Derek Fong
May 14 · 1 min read

Quoting Denny Trebbin’s response from

1. Reproducible builds. “Compile” your project, hash the build file, repeat the procedure on at least another machine and compare the hashes with each other. Now you are either sure your machine isn’t under the control of an remote hacker who has injected bad code into the bundle or you now know the remote hacker controls the other build machines as well. Mix operating systems if possible to keep the bad guys out of your build process.

2. Harmonize environments. Not all computers which execute your code share the same configuration. Better be safe then sorry. Define a minimum Node.js version and auto include all the polyfills and shims necessary to protect your sleep cycle. I prefer

3. Optimizations. Remove comments, dead-code, uglify, minify, etc. The faster Node can load and parse your production build artifact, the less nail biting it is to recover from crashes or upgrade to new artifact builds. Less down time, more relaxing.

4. Code analysis. Flow, ESLint, Snyk, etc. This step is not exclusive to back end code bundling.

5. Testing. Jest Snapshot testing is a fantastic tool, not just for React apps.

    Derek Fong

    Written by

    Web Developer • Angular • React • NativeScript • GraphQL