Enterprise-Grade Node.js: Part 1
When it comes to enterprise-grade applications, you have to change your approach towards node.js. It takes more than installing a few npm modules on top of express. From dependencies to security, to scaleability, there is a lot to think about.
And these should be considered with any application or system regardless of its size.
Who Is Using Node
Netflix, PayPal, Uber, Medium, LinkedIn.
NASA. They created “a micro-services architecture with separate APIs and applications built in Node.js to move data related to the EVA spacesuits from three separate legacy databases to a cloud database. Now users can query that one database for everything, reducing the time to access a comprehensive set of data by about 300 percent.”
Now, that is a critical system.
Basic Architecture
The foundation of an enterprise app has to be rock solid with minimal dependencies — you build your business on top of it. If you read the success stories of the above companies, you will not find a case where they say: “we build on express.js and passport.js”.
Industry standards. For your critical operations choose industry standard, supported, proven solutions, if open-source, then make sure it is maintained and there is an active community behind it.
Keep your API REST. Like proper REST. REST is a proven and very powerful design, and every good developer is familiar with it and can integrate your API. You can still optimise and customise it, while keeping it REST.
Service Oriented Architecture (SOA) is very powerful.
No workarounds, no hacks, no exceptions.
Automate.
Scaleability And Performance
You should always keep the full-scale system and the estimated number of concurrent users in mind when coding. An un-optimised database query has no real affect on your local development servers, but with 10.000 concurrent users, it can be a major performance issue and can cost your company a lot of money in infrastructure costs.
Design your application to be scaleable, use a clustered, distributed development system right from the start.
Caching is super-important. Redis is an amazing system, which, if used correctly, can give you crazy fast response times.
Profile your app frequently, make automated load tests and identify the bottlenecks in the code.
Security
Code Quality
I believe, this is the most underrated part of software development.
It is a great challenge to keep the code clean in a larger team, especially with developers coming and going. People have different coding styles, different skills, and performance. Some of them are passionate about documentation, others do not care at all.
You all know the result of years of rushed, uncontrolled development by a team with high fluctuation rates: out-of-date, undocumented, spaghetti code, that no-one wants to touch.
Set a coding style guide and use ESLint to enforce it. In our projects, the automated builds fail, if there are syntax or style errors in the code. Usually, devs hate the guidelines in the first few weeks (and with a reason, it can be hard to get used to rules, that seem nonsense at first, e.g. 80 characters per line? — yes), but then they realise how much easier is it to work with the code someone else wrote.
Make documentation mandatory. Writing documentation should be a part of the effort estimation and it is as important as the delivered code. Code without proper documentation should not be accepted. (Honestly, how many times have you heard developers making jokes like, “yeah, we have no documentation” or “hehe, it’s all legacy, no-one knows how it works”?)
Apidocs for API documentaion, jsdocs for code reference and mkdocs for concept/programming guides are very useful tools.
Code reviews — and approvals, if needed. A senior developer or software architect should review every single commit going into the development branch and make sure the code adheres to every quality requirements. It might even be necessary to restrict pushes to this branch and have developers create pull requests for every feature. If there is a problem with the code, it should be rejected.
In part 2, we have a look at the two greatest topics: dependencies and automation.
