think of JavaScript
Dieter Schütz / pixelio.de

6. Your way
Start your project
Tools
Best Practices
Development Process
Jetti Kuhlemann / pixelio.de

7. 10

10. How to start a
project?
Albrecht E. Arnold / pixelio.de

11. First steps
npm init
NPM Scripts
“private”: true;
README.md
.gitignore

12. package.json
npm init helps you create an initial version of a package.json file

13. First steps
npm init
NPM Scripts
“private”: true;
README.md
.gitignore

14. NPM Scripts
Short helper scripts for your application.
start: how to start your application
test: run your tests
…
Your own scripts
build: …
npm run build

15. NPM Scripts

16. First steps
npm init
NPM Scripts
“private”: true;
README.md
.gitignore

17. private
set
“private”: true
in your package.json
Prevents you to accidentally publish your application to the npm registry.

18. First steps
npm init
NPM Scripts
“private”: true;
README.md
.gitignore

19. README.md
Document the following:
- how to set up the application
- how to contribute
- Known Issues

20. First steps
npm init
NPM Scripts
“private”: true;
README.md
.gitignore

21. .gitignore
Usually you ignore node_modules and do not commit them into your repo.

22. Use a proxy registry

23. Tools
Rainer Sturm / pixelio.de

24. NVM
The Node Version Manager makes it possible to have more than one Version of Node
Installed on your System.
Alternatives for Windows users:
- nvm-windows
- nodist

25. Nodemon
How Node works with your code:
1. Read source code
2. Process source code
3. Run and optimize
For every change in source code you need to restart your process

26. Nodemon
Nodemon watches your filesystem and restarts your process.
DO NEVER EVER USE IT IN PRODUCTION
Why not?
It clears the memory of your Application

27. Nodemon

28. Debugger
console.log is not a proper debugger

29. Debugger
How to debug in the frontend

30. Debug
chrome://inspect

31. IDE Debugging

32. Libraries
Andreas Hermsdorf / pixelio.de

33. Package Managers

34. Why yarn?
Facebook learned from the mistakes of NPM
- Ultra fast
- Mega secure
- Super Reliable
NPM learned from yarn

35. NPM

36. Quality of a library?
There is no quality gate in NPM
So take a look at the numbers
NPM GitHub

37. TypeScript

38. TypeScript
Developed by Microsoft
Supported by Google
npm install -g typescript
tsc index.ts

39. TypeScript
TS JSTSC
TypeScript is a transpiler

40. TypeScript

41. 3rd party libraries in TS

42. Code Styles
twinlili / pixelio.de

43. No more discussions
christiaaane / pixelio.de

44. Code Style
Your source code should follow a certain ruleset.
No matter who wrote it, why or when it was written.

45. Code Style
https://github.com/airbnb/javascript
https://google.github.io/styleguide/jsguide.html
https://github.com/standard/standard

46. Codestyle
Topic
Do/Don’t
Rule
Explanation
Examples

47. Linters
jslint
jshint
eslint tslint
https://www.jslint.com/
http://jshint.com/
https://palantir.github.io/tslint/
https://eslint.org/
It will hurt your feelings!
https://github.com/douglascrockford

48. Linters

49. Prettier
an opinionated code formatter

50. Prettier
- supports different code styles
- editor integration
- configurable

51. Async
Kurt Michel / pixelio.de

52. Async
In order to support nonblocking I/O you need to go async.

53. Async - Callbacks
Disadvantages: nested async oprations get messy
fs.readFile('input.csv', 'utf-8', (err, data) => {
if (err) {
console.error(err);
} else {
console.log(data);
}
});

54. Async - Promises
https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Promise
Advantages:
- async flow control
- better nesting
Disadvantages:
- even more callbacks

55. Async - Promises
function promisedRead(file) {
return new Promise((resolve, reject) => {
fs.readFile(file, 'utf-8', (err, data) => {
if (err) {
reject(err);
} else {
resolve(data);
}
});
});
}
promisedRead('input.csv').then((data) => {
console.log(data);
}).catch((e) => {
console.error(e);
});

56. Async - async/await
Makes use of Promises but provides a cleaned up interface

57. Async - async/await
function promisedRead(file) {
return new Promise((resolve, reject) => {});
}
(async () => {
try {
const data = await promisedRead('input.csv');
console.log(data);
} catch (e) {
console.error(e);
}
})();

58. Async - Streams

59. APIs
R. B. / pixelio.de

60. REST

61. GraphQL Interface
GraphQL
By Facebook [BSD (http://opensource.org/licenses/bsd-license.php)], via Wikimedia Commons
Your Application
Client
Request/Response

62. GraphQL
npm install graphql
1. Build a schema
2. Write resolvers
3. Write queries

63. Tests
Dieter Schütz / pixelio.de

64. We don’t have time for tests.

65. Unit tests
- Cover single functions
- Run fast
- Don’t have external dependencies

66. Unit tests
describe('read', () => {
beforeEach(() => {
csvDb = new CsvDb(file.read, columns);
});
it('should read the contents of the file', async () => {
const data = await csvDb.getFileContent();
expect(data).to.equal(‘1;admin;***;n2;user;***;’);
});
});

67. Unit tests
Mockery
Test frameworks
Helper libraries

68. Integration tests
Supertest
describe('GET /user', function() {
it('respond with json', function(done) {
request(app)
.get('/user')
.set('Accept', 'application/json')
.expect('Content-Type', /json/)
.expect(200, done);
});
});

69. Documentation
Lisa Spreckelmeyer / pixelio.de

70. I don’t need any documentation, my code is self documenting

71. Documentation
http://usejsdoc.org/
At least document your public API

72. Documentation

73. Continuous
Integration

74. Jenkins integration
Most of the Tools generate output that can be used in jenkins.
e.g. Mocha -> xunit Report

75. Travis CI

76. Scaling & Docker

77. Scaling
Node is singlethreaded and runs in a single process.
The good news: only your own code blocks

78. npm install -g pm2
- Cluster Mode
- Log management
- Monitoring
- …

79. Local scaling - pm2

80. Docker
Your Node application runs in a self contained container with defined interfaces to the
outside world.
Node provides images for all Versions.
All images include NPM and yarn.

81. Dockerfile
FROM node:10
# Create app directory
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
# Install app dependencies
COPY package.json /usr/src/app/
RUN npm install
# Bundle app source
COPY . /usr/src/app
EXPOSE 8080
CMD [ “npm", "start" ]

82. Docker
docker build -t basti/docker .
docker run -p 8080:8080 -d basti/docker

83. Performance
A.Dreher / pixelio.de

84. Performance
Performance Timing API for exact measurements
Process object:
- Memory usage
- CPU usage

85. Performance
Chrome Dev Tools for profiling and memory analysis

86. Security
Katharina Wieland Müller / pixelio.de

87. Security
Never trust your users.
Filter input, escape output.
Use validators: https://github.com/chriso/validator.js
Escape Database Queries

88. Security
https://nodesecurity.io/advisories

89. CONTACT
Sebastian Springer
sebastian.springer@maibornwolff.de
MaibornWolff GmbH
Theresienhöhe 13
80339 München
@basti_springer
https://github.com/sspringer82