- Npm audit
As a node js developer, It is very common to pull from npm repository, and not every package is secure. A lot of packages have security vulnerabilities that might be fixed in their latest version or not. You can run npm audit to scan your project’s dependencies for known security issues. A report will be generated to give you information about the vulnerability and on which version the vulnerabilities are fixed. In addition, it also has a URL that you can visit to learn more.
- Importing global modules
It is safe to import global modules like buffer even if it is available globally because it can help to adhere to node js changes in the coming releases. In node js official API documentation for the buffer, it clearly suggested that to explicitly refer the Buffer module via require or import even though it is available within the global scope.
3. Changing the thread pool size
Even though Node JS has a single-thread architecture where it processes requests in a single thread it uses another thread pool to do IO/Network operations. When a request is received if it needs IO operations like reading from a database/file the event loop picks one thread and assigns it. This is what makes node js fast and non-blocking.
By default, the thread pool size is 4 handling 4 IO operations at a time. You can increase the thread pool size to handle more IO operations, resulting fast response time.
4. Using helmet
One of the most common ways to secure applications is by adding a security header to configure security defense in a web browser. Helmet is an npm package that helps you secure your Express apps by setting various HTTP headers such as Content-Security-Policy, Strict-Transport-Security, X-Frame-Options protecting your API from different kinds of attacks such as XSS, man in the middle, and clickjacking attacks.
The package can easily be added as a middleware you can explicitly choose the headers you want to add or add all headers provided by the package.
5. Node watch
Node js releases node –watch in version 18.11.0 making it possible to track change and restart without using an additional library.
6. Node repl
Node. js Read-Eval-Print-Loop (REPL) is a command line tool used for reading and processing node js expressions. It is a great way to understand node js better you can see function implementations, and global objects and play around to get comfortable with node.
In the image below I first opened the repl by writing node and enter then I wrote fs.open.toString() to see the fs open function implementation.
7. Using npm async
Async is a utility module that provides powerful functions for working with asynchronous JavaScript. Async provides around 70 functions including some common patterns for asynchronous control flow such as parallel, series, and waterfall.
In the above image async.map accepts an array of inputs (files here) and calls fs.stat on each file and returns an array of results returned by each call. This is as simple as I could explain it, it has a lot of functionalities you can refer to their documentation for more.
— — — — — — — — — — — — — — — — — —
Working on creating an advanced node js course currently.
- Improving performance
- Security
- Node js behind the scene
- Scaling
- Architecture
- Deploying node js apps
Follow me on linked in and get the full course I will release soon.