By Yoni Goldberg

Translator: UC International R&D Jothy

Write in the front: welcome to the “UC International technology” public number, we will provide you with client, server, algorithm, test, data, front-end and other related high-quality technical articles, not limited to original and translation.

Editor’s note: The author provides 19 methods, most of which are followed by examples. If you’re interested in these examples, check out the original English text and visit the links in the examples.

Introduction to the

I’ve put together 19 skills and topics that could be valuable in 2019. Please don’t embarrass me – LIKE most developers, I can’t be familiar with every topic. These are just the exciting things I’m looking at, and the horizons of JavaScript are endless.

My name is Yoni Goldberg, I’m an independent Node.js consultant and co-author of Node.JS Best Practices. I worked with clients in the US, Europe, and Israel on their Node.js applications. My services include code, application and architecture reviews, testing and CI, advanced training courses, and other services. You can focus on my twitter (https://twitter.com/goldbergyoni).

1. Use type and schema. TypeScript is a great choice for 2019

It turns out that untyped coding is counterproductive and error-prone (see research). This doesn’t mean that you have to always use a strictly typed syntax, but you can choose the level of schematic code you want by validating your entities/models using JSON Schema (or Joi). Annotate native JS with static typing (see Facebook Flow) or persist with strongly typed syntax such as TypeScript. The latter gained significant momentum in 2018 and seems to have become the consensus in the Node space. If you plan to use TypeScript, ask yourself if your usage goes beyond Typing functionality, or using interfaces and abstract classes will take you into an example you’ve never tried before.

Reference links:

  • The address: http://ttendency.cs.ucl.ac.uk/projects/type_study/documents/type_study.pdf

  • JSON modes: https://www.npmjs.com/package/jsonschema

  • Joi:https://www.npmjs.com/package/joi

  • Facebook Flow:https://github.com/facebook/flow

Example:

  • Using JSON Schema of the explicit model architecture: https://www.npmjs.com/package/jsonschema

  • Use Facebook native JS:https://github.com/facebook/flow Flow static input

  • Using TypeScript:https://www.typescriptlang.org/ Typed grammar

You can see your eyes clearly

Linters are a free lunch, with a 5-minute setup you can get a free autopilot to protect your code and monitor the findings of major problems as you type. Long gone are the days when linting was associated with cosmetics (no semicolon!). . Today, Linters can catch serious problems such as errors being thrown incorrectly, missing messages, promises never resolve, and other pain points you never want to see in code.

Example:

  • Eslint-plugin-chai-expect can find tests without assertions

  • Eslint-plugin-promise finds unresolved promises (your code will never continue)

  • Eslint-plugin-security can discover regular expressions that can be used for DOS attacks

3. More Java, less Ruby – Deepen your architecture knowledge

There is very little knowledge of the architecture and design of the Node.js ecosystem. Everyone is talking about microservices, but only about the internals. Most of the applications and examples are MVC concepts and other questionable patterns in Ruby. What’s wrong with that? For example, MVC is built for service content and is an impressive technique for building a robust back end (Uncle Bob: “MVC is a delivery mechanism, not an application architecture”). Can you really describe the entire business logic, rules, data access, communication with the controller and other microservices in the model? For additional design issues and possible remedies, see the following examples.

I definitely don’t recommend heavy Java/Spring patterns (we’re in the Node space for a reason, aren’t we? :), just pick some ideas that offer great value without sacrificing app simplicity.

Example:

  • Have you read part 1 of my Node.js Best Practices – Architecture?

  • To avoid disrupting your business logic with Express objects, read about domain-driven design (see a shortened version of this novel book) and the Hexagonal architecture

  • Mixing logic and data access code in one class (the Active Record pattern – popular among developers using Mongoose and Sequelize) can easily lead to bloat objects that are harder to test. Consider using the data mapper pattern.

  • Take a look at the excellent Node.js boilerplate code that implements domain-driven design and clean architecture

4. Plan how to leverage asynchronous hooks for better tracing and context

The single-threaded model has one major drawback – requests lose context: variables are not retained throughout their lifetime as they flow through multiple files and perform asynchronous operations. Why is this painful? For example, developers often want to include unique identifiers in each log so that all logs for the same request can later be associated — not so easy in 2018. 2019 brings new highlights, including asynchronous hooks (not new but soon to be out of experimental mode). Simply put, this is a mechanism for injecting custom code at the start and end of an asynchronous operation. Because of this, you can associate all the code for the same request and keep the context. This sets the stage for many custom packages that take Node’s tracing and context capabilities to the next level.

Example:

  • Cls-hooked allows variables and context to be shared throughout the request lifecycle

  • The Jaeger client visualizes the flow of requests throughout the system, even microservices and servers (part of the open tracking standard, which requires dedicated servers to record all activity)

  • Learn about asynchronous hook opportunities and how to code them. The @ guysegev put forward

5. Learn about the latest Serverless features: It’s ready for battle in the powerful infrastructure space (Kubernetes killer?)

Note: The terms FaaS and Serverless are used interchangeably here, although they are not exactly the same. In fact, I’m referring to cloud vendor FaaS services such as Lambda and Google Functions.

Initially, FaaS was used to develop microtasks, not powerful “microservice” applications. As their popularity grew, the appetite of cloud providers grew, and new features soon emerged. FaaS popped up in 2019, and it seems like a powerful application infrastructure. Can it now compete with Kubernetes and offer large applications? Some people think Serverless and Faas are orthogonal technologies, but the reality is that every new cloud application in 2019 will have to choose one of three (in fact, every cloud vendor UI will display this choice) : (1) bare-metal instances such as EC2 or GCP computing (2) Kubernetes or (3) FaaS. As a result, being able to compare K8S to FaaS/Serverless and inform the consequences became a mandatory design skill.

Note: The following examples are for convenience only with respect to AWS.

Example:

  • The AWS Lambda SAM tool allows you to define and run FaaS locally

  • AWS Lambda now supports grayscale deployment!

  • AWS Lambda layer allows reuse of logic across multiple FaaS (domain/business logic layer that emulates typical microservices)

6. Learn about the latest JavaScript features to be supported

I’m not a big fan of chasing every new feature in every language, and sometimes these shiny toys violate the simplicity of the code. Some very valuable Javascript features come up from time to time (such as the introduction of async/await two years ago), so check out the TC39 proposal and Node.Green to find attractive new features that suit your coding style.

Example:

  • The Class layer fields are in phase 3 (the final phase) and are likely to be supported in 2019

  • BigInt is in phase 3 (final phase) and may be helpful when interacting with other microservices, machines, or data warehouses that generate huge numbers

  • Asynchronous iterators (Matt Krick) and † Promise – are finally supported and worth a try if you haven’t used them before

7. Familiar with at least one API technology. GraphQL is a great choice for 2019

The REST-style API is a good fit for what it was built for: good control over the modification and query of entities. Do you have a financial record system? You may want to design very strict endpoints, that is, a single explicit data model. However, there are other very common use cases where the REST style really falls short, such as performing similar queries that may return different data sets, low-bandwidth networks deciding to minimize API load, and an emphasis on fast machine-to-machine communication, to name just a few. Should you change it? Absolutely not. Just mixing it up. Apis are not your architecture, they are just a port (i.e. entry point) for your application, and multiple API styles can easily coexist, even on top of a single Web framework like Express.

So which one? Your best bet is probably GraphQL, which goes straight to the mainstream. Its ecosystem is mature enough to provide very popular use cases such as dynamic search and layered data sources. Grpc, on the other hand, is still a niche technology for server-to-server communication cases where you can get minimal overhead (e.g., pub-sub/message queuing systems).

Example:

  • Contrast learning is great – REST vs Graph vs GRPC

  • Browse the GraphQL, Node&Express tutorials

  • Watch a short YouTube (11 minutes) – What is GraphQL?

8. Go beyond unit and integration testing – Enrich your test portfolio with new testing techniques

Are you familiar with test pyramids, units, integration, and end-to-end testing? Great, these are the foundations of a successful testing strategy. However, in the last 10 years, the development world has undergone huge changes, but the test model has remained the same, and we are curious about how to test things like microservices, rich front-end, and Serverless. Some modern technologies complement and sometimes even replace the traditional stack for a more streamlined testing strategy with better ROI.

Example:

  • Consumer-driven contracts can prevent problems between microservices or between you and API consumers

  • Snapshot tests can be used not only for the UI, but also to prevent API regression

  • Component testing is a balanced approach to microservice testing

  • Check out my YouTube video Beyond Unit Tests: 5 Shiny Node.js Test Types (2018)

Video: Yoni Goldberg’s 5 Glitter test techniques

Align your monitoring with SRE/DevOps best practices

In 2019, even a medium-sized application is likely to consist of dozens of physically moving parts, and should be very cautious about standing above this “big orchestra.” However, most developers don’t take the time to learn the monitoring and alerting course, which is more than happy to be taught. For example, developers often prioritize and focus on internal hardware metrics, such as CPU and memory, rather than starting with metrics that directly affect the end user, such as error rates or delays (” I call this symptom-based monitoring, “from ‘My Philosophy of Warning’). Those customer-facing metrics are also known as “gold signals,” and in 2019, you may want to start with that and adopt similar best practices.

Example:

  • Learn the 4 monitoring ‘gold signals’

  • Read Google Site Reliability Engineering, or at least the section on monitoring

  • The request-Stats package may help you extract these customer-facing metrics to share with your monitoring system

10. Think like an attacker: Increase your security level by learning attack tools and techniques

If you can’t think like an attacker, you can’t think like a defender. In 2019, you shouldn’t outsource your defense to third parties or rely solely on static security scanners: The number of various attacks is overwhelming (development pipelines and NPM are the latest trends), and the rate of application changes is unmanageable – two days after conducting the security workshop, the team can add several new AWS services, database types, and new IAM roles…… As a result, hidden developers become the biggest threat, and educating them seems to be the ultimate remedy. You have to embed safety DNA into yourself and your team and do everything carefully.

Once you start doing that, it turns out it’s not so scary. Simply familiarize yourself with common attack types and tools, map the application architecture and process, and think about how to attack it. Slowly and unknowingly, you’ll start thinking about security in every design decision and every line of code.

Example:

  • Try OWASP ZAP – a rich evaluation and penetration tool that allows even novices to explore the application’s security levels

  • Read my Node.js security best practices list, which contains more than 23 attack ideas, including JavaScript code examples

  • Conduct monthly threat analysis meetings and have your team try to look at the application design and propose attacks. Sound boring? Not necessarily, if you gamify it, reward members for finding bugs, or create two competing groups, one for designing modules, one for finding bugs

11. Develop a package update policy. Lesson learned in 2018: Early updates are dangerous

Teams typically have two NPM /Yarn package update strategies :(1) update as soon as possible, even using an automated process, and (2) there is no update strategy at all, sometimes updating based on word of mouth. While the first approach seemed superior, it was surprisingly the most dangerous approach in 2018: all malicious packages such as advection, waiting states, and unpleasant updates discovered by the community within 40 days were saved. Consider using an automated tool to format the update policy and find the location between “not updating at all” and “updating in progress.”

Example:

  • Liran Tal’s NPQ is a great installer for consulting packages, and it also focuses on release dates

  • As soon as the package is updated, commercial tools such as GreenKeeper will be updated immediately. But no one can pause until the release is safe

12. Perform step-by-step installation, distinguishing between deployment and release phases

In 2019, you may find it useful to implement more secure deployments that are not a one-time deal. On the more secure side, granular deployment (A.K.A canary) is recommended in three phases :(1) deployment – sending new code to a new production area in isolation (for example, a new Kubernetes service or machine instance). At this stage, it service for anyone, so don’t afraid of (2) test – now very few people can in the real production environment to develop and test new code (3) release – gradually allow more users to a new release (for example, the entire east coast), when you have enough confidence, you can out of the old version.

One caveat: A full grayscale deployment in 2019 is still very expensive because it requires coordination of many infrastructure components, such as routing and monitoring. Therefore, consider starting with a simple and semi-manual grayscale deployment (for example, manually starting more new version machines based on monitoring metrics)

Example:

  • Learn more about grayscale versions

  • If you’re willing to go all the way to grayscale deployment, Spinnaker is a powerful deployment platform

13. Kubernetes ate the world

Kubernetes (K8S), an infrastructure that seamlessly provides application components for networking, scale-out, deployment, and other backbone services, is now almost the de facto standard for hosting applications. Its popularity is amazing: it has an unmatched extended echo system supported by all cloud providers, even though 54% of enterprises already own at least one K8S cluster. If you’re a beginner, this link provides a good hands-on overview. Have you completed the first step of your K8S? Make sure you are familiar with Istio, K-Native, Kuberenes work, internal overview, network policy, Helm, Scaffold. The bottom line: any time you spend improving your K8S skills will be rewarded.

14. Blockchain technology offers some great opportunities

In addition to Bitcoin and encryption functions, blockchain can also be used in any distributed system to process transactions.

15. Acquire reliable machine learning skills, or at least be able to articulate them intelligently

I can’t say much about it, but it’s probably the dominant trend of our time. Unfortunately, I know nothing about machine libraries, and my goal for 2019 is to at least be able to talk about it intelligently and figure out the chances of winning quickly (for example, JS libraries like TensorFlow.js and brain.js can provide some help without a strong infrastructure)

16. Browse the code for the selected open source library

Be aware that using the same technology for a long time on the same project may limit your vision or miss out on many alternatives. Always try to investigate other projects, mainly successful open source projects.

17. Deepen your understanding of the Linux operating system, focusing on the anatomy of Linux processes

Understanding Linux processes will give you a real competitive advantage as it affects many development tasks such as monitoring, protecting processes (e.g. restarting), gracefully shutting down using Docker, and many other tasks. Try to understand the lifecycle of processes, signals, permission models, common commands, process types, and so on. This tutorial covers most of the basics.

18. Get into the inner workings of Node.js

I really like this quote from Ryan Dahl (creator of Node.js V0,1) : “You can never understand everything. However, you should allow yourself to understand the system. A deep understanding of the underlying machine can be valuable when dealing with production problems or when designing some infrastructure component, such as monitoring event loop performance. You’re probably already familiar with the core building blocks of V8 and Libuv. Wouldn’t 2019 be a great time to go down the Rabbit-hole of Node.js? For example, what exactly happens within each libuV event cycle? Or how to interact with operating system IO (such as the active handle)?

Example:

  • Understand what happens in each event cycle, proposed by Deepal Jayasekara

  • Learn how to package C/C++ code as an NPM module, proposed by Konstantin Tarkus

  • Visit this in-depth article by Eugene Obrezkov covering the entire inside of Node.js

End: Learn to use the scientific method

What you learn and internalize will shape your future career. However, many developers have neither a learning strategy nor the knowledge of how to use scientific methods to learn effectively. Suppose there’s a meeting on “avoiding JavaScript type errors” and the VP asks to continue using native JavaScript without refactoring the entire code base (without using TypeScript……) “All of a sudden your colleague suggests using the Facebook process and everyone in the room loves it! You suddenly remember that you’ve read it before, but it’s never been internalized into your just, it’s just slipped through your mind. Why is that? Apparently, there’s a phenomenon called the competitive illusion that explains why we forget these things: You might spend an hour reading a blog post, but you’re fooling yourself into forgetting it in a few days! Studies show that if you try to talk about it with someone later, or read the abstract again the next day, you can greatly improve your chances of remembering the concept. There are a variety of other techniques that can help you remember and acquire the right information at the right time (see examples below), and spending a few hours learning how to learn can go a long way in your career!

Example:

  • Enroll in the awesome course Learning How to Learn

  • Block and categorize your learning

  • What about learning new skills? Compare it to an existing thing you’re familiar with, talk about it with your teammates, ask yourself the “what’s the use” question – why you need it, chart it, re-read the abstract, help your brain internalize and categorize it so you’ll be able to pick it up in important situations!

English original text:

https://medium.com/@me_37286/19-ways-to-become-a-better-node-js-developer-in-2019-ffd3a8fbfe38

Good article recommendation:

What do you think about the node.js foundation and the JS Foundation merging?

UC Technology International is committed to sharing high quality technical articles with you

Welcome to follow our official account and share the article with your friends