I’ve been doing Node.js professionally for roughly 2 years. During that time, I’ve learnt a thing or two that keeps me away from troubles.
Use Promise instead of callback
ES6 gets native Promise already but if you prefer something more convenient that 3rd-party libraries offer, pick something like
bluebird (it’s really really fast). Stay away from
Q. I mean, just look at this.
Do not trust developer’s semver practice
npm shrinkwrap instead
This command locks down the versions of a package's dependencies so that you can control exactly which versions of each dependency will be used when your package is installed.
Personally, i would prefer
npm support something like
--save-exact flag. That would be awesome.
Choosing the right dependency
You already have enough bug fixing jobs on your plate. Don’t import more from others'. There are several things that go into consideration when i need to install an extra package:
statistic on npm/github: popular is good
check if the project is active: last commit, etc..
check if the issues get resolved timely.
check unit testing is well covered?
check its dependencies: cover all things above. Personally, I wouldn’t want to use anything that depends on
Q. It shows the author didn’t do the homework quite well, or at the very least, didn’t keep the package up to date with current situation in Node.js eco.
Respect the code convention. The ultimate goal is having code written by different developers, looks as if they were written by the same person.