Skip to content

NodeJS Code Review Checklist


Sr No.CheckDescription
1sync and npm-check to automate the task of identifying insecure and outdated components.
2Using Async-Await or promises for async error handling
3Is there a separation between operational vs programmer errorsOperational - (e.g. API received an invalid input)
Programmer - (e.g. trying to read undefined variable)
4Are errors handled centrally? Instead of middlewares
5Removing unwanted dependencies which are not being used in the project.
6All the commonly used functions should be in utils file of helper folder.
7Avoid using var, and promote use of let and const.
8Make sure that sensitive data are saved on .env files and are used from that on projects.
9Input validationCheck for correct input
10Use of HELMET package middleware to avoid common security issues in the app
11Error messages should be generic.
12Using bcrpyt module for storing passwords securely
13Using and configuring PM2 so that if any failure occur it get restarted automatically
14Always enable monitoring and logging for the node app in case where we want to debug the application on failure
15Rate limiting the end points.
16Try to make the code more functional. (Use of modular styling of code)
17DB connections & file operation like streaming should be properly closed.
18If using multiple DB queries/calls within a block of code which are independent of each other then they can be wrapped in Promise.all
19Proper commenting should be followed for each and every API
20Make sure DB queries uses indexes for maximize performance.
21Before using any third party packages make sure it is frequently updated and developer support is also there.
22Code indentation by using Prettier or Beautify.
23Schedule a good backup strategy for your production DB in any chance of failure
24While using $unwind stage make sure to enable option preserveNullAndEmptyArrays so that any document with empty array doesn’t get skip.
25Use explain stage while writing big queries to see how well the query is performing
26Use of $match, $limit & $skip can filter out most of the documents if used on a early pipeline stage.For detailed aggregation pipeline optimization, you can refer here.